I noticed that there are multiple instance of iexplorer.exe process in my Task Manager. I rarely use Internet Explorer. I couldn't figure out what is spawning the iexplorer process at all. A new iexplorer process is created for every few minutes apart. My system did not show any symptoms of being infected with virus. Can you please help me to identify the issue in the system. Thanks in advance for all your help and time.
-----------------------------------
I scanned my whole system using Charter Internet Security Suite (F-Secure). It did not find any virus.
-----------------------------------
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.13.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
user :: GUDDU [administrator]
Protection: Disabled
4/14/2013 12:06:55 PM
mbam-log-2013-04-14 (12-06-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208703
Time elapsed: 2 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-----------------------------------
DDS Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/19/2012 9:57:55 AM
System Uptime: 4/13/2013 10:27:06 AM (27 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T9900 @ 3.06GHz | Microprocessor | 797/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 432.585 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&1A65F586&0&1
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&1A65F586&0&1
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Photoshop Lightroom 4.3 64-bit
Adobe Reader XI (11.0.02)
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Beyond Compare Version 3.3.5
Bonjour
Brother MFL-Pro Suite MFC-7860DW
CCleaner
Charter Security Suite
Citrix Presentation Server Client
CloneDVD2
Computer Security 12.71.102.0 (release)
CyberLink PowerDVD 9.5
Dell Client System Update
Dell ControlVault Host Components Installer 64 bit
Dell System Detect
Dell Touchpad
DirectX 9 Runtime
doPDF 7.3 printer
Dropbox
F-Secure CCF Reputation
F-Secure CCF Scanning 1.18.127.7931 (release)
F-Secure Network CCF 1.02.126
FileZilla Client 3.6.0.2
Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.0.0
Gadwin PrintScreen
GOM Player
Google Chrome
Google Update Helper
IDT Audio
Integrated Webcam Driver (1.03.02.0919)
iTunes
iTunes Library Toolkit
join.me
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client 64-bit Activex Control
Juniper Terminal Services Client
Malwarebytes Anti-Malware version 1.75.0.1300
MediaMonkey 4.0
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
Online Safety 2.71.927.655
PeerBlock 1.1 (r518)
PhotoShowExpress
RBVirtualFolder64Inst
RICOH Media Driver ver.2.07.01.01
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
SIW 2011 Home Edition
Sonic CinePlayer Decoder Pack
TagScanner 5.1.630
TeamViewer 8
TeraCopy 2.27
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Winamp
Winamp Detector Plug-in
.
==== Event Viewer Messages From Past Week ========
.
4/7/2013 11:10:08 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024864.
4/7/2013 11:10:08 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070020.
4/13/2013 9:44:03 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/12/2013 2:43:33 AM, Error: F-Secure Gatekeeper [1] -
.
==== End Of File ===========================
--------------------------------------------------
DDS - dds.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by user at 13:03:59 on 2013-04-14
#Option Extended Search is enabled.
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4084.2783 [GMT -5:00]
.
AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\System32\rpcnetp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\SW\Util\TeamViewer8\TeamViewer_Service.exe
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Users\teledisaster\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\SW\Media\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\teledisaster\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSLAUNCH.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
uRun: [PeerBlock] C:\SW\Util\PeerBlock\peerblock.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1
mRun: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" /splash
mRun: [iTunesHelper] "C:\SW\Media\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\SW\Util\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\TELEDI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\teledisaster\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\SW\Util\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\SW\Util\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.amfam.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{277DC51F-E1E5-431F-86C0-A81925BDB55C} : DHCPNameServer = 172.16.30.10 172.16.30.11
TCP: Interfaces\{99A95A43-F5B6-4241-8946-D03D2286A799} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [nwiz] nwiz.exe /installquiet
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\SW\Media\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-17 23:00; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-03-17 23:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-17 23:02; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-4-11 56016]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-19 55856]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2013-3-2 62744]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2013-3-2 14032]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [2012-10-19 89600]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2012-4-25 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2012-4-25 36768]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-3-16 101888]
R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [2012-11-26 183864]
R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [2012-8-6 61176]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-8 6810728]
R2 TeamViewer8;TeamViewer 8;C:\SW\Util\TeamViewer8\TeamViewer_Service.exe [2013-3-3 3560800]
R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2012-4-25 45672]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-3-2 200760]
R3 fsni;fsni;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [2013-1-30 71680]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2008-6-3 168864]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2008-9-18 315840]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
RUnknown rpcnetp;rpcnetp; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\SW\Util\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-3 418376]
S2 MBAMService;MBAMService;C:\SW\Util\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-3 701512]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-3-17 266240]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-19 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-2 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-2 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-19 1255736]
.
