Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Complex ScorpionSaver + Level Quality Watcher problem


  • This topic is locked This topic is locked
30 replies to this topic

#1 senaka

senaka

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 01 December 2013 - 06:04 AM

Hi, I've been having a problem with these things for awhile and I'm running out of options.

 

I'm sure it was because I recklessly downloaded a program and it installed along with that program as well. It doesn't matter now (I'm hoping), since I've uninstalled and removed those files long ago. I realized scorpionsaver and snapdo was running in my chrome, so I googled ways to uninstall them.

 

They helped temporarily, so I figured I was okay after that.

 

Not sure if this is related to how these things work, but I noticed that some surveys I do online don't even show up, some of it showing a blank on my browser. I also noticed that some other sites don't work as they normally do on my browser (google chrome). I don't think it was related, but my photoshop has been running weirdly, which prompted me to check something on Internet Explorer, which showed snapdo was still alive and running on my computer.

 

I've messed around with my laptop so many times, I'm not even sure where I am anymore. I'm not tech savvy, so I have no idea what I'm doing. I've "uninstalled" and trash binned many folders and files, but I'm sure that these things are still here. I regret to say that I've messed with some files so much, the topics on this forum that are related may not help my case. I realized just how difficult I made this for myself.

 

Is there an easy step-by-step way for a simple-minded person like me to remove these things completely? My laptop is a Windows 7 Intel, Acer, aspire one, etc.Apparently it's a netbook (I was sure it said laptop when I bought it...well). I appreciate any form of help, thanks.



BC AdBot (Login to Remove)

 


#2 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:08:39 AM

Posted 01 December 2013 - 07:31 AM

Hello senaka and  :welcome: on Bleeping Computer.

I will be helping with your computer problems.

Before starting please note the following:
  • If you have since resolved the original problem you were having, we would appreciate you letting us know
  • Do not make any changes on your own to the computer (installing/uninstall programs, deleting files, modifying the registry, running scanners or other tools, etc.) without instructions to do it
  • Please read every post completely and perform all steps in the specified order. If you can't understand something or you encounter problems please stop and let me know
  • Do not attach logs, use code or quote boxes. Just copy and paste the text unless directed otherwise
  • Even if things appear to be better, it does not mean we have finished. Follow my instructions and reply back until I tell you that your computer is clean.
  • Please reply using the Add Reply button in the lower right hand corner of your screen
Now please take a look to these steps and post the DDS logs as described in that topic.


Regards 

 



#3 senaka

senaka
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 01 December 2013 - 03:52 PM

