RangerX
2013-12-02, 22:34
I am also getting a pop-up in Firefox with the URL that starts with "Jsw.jsfor.net"
The pop-up occurs when you click into any data entry field for the first time on any web page.
The infection was apparently contracted from the optional [allegedly] additional adware asked to be installed by Shark007 Windows Codecs. Despite telling the installer to skip and not install that software, it did so any way, so beware.
I ran ERUNT and the DDS apps as described. Here are the results from DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Deana at 15:15:14 on 2013-12-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.32637.27025 [GMT -6:00]
.
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Stardock\DeskScapes8\ds8srv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Stardock\DeskScapes8\DeskScapes64.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\XYplorer\XYplorer.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDockTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Show-Password: {b72fcc1f-68d9-4de6-ae10-deae949b2ff3} - C:\Program Files (x86)\Show-Password\136.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRunOnce: [shark007sfreecodecsolutions] <no file>
StartupFolder: C:\Users\Deana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Deana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\O&ODEF~1.LNK - C:\Windows\Installer\{C09F10AD-C43D-4C40-8274-6985F810C6DB}\app_icon.ico
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2D38AAEB-66D7-4F18-9A8B-D33BF51AC055} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - ExtSQL: 2013-11-28 03:28; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-28 03:33; {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
FF - ExtSQL: 2013-11-28 03:41; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2013-11-28 03:41; {D0A81AC1-3B12-4cec-AA8D-40EBDC4241EA}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{D0A81AC1-3B12-4cec-AA8D-40EBDC4241EA}.xpi
FF - ExtSQL: 2013-11-28 03:41; {64161300-e22b-11db-8314-0800200c9a66}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2013-11-28 03:41; {0545b830-f0aa-4d7e-8820-50a4629a56fe}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - ExtSQL: 2013-11-28 03:41; foxmarks@kei.com; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\foxmarks@kei.com
FF - ExtSQL: 2013-11-28 03:41; clickclean@hotcleaner.com; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\clickclean@hotcleaner.com
FF - ExtSQL: 2013-11-28 03:41; amznUWL2@amazon.com; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\amznUWL2@amazon.com.xpi
FF - ExtSQL: 2013-11-28 03:41; VacuumPlacesImproved@lultimouomo-gmail.com; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi
FF - ExtSQL: 2013-12-01 11:34; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-12-02 04:22; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-12-02 14:00; {751db90c-debb-4449-8afa-0bdc7b8e0202}; C:\Program Files (x86)\Show-Password\136.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.autoDisableScopes, 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2013-1-10 47512]
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-12-1 116000]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-31 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-31 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-21 20616]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-12-2 56208]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2013-12-1 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-12-1 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-12-1 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2013-12-1 117024]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-12-1 283200]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-12-1 3873784]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-4-24 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [2013-4-24 945152]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [2013-11-30 1639424]
R2 DeskScapes8;Stardock DeskScapes 8;C:\Program Files (x86)\Stardock\DeskScapes8\DS8Srv.exe [2013-3-8 75376]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-11-21 169432]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-11-9 71280]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-21 15125280]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2013-11-21 1639208]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-2 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-2 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-2 171416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-8-21 9735112]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-12-1 5087584]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-12-1 367200]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-11-21 496400]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-11-30 171632]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-11-21 442368]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-21 366216]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-21 786056]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-21 39200]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2013-11-21 23680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-21 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-21 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-21 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-21 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-12-02 20:39:12 -------- d-----w- C:\Program Files (x86)\MagicISO
2013-12-02 20:27:04 -------- d-----w- C:\Users\Deana\AppData\Roaming\Advanced
2013-12-02 20:16:33 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-12-02 20:16:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-12-02 20:16:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-02 20:11:50 -------- d-----w- C:\Users\Deana\AppData\Roaming\Aimersoft Video Converter Pro
2013-12-02 20:11:43 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
2013-12-02 20:11:43 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
2013-12-02 20:11:43 496640 ----a-w- C:\Windows\SysWow64\xvid.ax
2013-12-02 20:11:41 -------- d-----w- C:\Program Files (x86)\Aimersoft
2013-12-02 20:00:41 -------- d-----w- C:\Program Files (x86)\Show-Password