=============== Created Last 60 ================
.
2013-04-14 05:16:43--------d-----w-C:\Users\teledisaster\AppData\Local\ElevatedDiagnostics
2013-04-13 01:16:0326520----a-w-C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-13 00:22:42861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-04-13 00:22:42782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-04-12 03:18:185550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-04-12 03:18:153913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-04-12 03:18:143968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-12 03:18:136656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-04-12 03:18:1343520----a-w-C:\Windows\System32\csrsrv.dll
2013-04-12 03:18:13112640----a-w-C:\Windows\System32\smss.exe
2013-04-12 03:18:10223752----a-w-C:\Windows\System32\drivers\fvevol.sys
2013-04-12 03:18:073153408----a-w-C:\Windows\System32\win32k.sys
2013-04-12 03:18:041655656----a-w-C:\Windows\System32\drivers\ntfs.sys
2013-04-11 23:36:1856016----a-w-C:\Windows\System32\drivers\fsbts.sys
2013-04-08 12:41:19--------d-----w-C:\ProgramData\HitmanPro
2013-04-08 04:40:22--------d-----r-C:\Users\teledisaster\AppData\Roaming\Brother
2013-04-01 01:29:25--------d-----w-C:\Users\teledisaster\AppData\Local\join.me
2013-03-29 00:43:22--------d-----w-C:\Users\teledisaster\AppData\Local\Juniper Networks
2013-03-29 00:43:14--------d-----w-C:\Users\teledisaster\AppData\Roaming\Juniper Networks
2013-03-25 02:59:21--------d-----w-C:\MoviesTemp
2013-03-25 02:55:43--------d-----w-C:\Program Files (x86)\Dell
2013-03-25 02:55:23--------d-----w-C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
2013-03-21 02:22:16--------d-----w-C:\Program Files (x86)\Citrix
2013-03-19 00:10:50--------d-----w-C:\Users\teledisaster\AppData\Roaming\ControlCenter4
2013-03-18 04:04:26--------d-----w-C:\ProgramData\Brother
2013-03-18 03:37:07--------d-----w-C:\Users\teledisaster\AppData\Local\Mozilla
2013-03-18 03:37:01--------d-----w-C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-17 19:55:06--------d-----w-C:\Users\teledisaster\AppData\Local\Adobe
2013-03-17 19:54:25--------d-----w-C:\Photos
2013-03-17 15:20:37--------d-----w-C:\Users\teledisaster\AppData\Roaming\TeraCopy
2013-03-16 20:54:22--------d-----w-C:\ProgramData\Freemake
2013-03-16 17:28:32--------d-----w-C:\ProgramData\iTunesUtilities
2013-03-16 17:28:19--------d-----w-C:\Users\teledisaster\AppData\Local\iTunesUtilities
2013-03-16 17:27:52--------d-----w-C:\ProgramData\IsolatedStorage
2013-03-16 17:14:22--------d-----w-C:\Users\teledisaster\AppData\Roaming\TagScanner
2013-03-16 17:05:00101376----a-w-C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2013-03-16 17:04:4583968----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNBPP3.DLL
2013-03-16 02:01:1317920----a-w-C:\Windows\SysWow64\rpcnetp.dll
2013-03-16 02:00:3417920----a-w-C:\Windows\SysWow64\rpcnetp.exe
2013-03-15 01:27:5619968----a-w-C:\Windows\System32\drivers\usb8023.sys
2013-03-13 13:22:16--------d-----w-C:\Users\teledisaster\pnlinks
2013-03-13 13:11:4544544----a-w-C:\Windows\SysWow64\agremove.exe