  • From DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Debbie at 12:44:29 on 2013-12-01
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.3932.1844 [GMT -8:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Debbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll
uRun: [Google Update] "C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WTClient] WTClient.exe
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{7AE92040-71DA-40E7-9A01-2C4602C76D16} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{A1EB4D11-A186-4FC4-A922-F8C9F2963FBC} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{A1EB4D11-A186-4FC4-A922-F8C9F2963FBC}\16C6568716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A1EB4D11-A186-4FC4-A922-F8C9F2963FBC}\2616A616E65747E223E2437686A7 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A1EB4D11-A186-4FC4-A922-F8C9F2963FBC}\4454C414E45495F575946494 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A1EB4D11-A186-4FC4-A922-F8C9F2963FBC}\7535751553 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A1EB4D11-A186-4FC4-A922-F8C9F2963FBC}\9447723702D697027796D266960216E646029402E656564602964702E6F67712 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\5d906zl8.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\Debbie\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-13 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-13 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [2013-11-18 1524824]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-13 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSviA64.sys [2013-11-29 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-13 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-6-13 433752]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-5-2 355920]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-7-9 871296]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-2 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-9 161560]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-5-2 255376]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccsvchst.exe [2013-6-13 144368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-9 363800]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-11-13 619904]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2012-5-3 81928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-20 137648]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-2 331264]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-5-3 440360]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\System32\drivers\PTSimBus.sys [2013-11-13 32576]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-11-13 13728]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-26 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\System32\drivers\PTSimHid.sys [2013-11-13 22336]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-14 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-14 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-11-13 81824]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-10-9 13312]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-11-13 15776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-2 1255736]
S4 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=9D0EB5E9 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=9D0EB5E9 [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-01 10:00:42 -------- d-----w- C:\Users\Debbie\AppData\Local\FileTypeAssistant
2013-12-01 09:56:48 -------- d-----w- C:\AdwCleaner
2013-11-29 20:16:32 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47779AB5-8177-42AC-94B0-9518455C7B94}\mpengine.dll
2013-11-27 21:47:10 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll
2013-11-27 21:47:08 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll
2013-11-26 21:40:05 -------- d-----w- C:\Program Files\Level Quality Watcher
2013-11-18 08:28:10 -------- d-----w- C:\Users\Debbie\AppData\Local\{776B03C8-0EE8-4733-BA53-B1652185727E}
2013-11-14 02:22:04 -------- d-----w- C:\Program Files\TabletPlugins
2013-11-14 02:21:59 15776 ----a-w- C:\Windows\System32\drivers\wacomrouterfilter.sys
2013-11-14 02:21:08 81824 ----a-w- C:\Windows\System32\drivers\wachidrouter.sys
2013-11-14 02:21:08 13728 ----a-w- C:\Windows\System32\drivers\hidkmdf.sys
2013-11-13 00:58:50 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-13 00:58:50 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-13 00:58:50 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 00:58:50 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-13 00:58:50 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-13 00:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 00:58:09 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-13 00:58:07 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 00:58:06 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-11 03:10:20 -------- d-----w- C:\Users\Debbie\AppData\Local\{83D778BF-A3DE-4065-AE41-D161C1B634A9}
2013-11-11 03:10:14 -------- d-----w- C:\Users\Debbie\AppData\Local\{F2F369AB-7FC0-438D-A63B-221E8FCBCE1C}
2013-11-10 19:27:36 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-10 19:08:13 -------- d-----w- C:\Users\Debbie\AppData\Local\PlumChoice, Inc
2013-11-10 19:06:06 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2013-11-10 02:15:39 -------- d-----w- C:\Users\Debbie\AppData\Local\{3C6BF224-F07C-40C4-AA01-FAEE6816A79C}
2013-11-08 02:43:44 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-11-04 22:15:59 -------- d-----w- C:\Users\Debbie\AppData\Local\ElevatedDiagnostics
2013-11-04 22:10:14 -------- d-----w- C:\Program Files (x86)\Steam
.
==================== Find3M  ====================
.
2013-12-01 20:26:56 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2013-12-01 20:26:54 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2013-11-11 13:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-23 02:54:07 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 06:01:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 06:01:39 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
.
============= FINISH: 12:45:16.57 ===============
 
 
 
 
 
 
And I've attached the attach.txt to this post.

Attached Files



#4 senaka

senaka
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 02 December 2013 - 11:51 PM

Did I post in the right thread?

#5 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:08:39 AM

Posted 03 December 2013 - 07:00 AM

Hi senaka,

 

yes you did.:)

 

Your logs is under analysis and a reply will come soon.

Please be patient.:)

 

 

Regards



#6 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:08:39 AM

Posted 03 December 2013 - 01:37 PM

Hello senaka   :)
 
I saw you already tried to remove something by yourself.
Please do not make any other changes without instructions to do it, it may take more time for the cleaning and may be dangerous for your computer.
 
Please download ComboFix and AdwCleaner, put them on your desktop then:
 
1- Unistall unwanted software

  • click on the Start button => Control Panel => click on Programs icon
  • double click on Level Quality Watcher entry and then click Yes
  • double click on File Type Assistant entry and then click Yes
  • close Control Panel

 

2- Run ComboFix

  • Close/disable all anti-virus and anti-malware programs. Refer to this page if you are not sure how
  • Close any open windows
  • Double click on ComboFix.exe and follow the prompts
  • During the scan leave your sick computer alone and do not mouseclick combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished, it will produce and display a report; close it

 

3- Run AdwCleaner

  • Close all open programs and internet browsers
  • Right click on the AdwCleaner icon and select Run As Administrator to run the tool
  • Click on the Scan button
  • Once the scan has finished, click on the Clean button
  • Click on the OK button when asked to close all programs and follow the onscreen prompts
  • Click on the OK button to allow AdwCleaner to restart the computer and complete the removal process
  • After rebooting, the log file AdwCleaner [S0]. txt will open automatically, please close it

 

In your next reply please post the contents of these files:

  • C:\ComboFix.txt
  • C:\AdwCleaner[S0].txt

 

Regards 


Edited by Clairvoyant, 03 December 2013 - 01:47 PM.