2013-12-02 19:57:58 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm.new
2013-12-02 19:57:43 -------- d-----w- C:\Program Files (x86)\Shark007
2013-12-02 19:56:57 -------- d-----w- C:\ProgramData\Advanced
2013-12-02 19:49:52 -------- d-----w- C:\Users\Deana\AppData\Roaming\EurekaLog
2013-12-02 19:48:58 -------- d-----w- C:\Program Files (x86)\Advanced Batch Converter
2013-12-02 19:35:40 -------- d-----w- C:\Program Files (x86)\FreeTime
2013-12-02 19:03:24 -------- d-----w- C:\ProgramData\Nalpeiron
2013-12-02 19:03:23 -------- dc-h--w- C:\ProgramData\{70E22094-D034-40C3-89F7-AA970A0C0232}
2013-12-02 19:02:45 -------- d-----w- C:\Program Files\Athentech
2013-12-02 19:02:45 -------- d-----w- C:\Program Files (x86)\Athentech
2013-12-02 18:47:44 -------- d-----w- C:\Users\Deana\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-12-02 10:36:24 -------- d-----w- C:\Users\Deana\AppData\Roaming\NVIDIA
2013-12-02 10:36:13 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-12-02 10:28:04 -------- d-----w- C:\ProgramData\ALM
2013-12-02 10:24:44 -------- d-----w- C:\Users\Deana\Adobe Flash Builder 4.6
2013-12-02 10:19:48 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2013-12-02 10:19:48 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2013-12-02 10:19:48 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2013-12-02 10:19:48 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2013-12-02 10:19:48 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-12-02 10:19:44 -------- d-----w- C:\Program Files (x86)\My Company Name
2013-12-02 09:19:07 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2B9C847-8E77-4260-9F8E-CD17406E8A1D}\offreg.dll
2013-12-02 09:09:12 -------- d-----w- C:\Program Files (x86)\NirSoft
2013-12-02 07:48:42 -------- d-----w- C:\ProgramData\Stardock
2013-12-02 07:48:16 -------- d-----w- C:\Users\Deana\AppData\Local\Stardock
2013-12-02 07:48:15 -------- d-----w- C:\Users\Deana\AppData\Roaming\Stardock
2013-12-02 07:48:11 -------- d-----w- C:\Program Files (x86)\Stardock
2013-12-02 05:19:51 -------- d-----w- C:\Users\Deana\AppData\Roaming\XnView
2013-12-02 05:19:41 -------- d-----w- C:\Program Files (x86)\XnView
2013-12-01 21:06:18 1304384 ----a-w- C:\Windows\SysWow64\VSFilter.dll
2013-12-01 17:57:44 -------- d-----w- C:\Users\Deana\AppData\Roaming\R-TT
2013-12-01 17:56:05 -------- d-----w- C:\Program Files (x86)\R-Studio
2013-12-01 17:25:53 1048576 ----a-w- C:\Windows\PE_Rom.dll
2013-12-01 16:57:02 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2013-12-01 16:57:00 1464096 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2013-12-01 16:56:59 183224 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys
2013-12-01 16:56:59 1120032 ----a-w- C:\Windows\System32\drivers\tib.sys
2013-12-01 16:56:55 161568 ----a-w- C:\Windows\System32\drivers\vididr.sys
2013-12-01 16:56:54 117024 ----a-w- C:\Windows\System32\drivers\vidsflt.sys
2013-12-01 16:56:53 269600 ----a-w- C:\Windows\System32\drivers\snapman.sys
2013-12-01 16:56:52 116000 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2013-12-01 16:48:10 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-12-01 08:25:09 118784 ------w- C:\Windows\SysWow64\MSSTDFMT.DLL
2013-12-01 08:25:09 -------- d-----w- C:\ProgramData\InstallMate
2013-12-01 08:25:09 -------- d-----w- C:\Program Files (x86)\Scirocco
2013-12-01 08:04:34 -------- d-----w- C:\Program Files\CPUID
2013-12-01 08:02:35 192512 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2013-12-01 07:58:26 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-12-01 07:58:25 -------- d-----w- C:\Users\Deana\AppData\Roaming\DAEMON Tools Pro
2013-12-01 07:58:23 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2013-12-01 07:53:57 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2013-12-01 02:25:42 21400 ----a-w- C:\Windows\SysWow64\drivers\asmtufdriver.sys
2013-12-01 02:25:42 14848 ----a-w- C:\Windows\SysWow64\drivers\AiChargerPlus.sys
2013-12-01 02:24:04 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-12-01 02:24:04 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-12-01 02:24:04 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-12-01 02:24:04 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-12-01 02:24:02 -------- d-----w- C:\ProgramData\ASUS
2013-11-29 23:21:21 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2B9C847-8E77-4260-9F8E-CD17406E8A1D}\mpengine.dll
2013-11-28 12:55:46 -------- d-----w- C:\Program Files (x86)\WinDFT
2013-11-28 10:56:23 -------- d-----w- C:\Program Files (x86)\Microsoft Small Business
2013-11-28 10:56:06 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2013-11-28 10:54:56 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$MSSMLBIZ-sqlagtctr10.1.2531.0.dll
2013-11-28 10:54:50 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$MSSMLBIZ-sqlctr10.1.2531.0.dll
2013-11-28 10:53:39 -------- d-----w- C:\Windows\SysWow64\1033
2013-11-28 10:53:39 -------- d-----w- C:\Windows\System32\1033
2013-11-28 10:53:39 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-11-28 10:44:07 -------- d-----w- C:\Program Files (x86)\DisplayFusion
2013-11-28 10:43:13 -------- d-----w- C:\Users\Deana\AppData\Local\Programs
2013-11-28 10:35:22 -------- d-----w- C:\Users\Deana\AppData\Roaming\tixati
2013-11-28 10:35:10 -------- d-----w- C:\Program Files\tixati
2013-11-28 10:22:31 -------- d-----w- C:\Users\Deana\AppData\Local\Macromedia
2013-11-28 09:56:25 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-11-28 09:55:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-28 09:55:02 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-28 09:54:24 -------- d-----w- C:\Users\Deana\AppData\Local\Adobe
2013-11-28 09:01:32 -------- d-----w- C:\Users\Deana\Tracing
2013-11-28 09:01:32 -------- d-----w- C:\Program Files (x86)\OCSetup
2013-11-28 08:43:25 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-11-28 08:35:13 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-11-28 08:34:45 -------- d-----w- C:\Windows\PCHEALTH
2013-11-28 08:34:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-11-28 08:32:43 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-11-28 08:31:59 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-11-28 08:31:18 -------- d-----w- C:\Users\Deana\AppData\Local\Microsoft Help