2013-03-13 12:58:03--------d-----w-C:\Users\teledisaster\AppData\Roaming\ICAClient
2013-03-04 02:02:40--------d-----w-C:\Users\teledisaster\AppData\Roaming\MediaMonkey
2013-03-04 02:02:31--------d-----w-C:\ProgramData\MediaMonkey
2013-03-04 01:52:24--------d-----w-C:\Users\teledisaster\AppData\Roaming\uTorrent
2013-03-04 01:42:11--------d-----w-C:\Users\teledisaster\AppData\Roaming\Scooter Software
2013-03-03 16:55:28--------d-----w-C:\Windows\PCHEALTH
2013-03-03 16:53:33--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 8
2013-03-03 16:52:52--------d-----w-C:\Users\teledisaster\AppData\Local\Microsoft Help
2013-03-03 16:49:23--------d-----w-C:\Users\teledisaster\AppData\Local\CrashRpt
2013-03-03 16:49:08--------d-----w-C:\Program Files (x86)\SIW 2011 Home Edition
2013-03-03 16:48:42--------d-----w-C:\Users\teledisaster\AppData\Local\Programs
2013-03-03 16:39:33--------d-----w-C:\Users\teledisaster\AppData\Roaming\Roxio Burn
2013-03-03 02:06:58--------d-----r-C:\Dropbox
2013-03-03 01:49:04--------d-----w-C:\Users\teledisaster\AppData\Roaming\Dropbox
2013-03-03 01:38:22--------d-----w-C:\Users\teledisaster\AppData\Local\Apple Computer
2013-03-03 01:38:1733240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-03-03 01:37:56--------d-----w-C:\Program Files\iPod
2013-03-03 01:37:55--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-03 01:37:55--------d-----w-C:\Program Files\iTunes
2013-03-03 01:37:21--------d-----w-C:\Program Files\Bonjour
2013-03-03 01:37:21--------d-----w-C:\Program Files (x86)\Bonjour
2013-03-02 18:52:4242672----a-w-C:\Windows\SysWow64\drivers\fsbts.sys
2013-03-02 18:47:13--------d-----w-C:\Program Files (x86)\Charter Security Suite
2013-03-02 18:45:48--------d-----w-C:\ProgramData\F-Secure
2013-03-02 17:46:34--------d-----w-C:\Users\teledisaster\AppData\Local\Google
2013-03-02 17:43:33--------d-----w-C:\Windows\System32\appmgmt
2013-03-02 17:41:01--------d-----w-C:\SW
2013-03-02 17:19:009728----a-w-C:\Windows\System32\Wdfres.dll
2013-03-02 17:19:00785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2013-03-02 17:19:0054376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2013-03-02 17:19:002560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-03-02 17:16:312776576----a-w-C:\Windows\System32\msmpeg2vdec.dll
2013-03-02 17:10:48216576----a-w-C:\Windows\System32\ncsi.dll
2013-03-02 16:38:5046080----a-w-C:\Windows\System32\atmlib.dll
2013-03-02 16:38:50367616----a-w-C:\Windows\System32\atmfd.dll
2013-03-02 16:38:5034304----a-w-C:\Windows\SysWow64\atmlib.dll
2013-03-02 16:38:50295424----a-w-C:\Windows\SysWow64\atmfd.dll
2013-03-02 16:38:219162192----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CE762A3-1732-448E-8CCD-A8CBE758EEC3}\mpengine.dll
2013-03-02 16:37:10750592----a-w-C:\Windows\System32\win32spl.dll
2013-03-02 16:37:10492032----a-w-C:\Windows\SysWow64\win32spl.dll
2013-03-02 16:35:3668608----a-w-C:\Windows\System32\taskhost.exe
2013-02-14 19:47:1016384----a-w-C:\Windows\SysWow64\cshost.dll
.
==================== Find6M ====================
.
