Hi.
I asked this in Other Browsers forum and I was redirected here. I followed the instructions of creating the log files necessary(ARK.txt & attach.txt are attached).
So my problem is that I installed a malicious (freeware) game(seemed legit)(I'll attach the link too just to warn people not to download this game!), and it keeps logging me out of Chrome and installing some needless addons and even though I always log back and uninstall them, the problem keeps renewing.
Here's the link. Never download this program! Just a heads up... Tetris Game for Windows
Okay, logs:
DDS:
And the rest is in the attachment.
Thank you so much! Cheers!
I asked this in Other Browsers forum and I was redirected here. I followed the instructions of creating the log files necessary(ARK.txt & attach.txt are attached).
So my problem is that I installed a malicious (freeware) game(seemed legit)(I'll attach the link too just to warn people not to download this game!), and it keeps logging me out of Chrome and installing some needless addons and even though I always log back and uninstall them, the problem keeps renewing.
Here's the link. Never download this program! Just a heads up... Tetris Game for Windows
Okay, logs:
DDS:
Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2
Run by Victor at 13:55:05 on 2013-01-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5996.3659 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Users\Victor\AppData\Roaming\VICTOR-PC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files (x86)\EventGhost\EventGhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Dolby PCEE4\pcee4.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startpage.com
uSearch Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=FI&userid=7526fa53-2642-450d-ae87-3300bea5280c&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=FI&userid=7526fa53-2642-450d-ae87-3300bea5280c&searchtype=ds&q={searchTerms}
mStart Page = hxxp://startpage.com
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=FI&userid=7526fa53-2642-450d-ae87-3300bea5280c&searchtype=ds&q={searchTerms}
uWinlogon: Shell = expstart.exe
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Google Update] "C:\Users\Victor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
StartupFolder: C:\Users\Victor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTG~1.LNK - C:\Program Files (x86)\EventGhost\EventGhost.exe
StartupFolder: C:\Users\Victor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: C:\Users\Victor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\Victor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TEDEXE~1.LNK - C:\Program Files (x86)\Torrent Episode Downloader\ted.exe
StartupFolder: C:\Users\Victor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\UTORRE~1.LNK - C:\Program Files (x86)\uTorrent\uTorrent.exe
StartupFolder: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Victor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHRASE~1.LNK - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download to MurGeeMon - C:\Program Files (x86)\MurGeeMon\ProcessClick.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5DD4E677-785F-4F7D-AD98-B7500CB07AEA} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\ta46u8ci.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=FI&userid=7526fa53-2642-450d-ae87-3300bea5280c&searchtype=hp
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=FI&userid=7526fa53-2642-450d-ae87-3300bea5280c&searchtype=ds&q=
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=FI&userid=7526fa53-2642-450d-ae87-3300bea5280c&searchtype=hp
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=FI&userid=7526fa53-2642-450d-ae87-3300bea5280c&searchtype=hp
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Users\Victor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-28 17:31; siphon@siphon.ian-halpern.com; C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\ta46u8ci.default\extensions\siphon@siphon.ian-halpern.com.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-28 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-28 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-28 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-28 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-28 44808]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-13 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-13 682344]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-28 2673064]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-28 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-13 24176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-11-29 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-11-29 9096]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-01-13 11:40:08 -------- d-----w- C:\Users\Victor\AppData\Roaming\Malwarebytes