2013-11-28 08:17:35 -------- d-----w- C:\Program Files\CCleaner
2013-11-28 07:56:06 -------- d-----w- C:\Users\Deana\AppData\Roaming\ESET
2013-11-28 07:56:06 -------- d-----w- C:\Users\Deana\AppData\Local\ESET
2013-11-28 07:55:11 -------- d-----w- C:\Program Files\ESET
2013-11-28 07:50:44 -------- d-----w- C:\Users\Deana\AppData\Local\O&O
2013-11-28 07:50:05 -------- d-----w- C:\Windows\System32\oodag
2013-11-28 07:49:57 -------- d-----w- C:\Program Files\OO Software
2013-11-28 07:49:01 -------- d-----w- C:\ProgramData\OO Software
2013-11-28 07:42:05 -------- d-----w- C:\Users\Deana\AppData\Roaming\XYplorer
2013-11-28 07:41:58 -------- d-----w- C:\Program Files (x86)\XYplorer
2013-11-28 07:40:56 -------- d-----w- C:\Users\Deana\AppData\Roaming\FastCopy
2013-11-28 07:40:50 -------- d-----w- C:\Program Files\FastCopy
2013-11-22 20:29:17 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-21 22:22:16 2843432 ----a-w- C:\Windows\System32\ooscrsav.scr
2013-11-21 22:21:58 240936 ----a-w- C:\Windows\System32\oodbs.exe
2013-11-21 22:21:42 543528 ----a-w- C:\Windows\System32\oodssrs.dll
2013-11-21 22:21:36 10536 ----a-w- C:\Windows\System32\oodbsrs.dll
2013-11-21 21:29:36 2871808 ----a-w- C:\Windows\explorer.exe
2013-11-21 21:29:36 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-11-21 21:29:35 67072 ----a-w- C:\Windows\splwow64.exe
2013-11-21 21:29:35 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-11-21 21:29:35 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-11-21 21:29:35 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-11-21 20:20:36 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-21 20:20:36 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-21 20:20:36 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-21 20:20:36 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-21 20:20:36 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-21 20:20:36 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-21 20:20:36 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-21 19:32:42 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-11-21 19:30:48 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-11-21 19:30:48 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-11-21 18:40:56 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-11-21 18:39:56 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-11-21 18:33:14 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-11-21 18:06:16 -------- d-----w- C:\Windows\System32\SPReview
2013-11-21 18:05:14 -------- d-----w- C:\Windows\System32\EventProviders
2013-11-21 17:28:59 3207680 ----a-w- C:\Windows\SysWow64\mf.dll
2013-11-21 17:27:59 501248 ----a-w- C:\Windows\System32\IPSECSVC.DLL
2013-11-21 17:13:42 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-11-21 17:13:42 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-11-21 17:13:41 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-11-21 17:13:41 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-11-21 17:13:41 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-11-21 17:13:41 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-11-21 17:13:41 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-11-21 17:13:41 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-11-21 17:13:41 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-11-21 17:13:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-11-21 11:40:51 -------- d-----w- C:\Windows\SysWow64\drivers\uk-UA
2013-11-21 11:40:45 -------- d-----w- C:\Windows\SysWow64\wbem\uk-UA
2013-11-21 11:40:44 -------- d-----w- C:\Windows\uk-UA
2013-11-21 11:40:44 -------- d-----w- C:\Windows\System32\drivers\uk-UA
2013-11-21 11:40:39 -------- d-----w- C:\Windows\System32\wbem\uk-UA
2013-11-21 11:36:55 3584 ----a-w- C:\Windows\System32\drivers\uk-UA\portcls.sys.mui
2013-11-21 11:36:55 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\serscan.sys.mui
2013-11-21 11:36:54 3072 ----a-w- C:\Windows\System32\drivers\uk-UA\ataport.sys.mui
2013-11-21 11:36:54 2048 ----a-w- C:\Windows\System32\drivers\uk-UA\amdide.sys.mui
2013-11-21 11:36:53 48640 ----a-w- C:\Windows\System32\drivers\uk-UA\tcpip.sys.mui
2013-11-21 11:36:53 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\scfilter.sys.mui
2013-11-21 11:36:35 3072 ----a-w- C:\Windows\System32\drivers\uk-UA\hidbth.sys.mui
2013-11-21 11:36:34 7680 ----a-w- C:\Windows\System32\drivers\uk-UA\bthport.sys.mui
2013-11-21 11:36:34 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\BTHUSB.SYS.mui
2013-11-21 11:36:34 2048 ----a-w- C:\Windows\System32\drivers\uk-UA\bthenum.sys.mui
2013-11-21 11:13:27 -------- d-----w- C:\1e4409203aa0c7a4e494b915a4b996
2013-11-21 11:11:05 -------- d-----w- C:\Windows\SysWow64\Wat
2013-11-21 11:11:05 -------- d-----w- C:\Windows\System32\Wat
2013-11-21 10:58:58 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2013-11-21 10:58:58 -------- d-----w- C:\Windows\SysWow64\ru
2013-11-21 10:58:58 -------- d-----w- C:\Windows\SysWow64\drivers\ru-RU
2013-11-21 10:58:57 -------- d-----w- C:\Windows\SysWow64\wbem\ru-RU
2013-11-21 10:58:42 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
2013-11-21 10:58:42 -------- d-----w- C:\Windows\System32\drivers\ru-RU
2013-11-21 10:58:37 -------- d-----w- C:\Windows\System32\wbem\ru-RU
2013-11-21 10:58:37 -------- d-----w- C:\Windows\System32\ru
2013-11-21 10:58:24 -------- d-----w- C:\Windows\ru-RU
2013-11-21 10:49:10 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-11-21 10:49:10 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-11-21 10:49:10 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-21 10:42:35 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-11-21 10:42:35 307200 ----a-w- C:\Program Files (x86)\Internet Explorer\iediagcmd.exe
2013-11-21 10:42:35 114176 ----a-w- C:\Windows\System32\admparse.dll
2013-11-21 10:42:35 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2013-11-21 10:24:52 -------- d-----w- C:\Windows\System32\MRT