#7 senaka

senaka
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 03 December 2013 - 04:17 PM

hi, sorry about that. here's the stuff i got.

 

  • Combofix.txt
ComboFix 13-12-01.01 - Debbie 3/2013 Tue  12:50:32.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.3932.2492 [GMT -8:00]
Running from: c:\users\Debbie\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Level Quality Watcher
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-03 to 2013-12-03  )))))))))))))))))))))))))))))))
.
.
2013-12-01 10:00 . 2013-12-03 20:32 -------- d-----w- c:\users\Debbie\AppData\Local\FileTypeAssistant
2013-12-01 09:56 . 2013-12-01 09:59 -------- d-----w- C:\AdwCleaner
2013-11-29 20:16 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47779AB5-8177-42AC-94B0-9518455C7B94}\mpengine.dll
2013-11-27 21:47 . 2013-10-16 18:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll
2013-11-27 21:47 . 2013-10-16 18:18 338944 ----a-w- c:\windows\SysWow64\AdpeakProxy.dll
2013-11-26 21:40 . 2013-11-26 21:40 -------- d-----w- c:\program files\Level Quality Watcher
2013-11-26 08:31 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-14 02:22 . 2013-11-14 02:22 -------- d-----w- c:\program files\TabletPlugins
2013-11-14 02:21 . 2012-11-15 17:41 15776 ----a-w- c:\windows\system32\drivers\wacomrouterfilter.sys
2013-11-14 02:21 . 2012-12-04 00:36 81824 ----a-w- c:\windows\system32\drivers\wachidrouter.sys
2013-11-14 02:21 . 2012-12-04 00:36 13728 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2013-11-13 00:58 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 00:58 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-13 00:58 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-13 00:58 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 00:58 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-13 00:58 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-13 00:58 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-13 00:58 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 00:58 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-10 19:08 . 2013-11-10 19:08 -------- d-----w- c:\users\Debbie\AppData\Local\PlumChoice, Inc
2013-11-10 19:06 . 2013-11-10 19:06 -------- d-----w- c:\program files (x86)\Microsoft WSE
2013-11-08 02:43 . 2013-11-08 02:43 -------- d-----w- c:\windows\SysWow64\Adobe
2013-11-04 22:15 . 2013-11-29 20:47 -------- d-----w- c:\users\Debbie\AppData\Local\ElevatedDiagnostics
2013-11-04 22:10 . 2013-11-29 21:10 -------- d-----w- c:\program files (x86)\Steam
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-03 21:00 . 2012-07-10 05:29 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-12-03 21:00 . 2012-09-17 22:31 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-11-13 22:29 . 2012-05-03 07:35 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 13:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-23 02:54 . 2013-10-23 02:54 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-09 06:01 . 2012-05-03 00:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 06:01 . 2012-05-03 00:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-08 02:30 . 2013-10-09 02:36 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 02:36 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 02:36 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-24 152392]
"WTClient"="WTClient.exe" [2012-05-31 41280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimHid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131202.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131202.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimBus.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 06:01]
.
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000Core.job
- c:\users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17 22:24]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000UA.job
- c:\users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17 22:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-22 12452456]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-07-10 7142400]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768]
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\5d906zl8.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Slender - The Arrival Beta 1.13 - c:\program files (x86)\Blue Isle Studios\Slender - The Arrival Beta\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\rpcnet.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\program files\Tablet\Pen\WacomHost.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-12-03  13:07:02 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-03 21:07
.
Pre-Run: 405,886,435,328 bytes free
Post-Run: 405,536,727,040 bytes free
.
- - End Of File - - A4B5983398B6C07E786F1E842D9F057B
 
 
 
 
 
 
  • Adwcleaner.txt

 

# AdwCleaner v3.014 - Report created 03/12/2013 at 13:12:09
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Debbie - DAREDEVIL
# Running from : C:\Users\Debbie\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Debbie\AppData\Local\filetypeassistant
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v18.0 (en-US)
 