2013-04-13 14:42:5017920----a-w-C:\Windows\System32\rpcnetp.exe
2013-04-04 19:50:3225928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-03-13 13:38:2073432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 13:38:20693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
2013-02-21 10:14:0567072----a-w-C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:142706432----a-w-C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:1889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-01-17 06:28:58273840------w-C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:039728---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:022560---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:4210752---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:463584---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:214096---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:085632---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:075632---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:073072---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:073072---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:319728---ha-w-C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:312560---ha-w-C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:1810752---ha-w-C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:073584---ha-w-C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:484096---ha-w-C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:415632---ha-w-C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:405632---ha-w-C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:403072---ha-w-C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:403072---ha-w-C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:001247744----a-w-C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:221988096----a-w-C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31293376----a-w-C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00249856----a-w-C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43220160----a-w-C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:351504768----a-w-C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:041643520----a-w-C:\Windows\System32\DWrite.dll
2013-01-13 19:58:281175552----a-w-C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01604160----a-w-C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58207872----a-w-C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14187392----a-w-C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:302565120----a-w-C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17363008----a-w-C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47161792----a-w-C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:251080832----a-w-C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:211230336----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39333312----a-w-C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:321887232----a-w-C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21296960----a-w-C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:573419136----a-w-C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04245248----a-w-C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33648192----a-w-C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30221184----a-w-C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42194560----a-w-C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:041238528----a-w-C:\Windows\System32\d3d10.dll
2013-01-13 19:15:401424384----a-w-C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:363928064----a-w-C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06417792----a-w-C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58364544----a-w-C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43465920----a-w-C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52522752----a-w-C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:421158144----a-w-C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:091682432----a-w-C:\Windows\System32\XpsPrint.dll
2013-01-04 06:11:212284544----a-w-C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 05:46:09215040----a-w-C:\Windows\System32\winsrv.dll
2013-01-04 04:51:165120----a-w-C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:2144032----a-w-C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:3525600----a-w-C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:347680----a-w-C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:342048----a-w-C:\Windows\SysWow64\user.exe
2013-01-04 02:47:3314336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:541913192----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42288088----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-13 18:50:386112864----a-w-C:\Windows\System32\usbaaplrc.dll
2012-12-13 18:50:3654784----a-w-C:\Windows\System32\drivers\usbaapl64.sys
2012-12-07 13:20:16441856----a-w-C:\Windows\System32\Wpc.dll
2012-12-07 13:15:312746368----a-w-C:\Windows\System32\gameux.dll
2012-12-07 12:26:17308736----a-w-C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:432576384----a-w-C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:0430720----a-w-C:\Windows\System32\usk.rs
2012-12-07 11:20:0343520----a-w-C:\Windows\System32\csrr.rs
2012-12-07 11:20:0323552----a-w-C:\Windows\System32\oflc.rs
2012-12-07 11:20:0145568----a-w-C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:0144544----a-w-C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:0120480----a-w-C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:0020480----a-w-C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:5920480----a-w-C:\Windows\System32\pegi.rs
2012-12-07 11:19:5846592----a-w-C:\Windows\System32\fpb.rs
2012-12-07 11:19:5740960----a-w-C:\Windows\System32\cob-au.rs
.
============= FINISH: 13:04:17.24 ===============
-----------------------------------
I scanned my whole system using Charter Internet Security Suite (F-Secure). It did not find any virus.
-----------------------------------
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.13.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
user :: GUDDU [administrator]
Protection: Disabled
4/14/2013 12:06:55 PM
mbam-log-2013-04-14 (12-06-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208703
Time elapsed: 2 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-----------------------------------
DDS Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/19/2012 9:57:55 AM
System Uptime: 4/13/2013 10:27:06 AM (27 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T9900 @ 3.06GHz | Microprocessor | 797/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 432.585 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&1A65F586&0&1
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&1A65F586&0&1
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Photoshop Lightroom 4.3 64-bit
Adobe Reader XI (11.0.02)
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Beyond Compare Version 3.3.5
Bonjour
Brother MFL-Pro Suite MFC-7860DW
CCleaner
Charter Security Suite
Citrix Presentation Server Client
CloneDVD2
Computer Security 12.71.102.0 (release)
CyberLink PowerDVD 9.5
Dell Client System Update
Dell ControlVault Host Components Installer 64 bit
Dell System Detect
Dell Touchpad
DirectX 9 Runtime
doPDF 7.3 printer
Dropbox
F-Secure CCF Reputation
F-Secure CCF Scanning 1.18.127.7931 (release)
F-Secure Network CCF 1.02.126
FileZilla Client 3.6.0.2
Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.0.0
Gadwin PrintScreen
GOM Player
Google Chrome
Google Update Helper
IDT Audio
Integrated Webcam Driver (1.03.02.0919)
iTunes
iTunes Library Toolkit
join.me
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client 64-bit Activex Control
Juniper Terminal Services Client
Malwarebytes Anti-Malware version 1.75.0.1300
MediaMonkey 4.0
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
Online Safety 2.71.927.655
PeerBlock 1.1 (r518)
PhotoShowExpress
RBVirtualFolder64Inst
RICOH Media Driver ver.2.07.01.01
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
SIW 2011 Home Edition
Sonic CinePlayer Decoder Pack
TagScanner 5.1.630
TeamViewer 8
TeraCopy 2.27
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Winamp
Winamp Detector Plug-in
.