2013-11-21 10:20:28 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-11-21 10:20:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-11-21 10:20:28 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-11-21 10:20:28 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-11-21 10:20:28 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-11-21 10:14:49 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-11-21 10:13:59 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-11-21 10:08:03 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2013-11-21 10:08:03 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2013-11-21 10:08:03 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2013-11-21 10:08:03 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2013-11-21 10:08:03 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2013-11-21 10:08:03 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2013-11-21 10:07:57 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-11-21 10:07:57 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-11-21 10:07:45 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2013-11-21 10:07:45 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2013-11-21 10:07:43 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-11-21 10:07:43 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-11-21 10:07:43 296960 ----a-w- C:\Windows\System32\rstrui.exe
2013-11-21 10:07:43 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2013-11-21 10:07:42 974336 ----a-w- C:\Windows\System32\WFS.exe
2013-11-21 10:07:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-11-21 10:07:41 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2013-11-21 10:05:56 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2013-11-21 10:05:53 77312 ----a-w- C:\Windows\System32\packager.dll
2013-11-21 10:05:53 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-11-21 10:05:52 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-11-21 10:05:52 39424 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2013-11-21 10:05:49 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-11-21 10:05:48 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2013-11-21 10:05:48 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-11-21 10:04:04 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-11-21 10:04:04 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-11-21 10:04:04 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-11-21 09:59:47 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2013-11-21 09:59:04 -------- d-----w- C:\Users\Deana\AppData\Roaming\Intel Corporation
2013-11-21 09:58:01 -------- d-----w- C:\Users\Deana\Intel
2013-11-21 09:57:38 544568 ----a-r- C:\Windows\System32\PROUnstl.exe
2013-11-21 09:57:03 73032 ----a-w- C:\Windows\System32\e1dmsg.dll
2013-11-21 09:57:03 496400 ----a-w- C:\Windows\System32\drivers\e1d62x64.sys
2013-11-21 09:57:03 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2013-11-21 09:57:02 101224 ----a-w- C:\Windows\System32\NicInstD.dll
2013-11-21 09:56:22 20616 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2013-11-21 09:56:14 786056 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2013-11-21 09:56:14 366216 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2013-11-21 09:56:06 -------- d-----w- C:\Temp
2013-11-21 09:55:41 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2013-11-21 09:53:58 23609344 ----a-w- C:\Windows\System32\RCoRes64.dat
2013-11-21 09:52:14 442368 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2013-11-21 09:52:14 15360 ----a-w- C:\Windows\System32\IntcDAuC.dll
2013-11-21 09:52:05 64000 ----a-w- C:\Windows\System32\OpenCL.DLL
2013-11-21 09:52:05 60416 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2013-11-21 09:50:36 -------- d-sh--w- C:\Windows\Installer
2013-11-21 09:50:24 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-11-21 09:50:20 64624 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-11-21 09:48:37 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2013-11-21 09:48:26 -------- d-----w- C:\Intel
2013-11-21 09:46:46 -------- d-----w- C:\Windows\AsusInstAll
2013-11-21 09:44:45 -------- d-----w- C:\Windows\Chipset
2013-11-21 09:44:44 16896 ----a-w- C:\Windows\AsTaskSched.dll
2013-11-21 09:44:36 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-11-21 09:32:36 3945501 ----a-w- C:\Windows Loader.exe
2013-11-21 09:32:34 28135936 ----a-w- C:\w7lxe.exe
2013-11-21 09:32:34 24 ----a-w- C:\activate2010.cmd
2013-11-21 09:15:21 -------- d-----w- C:\Windows\Panther
2013-11-21 08:43:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-21 08:22:18 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-11-21 08:22:18 1064224 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-11-21 08:20:55 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-21 08:20:55 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-21 08:20:55 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-21 08:20:55 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-21 08:20:55 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-11-21 08:20:55 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-21 08:20:41 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-11-21 08:20:39 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-11-21 08:14:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-11-21 08:14:00 23680 ----a-w- C:\Windows\System32\drivers\IOMap64.sys
2013-11-21 08:13:56 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-11-21 08:13:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-11-21 08:13:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-11-11 16:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2013-12-01 21:11:28 1600320 ----a-w- C:\Windows\System32\VSFilter.dll
2013-11-21 18:17:14 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-11-21 18:17:14 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-17 23:17:38 62136 ----a-w- C:\Windows\System32\drivers\epfwwfp.sys
2013-09-17 23:17:38 44120 ----a-w- C:\Windows\System32\drivers\EpfwLWF.sys
2013-09-17 23:17:38 239320 ----a-w- C:\Windows\System32\drivers\eamonm.sys
2013-09-17 23:17:38 239296 ----a-w- C:\Windows\System32\drivers\edevmon.sys
2013-09-17 23:17:38 220232 ----a-w- C:\Windows\System32\drivers\epfw.sys
2013-09-17 23:17:38 168256 ----a-w- C:\Windows\System32\drivers\ehdrv.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
.
============= FINISH: 15:15:31.02 ===============
11078
The pop-up occurs when you click into any data entry field for the first time on any web page.