2013-01-13 11:39:53 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-13 11:39:53 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-13 11:39:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-12 22:42:34 -------- d-----w- C:\Users\Victor\AppData\Roaming\foobar2000
2013-01-10 19:12:40 -------- d-----w- C:\Program Files\Babylon
2013-01-10 19:12:40 -------- d-----w- C:\Program Files (x86)\Babylon
2013-01-05 16:24:10 -------- d-----w- C:\Users\Victor\AppData\Local\SwvUpdater
2013-01-04 20:20:08 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2013-01-04 20:19:42 898491 --s-a-w- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Victor.exe
2013-01-04 20:19:41 898491 --sha-w- C:\Users\Victor\AppData\Roaming\VICTOR-PC.exe
2013-01-01 22:01:40 -------- d-----w- C:\Program Files (x86)\Guitar Pro 5
2013-01-01 16:29:52 -------- d-----w- C:\Program Files (x86)\UselessCreations
2012-12-27 10:16:48 -------- d-----w- C:\Users\Victor\AppData\Local\Chat Undetected
2012-12-26 14:24:11 -------- d-----w- C:\Users\Victor\AppData\Local\FalloutNV
2012-12-26 14:18:26 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2012-12-26 13:46:49 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-12-26 13:45:12 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-26 13:45:10 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-26 13:45:10 2250024 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-12-24 20:33:43 766158 ----a-w- C:\Windows\TheColourClock.scr
2012-12-24 20:33:43 -------- d-----w- C:\Windows\TheColourClock Uninstaller
2012-12-23 20:55:28 -------- d-----w- C:\Users\Victor\AppData\Local\Microsoft Games
2012-12-22 09:51:01 -------- d-----w- C:\Windows\System32\W7NBC
2012-12-22 09:34:58 -------- d-----w- C:\Nabs mac osx dock
2012-12-22 09:30:27 -------- d-----w- C:\Program Files (x86)\RocketDock
2012-12-21 20:04:13 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2012-12-21 20:04:10 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup
2012-12-21 20:04:08 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2012-12-21 14:11:48 925184 ----a-w- C:\Windows\expstart.exe
2012-12-21 14:07:49 2872320 ----a-w- C:\Windows\explorer.backup.exe
2012-12-20 21:55:18 -------- d-----w- C:\Users\Victor\AppData\Roaming\PhraseExpress
2012-12-20 21:55:08 -------- d-----w- C:\ProgramData\PhraseExpress
2012-12-20 21:55:08 -------- d-----w- C:\Program Files (x86)\PhraseExpress
2012-12-17 15:19:08 -------- d-----w- C:\Users\Victor\AppData\Roaming\Unified Remote
2012-12-17 15:19:03 -------- d-----w- C:\Program Files (x86)\Unified Remote
2012-12-16 17:24:14 -------- d-----w- C:\Users\Victor\AppData\Roaming\Realtime Soft
2012-12-16 17:24:13 -------- d-----w- C:\Program Files (x86)\Common Files\Realtime Soft
2012-12-16 17:24:12 -------- d-----w- C:\ProgramData\Realtime Soft
2012-12-16 17:24:12 -------- d-----w- C:\Program Files\UltraMon
2012-12-16 17:21:02 -------- d-----w- C:\Program Files\Handbrake
2012-12-16 17:20:48 -------- d-----w- C:\Program Files (x86)\MKVToolNix
2012-12-16 15:10:00 -------- d-----w- C:\Users\Victor\AppData\Local\MurGeeMon
2012-12-16 15:09:52 49152 ----a-w- C:\Windows\MurGeeMon.scr
2012-12-16 15:09:52 -------- d-----w- C:\Program Files (x86)\MurGeeMon
2012-12-14 21:29:59 -------- d-----w- C:\Program Files (x86)\Hitman 2 Silent Assassin
2012-12-14 11:57:43 -------- d-----w- C:\Users\Victor\AppData\Roaming\LibreOffice
.
==================== Find3M ====================
.
2012-12-21 20:04:13 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2012-12-21 20:04:11 2851840 ----a-w- C:\Windows\System32\themeui.dll
2012-12-21 20:04:08 44544 ----a-w- C:\Windows\System32\themeservice.dll
2012-11-28 15:14:40 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-28 15:14:40 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-28 15:14:40 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-11-28 15:13:58 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-28 15:13:58 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-28 15:13:58 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-28 15:13:05 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 15:13:05 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-25 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-24 04:26:14 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-10-24 04:26:14 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
.
============= FINISH: 13:55:21.32 ===============Thank you so much! Cheers!