==== Event Viewer Messages From Past Week ========
.
4/7/2013 11:10:08 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024864.
4/7/2013 11:10:08 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070020.
4/13/2013 9:44:03 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/12/2013 2:43:33 AM, Error: F-Secure Gatekeeper [1] -
.
==== End Of File ===========================
--------------------------------------------------
DDS - dds.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by user at 13:03:59 on 2013-04-14
#Option Extended Search is enabled.
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4084.2783 [GMT -5:00]
.
AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\System32\rpcnetp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\SW\Util\TeamViewer8\TeamViewer_Service.exe
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Users\teledisaster\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\SW\Media\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\teledisaster\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSLAUNCH.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
uRun: [PeerBlock] C:\SW\Util\PeerBlock\peerblock.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1
mRun: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" /splash
mRun: [iTunesHelper] "C:\SW\Media\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\SW\Util\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\TELEDI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\teledisaster\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\SW\Util\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\SW\Util\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.amfam.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{277DC51F-E1E5-431F-86C0-A81925BDB55C} : DHCPNameServer = 172.16.30.10 172.16.30.11
TCP: Interfaces\{99A95A43-F5B6-4241-8946-D03D2286A799} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [nwiz] nwiz.exe /installquiet
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\SW\Media\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-17 23:00; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-03-17 23:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-17 23:02; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\teledisaster\AppData\Roaming\Mozilla\Firefox\Profiles\e5ix491w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-4-11 56016]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-19 55856]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2013-3-2 62744]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2013-3-2 14032]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [2012-10-19 89600]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2012-4-25 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2012-4-25 36768]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-3-16 101888]
R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [2012-11-26 183864]
R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [2012-8-6 61176]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-8 6810728]
R2 TeamViewer8;TeamViewer 8;C:\SW\Util\TeamViewer8\TeamViewer_Service.exe [2013-3-3 3560800]
R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2012-4-25 45672]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-3-2 200760]
R3 fsni;fsni;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [2013-1-30 71680]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2008-6-3 168864]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2008-9-18 315840]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
RUnknown rpcnetp;rpcnetp; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\SW\Util\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-3 418376]
S2 MBAMService;MBAMService;C:\SW\Util\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-3 701512]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-3-17 266240]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-19 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-2 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-2 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-19 1255736]
.
=============== Created Last 60 ================
.
2013-04-14 05:16:43--------d-----w-C:\Users\teledisaster\AppData\Local\ElevatedDiagnostics
2013-04-13 01:16:0326520----a-w-C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-13 00:22:42861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-04-13 00:22:42782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-04-12 03:18:185550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-04-12 03:18:153913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-04-12 03:18:143968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-12 03:18:136656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-04-12 03:18:1343520----a-w-C:\Windows\System32\csrsrv.dll
2013-04-12 03:18:13112640----a-w-C:\Windows\System32\smss.exe
2013-04-12 03:18:10223752----a-w-C:\Windows\System32\drivers\fvevol.sys
2013-04-12 03:18:073153408----a-w-C:\Windows\System32\win32k.sys
2013-04-12 03:18:041655656----a-w-C:\Windows\System32\drivers\ntfs.sys