The infection was apparently contracted from the optional [allegedly] additional adware asked to be installed by Shark007 Windows Codecs. Despite telling the installer to skip and not install that software, it did so any way, so beware.
I ran ERUNT and the DDS apps as described. Here are the results from DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Deana at 15:15:14 on 2013-12-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.32637.27025 [GMT -6:00]
.
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Stardock\DeskScapes8\ds8srv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Stardock\DeskScapes8\DeskScapes64.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\XYplorer\XYplorer.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDockTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Show-Password: {b72fcc1f-68d9-4de6-ae10-deae949b2ff3} - C:\Program Files (x86)\Show-Password\136.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRunOnce: [shark007sfreecodecsolutions] <no file>
StartupFolder: C:\Users\Deana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Deana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\O&ODEF~1.LNK - C:\Windows\Installer\{C09F10AD-C43D-4C40-8274-6985F810C6DB}\app_icon.ico
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2D38AAEB-66D7-4F18-9A8B-D33BF51AC055} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - ExtSQL: 2013-11-28 03:28; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-28 03:33; {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
FF - ExtSQL: 2013-11-28 03:41; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2013-11-28 03:41; {D0A81AC1-3B12-4cec-AA8D-40EBDC4241EA}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{D0A81AC1-3B12-4cec-AA8D-40EBDC4241EA}.xpi
FF - ExtSQL: 2013-11-28 03:41; {64161300-e22b-11db-8314-0800200c9a66}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2013-11-28 03:41; {0545b830-f0aa-4d7e-8820-50a4629a56fe}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - ExtSQL: 2013-11-28 03:41; foxmarks@kei.com; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\foxmarks@kei.com
FF - ExtSQL: 2013-11-28 03:41; clickclean@hotcleaner.com; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\clickclean@hotcleaner.com
FF - ExtSQL: 2013-11-28 03:41; amznUWL2@amazon.com; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\amznUWL2@amazon.com.xpi
FF - ExtSQL: 2013-11-28 03:41; VacuumPlacesImproved@lultimouomo-gmail.com; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi
FF - ExtSQL: 2013-12-01 11:34; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\wwhfclor.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-12-02 04:22; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-12-02 14:00; {751db90c-debb-4449-8afa-0bdc7b8e0202}; C:\Program Files (x86)\Show-Password\136.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.autoDisableScopes, 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2013-1-10 47512]
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-12-1 116000]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-31 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-31 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-21 20616]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-12-2 56208]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2013-12-1 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-12-1 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-12-1 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2013-12-1 117024]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-12-1 283200]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-12-1 3873784]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-4-24 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [2013-4-24 945152]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [2013-11-30 1639424]
R2 DeskScapes8;Stardock DeskScapes 8;C:\Program Files (x86)\Stardock\DeskScapes8\DS8Srv.exe [2013-3-8 75376]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-11-21 169432]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-11-9 71280]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-21 15125280]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2013-11-21 1639208]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-2 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-2 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-2 171416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-8-21 9735112]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-12-1 5087584]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-12-1 367200]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-11-21 496400]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-11-30 171632]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-11-21 442368]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-21 366216]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-21 786056]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-21 39200]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2013-11-21 23680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-21 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-21 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-21 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-21 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-12-02 20:39:12 -------- d-----w- C:\Program Files (x86)\MagicISO
2013-12-02 20:27:04 -------- d-----w- C:\Users\Deana\AppData\Roaming\Advanced
2013-12-02 20:16:33 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-12-02 20:16:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-12-02 20:16:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-02 20:11:50 -------- d-----w- C:\Users\Deana\AppData\Roaming\Aimersoft Video Converter Pro
2013-12-02 20:11:43 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
2013-12-02 20:11:43 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
2013-12-02 20:11:43 496640 ----a-w- C:\Windows\SysWow64\xvid.ax
2013-12-02 20:11:41 -------- d-----w- C:\Program Files (x86)\Aimersoft
2013-12-02 20:00:41 -------- d-----w- C:\Program Files (x86)\Show-Password
2013-12-02 19:57:58 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm.new
