Short version:
I went to an "adult site", I clicked a flash video and command prompt flashed very quickly on my screen. I have no idea what it did. Neither avast or firewall reacted to it. I'm not sure if I have some virus or malware on my system now. Computer is working fine and all scans I've done find nothing but I have no idea how to look for malware.
Long version:
So yesterday late in the evening I was watching... adult videos. I went to this one site following a link from other site and it had multiple flash videos and I clicked one of them to start the video. What happened next is that very briefly a command prompt appeared on my screen and then it disappeared. I had no time to see what it did. I got no warnings from my virus scanner nor from my firewall about any viruses or starting programs.
The video I clicked started to play normally. I was kinda feeling not knowing what to do. Did I just get a virus/malware? So I open my task browser to see if there are any strange programs running. Only "strange" thing I see is some opera addon (I don't remember the name but now that think about it I think it was the flash video container. It had the name "plugin container" in its name). I close that and it closes the opera as well. I think about what to do and then start malwarebytes and avast scans and go to brush my teeth. After I come back I turn off my internet and leave the scans running. Then I go to sleep as it was late and I had to get up early.
Neither avast nor malwarebytes found anything. I don't see anything strange in hjt logs. There are no strange things I can see with process explorer and full scans of avast, malwarebytes and windows malware finder (mrt.exe) did not find anything on the second scan either.
I have two opera browsers installed on my computer. One for normal browsing and one for porn with tighter settings. Both versions are 12.16 so not the newest.
I still have the link where the strange thing happened but I'd need to open the opera that is possibly infected in order to get that url. The url is still open in one of the tabs. So to get the url I'd need to run that opera which may be infected and then open the site again which gave me the strange command prompt popup - which I think is not smart thing to do.
I have no idea if I got infected. Can you help me see if I am infected?
Is it normal the gmer scan lasted 6 hours? My c: drive is 64Gb.
I have access to windows xp install disk.
----------------------
----------------------
----------------------
dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.25.2
Run by J at 17:28:03 on 2014-03-17
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
C:\Program Files\Dassault Systemes\B12\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Dokan\DokanLibrary\mounter.exe
d:\peelit\iRacing\iRacingService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera11\opera.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = hxxp=localhost:8118
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SideWinderTrayV4] c:\progra~1\micros~2\gameco~1\common\swtrayv4.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Windows7FirewallControl] c:\program files\windows7firewallcontrol\Windows7FirewallControl.exe
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [Launch LCore] c:\program files\logitech gaming software\LCore.exe /minimized
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.254
TCP: Interfaces\{E4408D5F-11FB-49EE-B6E1-F6454096B3B2} : NameServer = 193.210.19.19,193.210.19.190,193.210.18.18
TCP: Interfaces\{E4408D5F-11FB-49EE-B6E1-F6454096B3B2} : DHCPNameServer = 192.168.0.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\j\application data\mozilla\firefox\profiles\ee89y6ma.default user\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPPOKER.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R? cisaspi0;Cistone ASPI Driver
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpuz129;cpuz129
R? cpuz130;cpuz130
R? gupdate1c9812d2d603b04;Google Update Service (gupdate1c9812d2d603b04)
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? PorscheWheelFilterUsb;PorscheWheelFilterUsb
R? WDC_SAM;WD SCSI Pass Thru driver
R? WinRing0_1_2_0;WinRing0_1_2_0
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;avast! VM Monitor
S? AtiHDAudioService;ATI Function Driver for HD Audio Service
S? atitray;atitray
S? avast! Antivirus;avast! Antivirus
S? BBDemon;Backbone Service
S? Dokan;Dokan
S? DokanMounter;DokanMounter
S? iRacingService;iRacing.com Helper Service
S? LBeepKE;Logitech Beep Suppression Driver
S? LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver
S? LGSHidFilt;Logitech Gaming KMDF HID Filter Driver
S? LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver
S? LGVirHid;Logitech Gamepanel Virtual HID Device Driver
S? mv61xx;mv61xx
S? pbfilter;pbfilter
S? scrcap;scrcap
S? Windows7FirewallControl;Windows7FirewallControl
S? Windows7FirewallService;Windows7FirewallService
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2014-03-07 12:29:21 -------- d-----w- c:\program files\real_temp
2014-03-06 00:37:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-06 00:37:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-24 20:13:57 -------- d-----w- c:\program files\CPUID
.
==================== Find3M ====================
.
2014-02-21 15:50:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 15:50:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-09 11:12:56 1409 ----a-w- c:\windows\QTFont.for
2014-02-08 07:23:40 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-07 18:03:11 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-07 18:03:11 43152 ----a-w- c:\windows\avastSS.scr
2014-02-07 06:36:32 1879296 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:54:58 562688 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 22:38:01 81920 ----a-w- c:\windows\system32\ieencode.dll
2014-02-04 22:38:01 668672 ----a-w- c:\windows\system32\wininet.dll
2014-02-04 22:38:01 61952 ----a-w- c:\windows\system32\tdc.ocx
2014-02-04 22:37:09 370688 ----a-w- c:\windows\system32\html.iec
2013-12-31 00:45:21 434176 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 00:31:06 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
.