2013-04-11 23:36:1856016----a-w-C:\Windows\System32\drivers\fsbts.sys
2013-04-08 12:41:19--------d-----w-C:\ProgramData\HitmanPro
2013-04-08 04:40:22--------d-----r-C:\Users\teledisaster\AppData\Roaming\Brother
2013-04-01 01:29:25--------d-----w-C:\Users\teledisaster\AppData\Local\join.me
2013-03-29 00:43:22--------d-----w-C:\Users\teledisaster\AppData\Local\Juniper Networks
2013-03-29 00:43:14--------d-----w-C:\Users\teledisaster\AppData\Roaming\Juniper Networks
2013-03-25 02:59:21--------d-----w-C:\MoviesTemp
2013-03-25 02:55:43--------d-----w-C:\Program Files (x86)\Dell
2013-03-25 02:55:23--------d-----w-C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
2013-03-21 02:22:16--------d-----w-C:\Program Files (x86)\Citrix
2013-03-19 00:10:50--------d-----w-C:\Users\teledisaster\AppData\Roaming\ControlCenter4
2013-03-18 04:04:26--------d-----w-C:\ProgramData\Brother
2013-03-18 03:37:07--------d-----w-C:\Users\teledisaster\AppData\Local\Mozilla
2013-03-18 03:37:01--------d-----w-C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-17 19:55:06--------d-----w-C:\Users\teledisaster\AppData\Local\Adobe
2013-03-17 19:54:25--------d-----w-C:\Photos
2013-03-17 15:20:37--------d-----w-C:\Users\teledisaster\AppData\Roaming\TeraCopy
2013-03-16 20:54:22--------d-----w-C:\ProgramData\Freemake
2013-03-16 17:28:32--------d-----w-C:\ProgramData\iTunesUtilities
2013-03-16 17:28:19--------d-----w-C:\Users\teledisaster\AppData\Local\iTunesUtilities
2013-03-16 17:27:52--------d-----w-C:\ProgramData\IsolatedStorage
2013-03-16 17:14:22--------d-----w-C:\Users\teledisaster\AppData\Roaming\TagScanner
2013-03-16 17:05:00101376----a-w-C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2013-03-16 17:04:4583968----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNBPP3.DLL
2013-03-16 02:01:1317920----a-w-C:\Windows\SysWow64\rpcnetp.dll
2013-03-16 02:00:3417920----a-w-C:\Windows\SysWow64\rpcnetp.exe
2013-03-15 01:27:5619968----a-w-C:\Windows\System32\drivers\usb8023.sys
2013-03-13 13:22:16--------d-----w-C:\Users\teledisaster\pnlinks
2013-03-13 13:11:4544544----a-w-C:\Windows\SysWow64\agremove.exe
2013-03-13 12:58:03--------d-----w-C:\Users\teledisaster\AppData\Roaming\ICAClient
2013-03-04 02:02:40--------d-----w-C:\Users\teledisaster\AppData\Roaming\MediaMonkey
2013-03-04 02:02:31--------d-----w-C:\ProgramData\MediaMonkey
2013-03-04 01:52:24--------d-----w-C:\Users\teledisaster\AppData\Roaming\uTorrent
2013-03-04 01:42:11--------d-----w-C:\Users\teledisaster\AppData\Roaming\Scooter Software
2013-03-03 16:55:28--------d-----w-C:\Windows\PCHEALTH
2013-03-03 16:53:33--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 8
2013-03-03 16:52:52--------d-----w-C:\Users\teledisaster\AppData\Local\Microsoft Help
2013-03-03 16:49:23--------d-----w-C:\Users\teledisaster\AppData\Local\CrashRpt
2013-03-03 16:49:08--------d-----w-C:\Program Files (x86)\SIW 2011 Home Edition
2013-03-03 16:48:42--------d-----w-C:\Users\teledisaster\AppData\Local\Programs
2013-03-03 16:39:33--------d-----w-C:\Users\teledisaster\AppData\Roaming\Roxio Burn
2013-03-03 02:06:58--------d-----r-C:\Dropbox
2013-03-03 01:49:04--------d-----w-C:\Users\teledisaster\AppData\Roaming\Dropbox
2013-03-03 01:38:22--------d-----w-C:\Users\teledisaster\AppData\Local\Apple Computer
2013-03-03 01:38:1733240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-03-03 01:37:56--------d-----w-C:\Program Files\iPod
2013-03-03 01:37:55--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-03 01:37:55--------d-----w-C:\Program Files\iTunes
2013-03-03 01:37:21--------d-----w-C:\Program Files\Bonjour
2013-03-03 01:37:21--------d-----w-C:\Program Files (x86)\Bonjour
2013-03-02 18:52:4242672----a-w-C:\Windows\SysWow64\drivers\fsbts.sys
2013-03-02 18:47:13--------d-----w-C:\Program Files (x86)\Charter Security Suite
2013-03-02 18:45:48--------d-----w-C:\ProgramData\F-Secure
2013-03-02 17:46:34--------d-----w-C:\Users\teledisaster\AppData\Local\Google
2013-03-02 17:43:33--------d-----w-C:\Windows\System32\appmgmt
2013-03-02 17:41:01--------d-----w-C:\SW
2013-03-02 17:19:009728----a-w-C:\Windows\System32\Wdfres.dll
2013-03-02 17:19:00785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2013-03-02 17:19:0054376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2013-03-02 17:19:002560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-03-02 17:16:312776576----a-w-C:\Windows\System32\msmpeg2vdec.dll
2013-03-02 17:10:48216576----a-w-C:\Windows\System32\ncsi.dll
2013-03-02 16:38:5046080----a-w-C:\Windows\System32\atmlib.dll
2013-03-02 16:38:50367616----a-w-C:\Windows\System32\atmfd.dll
2013-03-02 16:38:5034304----a-w-C:\Windows\SysWow64\atmlib.dll
2013-03-02 16:38:50295424----a-w-C:\Windows\SysWow64\atmfd.dll
2013-03-02 16:38:219162192----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CE762A3-1732-448E-8CCD-A8CBE758EEC3}\mpengine.dll
2013-03-02 16:37:10750592----a-w-C:\Windows\System32\win32spl.dll
2013-03-02 16:37:10492032----a-w-C:\Windows\SysWow64\win32spl.dll
2013-03-02 16:35:3668608----a-w-C:\Windows\System32\taskhost.exe
2013-02-14 19:47:1016384----a-w-C:\Windows\SysWow64\cshost.dll
.