2013-12-02 19:57:43 -------- d-----w- C:\Program Files (x86)\Shark007
2013-12-02 19:56:57 -------- d-----w- C:\ProgramData\Advanced
2013-12-02 19:49:52 -------- d-----w- C:\Users\Deana\AppData\Roaming\EurekaLog
2013-12-02 19:48:58 -------- d-----w- C:\Program Files (x86)\Advanced Batch Converter
2013-12-02 19:35:40 -------- d-----w- C:\Program Files (x86)\FreeTime
2013-12-02 19:03:24 -------- d-----w- C:\ProgramData\Nalpeiron
2013-12-02 19:03:23 -------- dc-h--w- C:\ProgramData\{70E22094-D034-40C3-89F7-AA970A0C0232}
2013-12-02 19:02:45 -------- d-----w- C:\Program Files\Athentech
2013-12-02 19:02:45 -------- d-----w- C:\Program Files (x86)\Athentech
2013-12-02 18:47:44 -------- d-----w- C:\Users\Deana\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-12-02 10:36:24 -------- d-----w- C:\Users\Deana\AppData\Roaming\NVIDIA
2013-12-02 10:36:13 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-12-02 10:28:04 -------- d-----w- C:\ProgramData\ALM
2013-12-02 10:24:44 -------- d-----w- C:\Users\Deana\Adobe Flash Builder 4.6
2013-12-02 10:19:48 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2013-12-02 10:19:48 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2013-12-02 10:19:48 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2013-12-02 10:19:48 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2013-12-02 10:19:48 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-12-02 10:19:44 -------- d-----w- C:\Program Files (x86)\My Company Name
2013-12-02 09:19:07 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2B9C847-8E77-4260-9F8E-CD17406E8A1D}\offreg.dll
2013-12-02 09:09:12 -------- d-----w- C:\Program Files (x86)\NirSoft
2013-12-02 07:48:42 -------- d-----w- C:\ProgramData\Stardock
2013-12-02 07:48:16 -------- d-----w- C:\Users\Deana\AppData\Local\Stardock
2013-12-02 07:48:15 -------- d-----w- C:\Users\Deana\AppData\Roaming\Stardock
2013-12-02 07:48:11 -------- d-----w- C:\Program Files (x86)\Stardock
2013-12-02 05:19:51 -------- d-----w- C:\Users\Deana\AppData\Roaming\XnView
2013-12-02 05:19:41 -------- d-----w- C:\Program Files (x86)\XnView
2013-12-01 21:06:18 1304384 ----a-w- C:\Windows\SysWow64\VSFilter.dll
2013-12-01 17:57:44 -------- d-----w- C:\Users\Deana\AppData\Roaming\R-TT
2013-12-01 17:56:05 -------- d-----w- C:\Program Files (x86)\R-Studio
2013-12-01 17:25:53 1048576 ----a-w- C:\Windows\PE_Rom.dll
2013-12-01 16:57:02 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2013-12-01 16:57:00 1464096 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2013-12-01 16:56:59 183224 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys
2013-12-01 16:56:59 1120032 ----a-w- C:\Windows\System32\drivers\tib.sys
2013-12-01 16:56:55 161568 ----a-w- C:\Windows\System32\drivers\vididr.sys
2013-12-01 16:56:54 117024 ----a-w- C:\Windows\System32\drivers\vidsflt.sys
2013-12-01 16:56:53 269600 ----a-w- C:\Windows\System32\drivers\snapman.sys
2013-12-01 16:56:52 116000 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2013-12-01 16:48:10 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-12-01 08:25:09 118784 ------w- C:\Windows\SysWow64\MSSTDFMT.DLL
2013-12-01 08:25:09 -------- d-----w- C:\ProgramData\InstallMate
2013-12-01 08:25:09 -------- d-----w- C:\Program Files (x86)\Scirocco
2013-12-01 08:04:34 -------- d-----w- C:\Program Files\CPUID
2013-12-01 08:02:35 192512 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2013-12-01 07:58:26 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-12-01 07:58:25 -------- d-----w- C:\Users\Deana\AppData\Roaming\DAEMON Tools Pro
2013-12-01 07:58:23 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2013-12-01 07:53:57 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2013-12-01 02:25:42 21400 ----a-w- C:\Windows\SysWow64\drivers\asmtufdriver.sys
2013-12-01 02:25:42 14848 ----a-w- C:\Windows\SysWow64\drivers\AiChargerPlus.sys
2013-12-01 02:24:04 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-12-01 02:24:04 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-12-01 02:24:04 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-12-01 02:24:04 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-12-01 02:24:02 -------- d-----w- C:\ProgramData\ASUS
2013-11-29 23:21:21 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2B9C847-8E77-4260-9F8E-CD17406E8A1D}\mpengine.dll
2013-11-28 12:55:46 -------- d-----w- C:\Program Files (x86)\WinDFT
2013-11-28 10:56:23 -------- d-----w- C:\Program Files (x86)\Microsoft Small Business
2013-11-28 10:56:06 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2013-11-28 10:54:56 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$MSSMLBIZ-sqlagtctr10.1.2531.0.dll
2013-11-28 10:54:50 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$MSSMLBIZ-sqlctr10.1.2531.0.dll
2013-11-28 10:53:39 -------- d-----w- C:\Windows\SysWow64\1033
2013-11-28 10:53:39 -------- d-----w- C:\Windows\System32\1033
2013-11-28 10:53:39 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-11-28 10:44:07 -------- d-----w- C:\Program Files (x86)\DisplayFusion
2013-11-28 10:43:13 -------- d-----w- C:\Users\Deana\AppData\Local\Programs
2013-11-28 10:35:22 -------- d-----w- C:\Users\Deana\AppData\Roaming\tixati
2013-11-28 10:35:10 -------- d-----w- C:\Program Files\tixati
2013-11-28 10:22:31 -------- d-----w- C:\Users\Deana\AppData\Local\Macromedia
2013-11-28 09:56:25 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-11-28 09:55:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-28 09:55:02 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-28 09:54:24 -------- d-----w- C:\Users\Deana\AppData\Local\Adobe
2013-11-28 09:01:32 -------- d-----w- C:\Users\Deana\Tracing
2013-11-28 09:01:32 -------- d-----w- C:\Program Files (x86)\OCSetup
2013-11-28 08:43:25 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-11-28 08:35:13 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-11-28 08:34:45 -------- d-----w- C:\Windows\PCHEALTH
2013-11-28 08:34:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-11-28 08:32:43 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-11-28 08:31:59 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-11-28 08:31:18 -------- d-----w- C:\Users\Deana\AppData\Local\Microsoft Help