============= FINISH: 17:28:53,00 ===============
I went to an "adult site", I clicked a flash video and command prompt flashed very quickly on my screen. I have no idea what it did. Neither avast or firewall reacted to it. I'm not sure if I have some virus or malware on my system now. Computer is working fine and all scans I've done find nothing but I have no idea how to look for malware.
Long version:
So yesterday late in the evening I was watching... adult videos. I went to this one site following a link from other site and it had multiple flash videos and I clicked one of them to start the video. What happened next is that very briefly a command prompt appeared on my screen and then it disappeared. I had no time to see what it did. I got no warnings from my virus scanner nor from my firewall about any viruses or starting programs.
The video I clicked started to play normally. I was kinda feeling not knowing what to do. Did I just get a virus/malware? So I open my task browser to see if there are any strange programs running. Only "strange" thing I see is some opera addon (I don't remember the name but now that think about it I think it was the flash video container. It had the name "plugin container" in its name). I close that and it closes the opera as well. I think about what to do and then start malwarebytes and avast scans and go to brush my teeth. After I come back I turn off my internet and leave the scans running. Then I go to sleep as it was late and I had to get up early.
Neither avast nor malwarebytes found anything. I don't see anything strange in hjt logs. There are no strange things I can see with process explorer and full scans of avast, malwarebytes and windows malware finder (mrt.exe) did not find anything on the second scan either.
I have two opera browsers installed on my computer. One for normal browsing and one for porn with tighter settings. Both versions are 12.16 so not the newest.
I still have the link where the strange thing happened but I'd need to open the opera that is possibly infected in order to get that url. The url is still open in one of the tabs. So to get the url I'd need to run that opera which may be infected and then open the site again which gave me the strange command prompt popup - which I think is not smart thing to do.
I have no idea if I got infected. Can you help me see if I am infected?
Is it normal the gmer scan lasted 6 hours? My c: drive is 64Gb.
I have access to windows xp install disk.
----------------------
----------------------
----------------------
dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.25.2
Run by J at 17:28:03 on 2014-03-17
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
C:\Program Files\Dassault Systemes\B12\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Dokan\DokanLibrary\mounter.exe
d:\peelit\iRacing\iRacingService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera11\opera.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = hxxp=localhost:8118
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SideWinderTrayV4] c:\progra~1\micros~2\gameco~1\common\swtrayv4.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Windows7FirewallControl] c:\program files\windows7firewallcontrol\Windows7FirewallControl.exe
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [Launch LCore] c:\program files\logitech gaming software\LCore.exe /minimized
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.254
TCP: Interfaces\{E4408D5F-11FB-49EE-B6E1-F6454096B3B2} : NameServer = 193.210.19.19,193.210.19.190,193.210.18.18
TCP: Interfaces\{E4408D5F-11FB-49EE-B6E1-F6454096B3B2} : DHCPNameServer = 192.168.0.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\j\application data\mozilla\firefox\profiles\ee89y6ma.default user\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPPOKER.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R? cisaspi0;Cistone ASPI Driver
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpuz129;cpuz129
R? cpuz130;cpuz130
R? gupdate1c9812d2d603b04;Google Update Service (gupdate1c9812d2d603b04)
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? PorscheWheelFilterUsb;PorscheWheelFilterUsb
R? WDC_SAM;WD SCSI Pass Thru driver
R? WinRing0_1_2_0;WinRing0_1_2_0
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;avast! VM Monitor
S? AtiHDAudioService;ATI Function Driver for HD Audio Service
S? atitray;atitray
S? avast! Antivirus;avast! Antivirus
S? BBDemon;Backbone Service
S? Dokan;Dokan
S? DokanMounter;DokanMounter
S? iRacingService;iRacing.com Helper Service
S? LBeepKE;Logitech Beep Suppression Driver
S? LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver
S? LGSHidFilt;Logitech Gaming KMDF HID Filter Driver
S? LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver
S? LGVirHid;Logitech Gamepanel Virtual HID Device Driver
S? mv61xx;mv61xx
S? pbfilter;pbfilter
S? scrcap;scrcap
S? Windows7FirewallControl;Windows7FirewallControl
S? Windows7FirewallService;Windows7FirewallService
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2014-03-07 12:29:21 -------- d-----w- c:\program files\real_temp
2014-03-06 00:37:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-06 00:37:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-24 20:13:57 -------- d-----w- c:\program files\CPUID
.
==================== Find3M ====================
.
2014-02-21 15:50:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 15:50:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-09 11:12:56 1409 ----a-w- c:\windows\QTFont.for
2014-02-08 07:23:40 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-07 18:03:11 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-07 18:03:11 43152 ----a-w- c:\windows\avastSS.scr
2014-02-07 06:36:32 1879296 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:54:58 562688 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 22:38:01 81920 ----a-w- c:\windows\system32\ieencode.dll
2014-02-04 22:38:01 668672 ----a-w- c:\windows\system32\wininet.dll
2014-02-04 22:38:01 61952 ----a-w- c:\windows\system32\tdc.ocx
2014-02-04 22:37:09 370688 ----a-w- c:\windows\system32\html.iec
2013-12-31 00:45:21 434176 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 00:31:06 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
.
============= FINISH: 17:28:53,00 ===============