==================== Find6M ====================
.
2013-04-13 14:42:5017920----a-w-C:\Windows\System32\rpcnetp.exe
2013-04-04 19:50:3225928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-03-13 13:38:2073432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 13:38:20693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
2013-02-21 10:14:0567072----a-w-C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:142706432----a-w-C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:1889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-01-17 06:28:58273840------w-C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:039728---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:022560---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:4210752---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:463584---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:214096---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:085632---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:075632---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:073072---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:073072---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:319728---ha-w-C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:312560---ha-w-C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:1810752---ha-w-C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:073584---ha-w-C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:484096---ha-w-C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:415632---ha-w-C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:405632---ha-w-C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:403072---ha-w-C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:403072---ha-w-C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:001247744----a-w-C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:221988096----a-w-C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31293376----a-w-C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00249856----a-w-C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43220160----a-w-C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:351504768----a-w-C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:041643520----a-w-C:\Windows\System32\DWrite.dll
2013-01-13 19:58:281175552----a-w-C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01604160----a-w-C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58207872----a-w-C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14187392----a-w-C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:302565120----a-w-C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17363008----a-w-C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47161792----a-w-C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:251080832----a-w-C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:211230336----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39333312----a-w-C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:321887232----a-w-C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21296960----a-w-C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:573419136----a-w-C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04245248----a-w-C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33648192----a-w-C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30221184----a-w-C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42194560----a-w-C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:041238528----a-w-C:\Windows\System32\d3d10.dll
2013-01-13 19:15:401424384----a-w-C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:363928064----a-w-C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06417792----a-w-C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58364544----a-w-C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43465920----a-w-C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52522752----a-w-C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:421158144----a-w-C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:091682432----a-w-C:\Windows\System32\XpsPrint.dll
2013-01-04 06:11:212284544----a-w-C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 05:46:09215040----a-w-C:\Windows\System32\winsrv.dll
2013-01-04 04:51:165120----a-w-C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:2144032----a-w-C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:3525600----a-w-C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:347680----a-w-C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:342048----a-w-C:\Windows\SysWow64\user.exe
2013-01-04 02:47:3314336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:541913192----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42288088----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-13 18:50:386112864----a-w-C:\Windows\System32\usbaaplrc.dll
2012-12-13 18:50:3654784----a-w-C:\Windows\System32\drivers\usbaapl64.sys
2012-12-07 13:20:16441856----a-w-C:\Windows\System32\Wpc.dll
2012-12-07 13:15:312746368----a-w-C:\Windows\System32\gameux.dll
2012-12-07 12:26:17308736----a-w-C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:432576384----a-w-C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:0430720----a-w-C:\Windows\System32\usk.rs
2012-12-07 11:20:0343520----a-w-C:\Windows\System32\csrr.rs
2012-12-07 11:20:0323552----a-w-C:\Windows\System32\oflc.rs
2012-12-07 11:20:0145568----a-w-C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:0144544----a-w-C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:0120480----a-w-C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:0020480----a-w-C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:5920480----a-w-C:\Windows\System32\pegi.rs
2012-12-07 11:19:5846592----a-w-C:\Windows\System32\fpb.rs
2012-12-07 11:19:5740960----a-w-C:\Windows\System32\cob-au.rs
.
============= FINISH: 13:04:17.24 ===============