2013-11-28 08:17:35 -------- d-----w- C:\Program Files\CCleaner
2013-11-28 07:56:06 -------- d-----w- C:\Users\Deana\AppData\Roaming\ESET
2013-11-28 07:56:06 -------- d-----w- C:\Users\Deana\AppData\Local\ESET
2013-11-28 07:55:11 -------- d-----w- C:\Program Files\ESET
2013-11-28 07:50:44 -------- d-----w- C:\Users\Deana\AppData\Local\O&O
2013-11-28 07:50:05 -------- d-----w- C:\Windows\System32\oodag
2013-11-28 07:49:57 -------- d-----w- C:\Program Files\OO Software
2013-11-28 07:49:01 -------- d-----w- C:\ProgramData\OO Software
2013-11-28 07:42:05 -------- d-----w- C:\Users\Deana\AppData\Roaming\XYplorer
2013-11-28 07:41:58 -------- d-----w- C:\Program Files (x86)\XYplorer
2013-11-28 07:40:56 -------- d-----w- C:\Users\Deana\AppData\Roaming\FastCopy
2013-11-28 07:40:50 -------- d-----w- C:\Program Files\FastCopy
2013-11-22 20:29:17 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-21 22:22:16 2843432 ----a-w- C:\Windows\System32\ooscrsav.scr
2013-11-21 22:21:58 240936 ----a-w- C:\Windows\System32\oodbs.exe
2013-11-21 22:21:42 543528 ----a-w- C:\Windows\System32\oodssrs.dll
2013-11-21 22:21:36 10536 ----a-w- C:\Windows\System32\oodbsrs.dll
2013-11-21 21:29:36 2871808 ----a-w- C:\Windows\explorer.exe
2013-11-21 21:29:36 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-11-21 21:29:35 67072 ----a-w- C:\Windows\splwow64.exe
2013-11-21 21:29:35 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-11-21 21:29:35 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-11-21 21:29:35 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-11-21 20:20:36 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-21 20:20:36 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-21 20:20:36 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-21 20:20:36 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-21 20:20:36 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-21 20:20:36 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-21 20:20:36 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-21 19:32:42 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-11-21 19:30:48 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-11-21 19:30:48 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-11-21 18:40:56 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-11-21 18:39:56 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-11-21 18:33:14 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-11-21 18:06:16 -------- d-----w- C:\Windows\System32\SPReview
2013-11-21 18:05:14 -------- d-----w- C:\Windows\System32\EventProviders
2013-11-21 17:28:59 3207680 ----a-w- C:\Windows\SysWow64\mf.dll
2013-11-21 17:27:59 501248 ----a-w- C:\Windows\System32\IPSECSVC.DLL
2013-11-21 17:13:42 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-11-21 17:13:42 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-11-21 17:13:41 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-11-21 17:13:41 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-11-21 17:13:41 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-11-21 17:13:41 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-11-21 17:13:41 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-11-21 17:13:41 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-11-21 17:13:41 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-11-21 17:13:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-11-21 11:40:51 -------- d-----w- C:\Windows\SysWow64\drivers\uk-UA
2013-11-21 11:40:45 -------- d-----w- C:\Windows\SysWow64\wbem\uk-UA
2013-11-21 11:40:44 -------- d-----w- C:\Windows\uk-UA
2013-11-21 11:40:44 -------- d-----w- C:\Windows\System32\drivers\uk-UA
2013-11-21 11:40:39 -------- d-----w- C:\Windows\System32\wbem\uk-UA
2013-11-21 11:36:55 3584 ----a-w- C:\Windows\System32\drivers\uk-UA\portcls.sys.mui
2013-11-21 11:36:55 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\serscan.sys.mui
2013-11-21 11:36:54 3072 ----a-w- C:\Windows\System32\drivers\uk-UA\ataport.sys.mui
2013-11-21 11:36:54 2048 ----a-w- C:\Windows\System32\drivers\uk-UA\amdide.sys.mui
2013-11-21 11:36:53 48640 ----a-w- C:\Windows\System32\drivers\uk-UA\tcpip.sys.mui
2013-11-21 11:36:53 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\scfilter.sys.mui
2013-11-21 11:36:35 3072 ----a-w- C:\Windows\System32\drivers\uk-UA\hidbth.sys.mui
2013-11-21 11:36:34 7680 ----a-w- C:\Windows\System32\drivers\uk-UA\bthport.sys.mui
2013-11-21 11:36:34 2560 ----a-w- C:\Windows\System32\drivers\uk-UA\BTHUSB.SYS.mui
2013-11-21 11:36:34 2048 ----a-w- C:\Windows\System32\drivers\uk-UA\bthenum.sys.mui
2013-11-21 11:13:27 -------- d-----w- C:\1e4409203aa0c7a4e494b915a4b996
2013-11-21 11:11:05 -------- d-----w- C:\Windows\SysWow64\Wat
2013-11-21 11:11:05 -------- d-----w- C:\Windows\System32\Wat
2013-11-21 10:58:58 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2013-11-21 10:58:58 -------- d-----w- C:\Windows\SysWow64\ru
2013-11-21 10:58:58 -------- d-----w- C:\Windows\SysWow64\drivers\ru-RU
2013-11-21 10:58:57 -------- d-----w- C:\Windows\SysWow64\wbem\ru-RU
2013-11-21 10:58:42 -------- d-----w- C:\Windows\System32\drivers\UMDF\ru-RU
2013-11-21 10:58:42 -------- d-----w- C:\Windows\System32\drivers\ru-RU
2013-11-21 10:58:37 -------- d-----w- C:\Windows\System32\wbem\ru-RU
2013-11-21 10:58:37 -------- d-----w- C:\Windows\System32\ru
2013-11-21 10:58:24 -------- d-----w- C:\Windows\ru-RU
2013-11-21 10:49:10 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-11-21 10:49:10 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-11-21 10:49:10 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-21 10:42:35 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-11-21 10:42:35 307200 ----a-w- C:\Program Files (x86)\Internet Explorer\iediagcmd.exe
2013-11-21 10:42:35 114176 ----a-w- C:\Windows\System32\admparse.dll
2013-11-21 10:42:35 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2013-11-21 10:24:52 -------- d-----w- C:\Windows\System32\MRT
2013-11-21 10:20:28 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-11-21 10:20:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-11-21 10:20:28 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-11-21 10:20:28 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-11-21 10:20:28 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-11-21 10:14:49 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-11-21 10:13:59 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-11-21 10:08:03 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2013-11-21 10:08:03 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2013-11-21 10:08:03 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2013-11-21 10:08:03 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2013-11-21 10:08:03 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2013-11-21 10:08:03 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2013-11-21 10:07:57 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-11-21 10:07:57 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-11-21 10:07:45 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2013-11-21 10:07:45 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2013-11-21 10:07:43 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-11-21 10:07:43 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-11-21 10:07:43 296960 ----a-w- C:\Windows\System32\rstrui.exe
2013-11-21 10:07:43 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2013-11-21 10:07:42 974336 ----a-w- C:\Windows\System32\WFS.exe
2013-11-21 10:07:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-11-21 10:07:41 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2013-11-21 10:05:56 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2013-11-21 10:05:53 77312 ----a-w- C:\Windows\System32\packager.dll
2013-11-21 10:05:53 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-11-21 10:05:52 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-11-21 10:05:52 39424 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2013-11-21 10:05:49 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-11-21 10:05:48 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2013-11-21 10:05:48 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-11-21 10:04:04 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-11-21 10:04:04 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-11-21 10:04:04 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-11-21 09:59:47 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2013-11-21 09:59:04 -------- d-----w- C:\Users\Deana\AppData\Roaming\Intel Corporation
2013-11-21 09:58:01 -------- d-----w- C:\Users\Deana\Intel
2013-11-21 09:57:38 544568 ----a-r- C:\Windows\System32\PROUnstl.exe
2013-11-21 09:57:03 73032 ----a-w- C:\Windows\System32\e1dmsg.dll
2013-11-21 09:57:03 496400 ----a-w- C:\Windows\System32\drivers\e1d62x64.sys
2013-11-21 09:57:03 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2013-11-21 09:57:02 101224 ----a-w- C:\Windows\System32\NicInstD.dll
2013-11-21 09:56:22 20616 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2013-11-21 09:56:14 786056 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2013-11-21 09:56:14 366216 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2013-11-21 09:56:06 -------- d-----w- C:\Temp
2013-11-21 09:55:41 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2013-11-21 09:53:58 23609344 ----a-w- C:\Windows\System32\RCoRes64.dat
2013-11-21 09:52:14 442368 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2013-11-21 09:52:14 15360 ----a-w- C:\Windows\System32\IntcDAuC.dll
2013-11-21 09:52:05 64000 ----a-w- C:\Windows\System32\OpenCL.DLL
2013-11-21 09:52:05 60416 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2013-11-21 09:50:36 -------- d-sh--w- C:\Windows\Installer
2013-11-21 09:50:24 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-11-21 09:50:20 64624 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-11-21 09:48:37 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2013-11-21 09:48:26 -------- d-----w- C:\Intel
2013-11-21 09:46:46 -------- d-----w- C:\Windows\AsusInstAll
2013-11-21 09:44:45 -------- d-----w- C:\Windows\Chipset
2013-11-21 09:44:44 16896 ----a-w- C:\Windows\AsTaskSched.dll
2013-11-21 09:44:36 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-11-21 09:32:36 3945501 ----a-w- C:\Windows Loader.exe
2013-11-21 09:32:34 28135936 ----a-w- C:\w7lxe.exe
2013-11-21 09:32:34 24 ----a-w- C:\activate2010.cmd
2013-11-21 09:15:21 -------- d-----w- C:\Windows\Panther
2013-11-21 08:43:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-21 08:22:18 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-11-21 08:22:18 1064224 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-11-21 08:20:55 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-21 08:20:55 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-21 08:20:55 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-21 08:20:55 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-21 08:20:55 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-11-21 08:20:55 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-21 08:20:41 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-11-21 08:20:39 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-11-21 08:14:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-11-21 08:14:00 23680 ----a-w- C:\Windows\System32\drivers\IOMap64.sys
2013-11-21 08:13:56 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-11-21 08:13:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-11-21 08:13:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-11-11 16:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2013-12-01 21:11:28 1600320 ----a-w- C:\Windows\System32\VSFilter.dll
2013-11-21 18:17:14 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-11-21 18:17:14 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-17 23:17:38 62136 ----a-w- C:\Windows\System32\drivers\epfwwfp.sys
2013-09-17 23:17:38 44120 ----a-w- C:\Windows\System32\drivers\EpfwLWF.sys
2013-09-17 23:17:38 239320 ----a-w- C:\Windows\System32\drivers\eamonm.sys
2013-09-17 23:17:38 239296 ----a-w- C:\Windows\System32\drivers\edevmon.sys
2013-09-17 23:17:38 220232 ----a-w- C:\Windows\System32\drivers\epfw.sys
2013-09-17 23:17:38 168256 ----a-w- C:\Windows\System32\drivers\ehdrv.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
.
============= FINISH: 15:15:31.02 ===============
11078