[ File : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\5d906zl8.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [6016 octets] - [01/12/2013 01:56:51]
AdwCleaner[R1].txt - [1142 octets] - [03/12/2013 13:09:57]
AdwCleaner[S0].txt - [5208 octets] - [01/12/2013 01:58:48]
AdwCleaner[S1].txt - [1074 octets] - [03/12/2013 13:12:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1134 octets] ##########
 


#8 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:08:39 AM

Posted 05 December 2013 - 06:31 AM

Hello senaka,
 
Well done.  :)
Please download JRT and FRST, save them on your desktop then follow these steps:
 
1- Run this CFScript

  • Open notepad
  • Copy this code 
    File::
    c:\windows\system32\AdpeakProxy64.dll
    c:\windows\SysWow64\AdpeakProxy.dll
    c:\windows\system32\drivers\lsnfd.sys
    
    Driver::
    lsnfd
    
    ClearJavaCache::
  • Paste it into the notepad file
  • Save the file as CFScript.txt and close it
  • Disable all Antivirus and security programs
  • Drag CFScript.txt and drop it on the ComboFix icon

    CFScriptB-4.gif
     
  • Follow the prompts to start the scan
  • During the scan leave your sick computer alone and do not mouseclick combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished, it will produce and display a report; close it

 

2- Run JRT

  • Shut down your protection software now to avoid potential conflicts
  •  Right click on the JRT icon and select Run As Administrator to run the tool
  • When the black windows open, press any key to continue
  • On completion, the log file JRT.txt is saved to your desktop and will automatically open; close it

 

3- Run FRST

  • Right click on the FRST icon and select Run As Administrator to run the tool
  • When the tool opens click Yes to the disclaimer
  • Check all checkboxes
  • Press Scan button
  • When the scan has finished, two logs called FRST.txt and Addition.txt are saved in the same directory the tool is running from
  • Close the log files and quit FRST

 

In your next reply please post the contents of these files:

  • C:\ComboFix.txt
  • JRT.txt
  • FRST.txt
  • Addition.txt

 

Regards



#9 senaka

senaka
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 December 2013 - 09:51 PM

Thanks, but the FRST link doesn't work.



#10 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:08:39 AM

Posted 06 December 2013 - 06:53 AM

Hi senaka,

 

please try with this other one.

In case you still have problem with the link, you can download the program from here.

 

 

Regards



#11 senaka

senaka
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 06 December 2013 - 08:18 PM

Alright, got it now. Here they are:

 

  • ComboFix.txt
ComboFix 13-12-01.01 - Debbie 6/2013 Fri  16:26:05.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.3932.2528 [GMT -8:00]
Running from: c:\users\Debbie\Desktop\ComboFix.exe
Command switches used :: c:\users\Debbie\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\AdpeakProxy64.dll"
"c:\windows\system32\drivers\lsnfd.sys"
"c:\windows\SysWow64\AdpeakProxy.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LSNFD
-------\Service_lsnfd
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-07 to 2013-12-07  )))))))))))))))))))))))))))))))
.
.
2013-12-07 00:36 . 2013-12-07 00:36 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2013-12-07 00:36 . 2013-12-07 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-06 23:56 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D09CB27E-C7F4-4E3D-A18F-07203F1F6359}\mpengine.dll
2013-12-01 09:56 . 2013-12-03 21:12 -------- d-----w- C:\AdwCleaner
2013-11-27 21:47 . 2013-10-16 18:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll
2013-11-27 21:47 . 2013-10-16 18:18 338944 ----a-w- c:\windows\SysWow64\AdpeakProxy.dll
2013-11-26 08:31 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-14 02:22 . 2013-11-14 02:22 -------- d-----w- c:\program files\TabletPlugins
2013-11-14 02:21 . 2012-11-15 17:41 15776 ----a-w- c:\windows\system32\drivers\wacomrouterfilter.sys
2013-11-14 02:21 . 2012-12-04 00:36 81824 ----a-w- c:\windows\system32\drivers\wachidrouter.sys
2013-11-14 02:21 . 2012-12-04 00:36 13728 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2013-11-13 00:58 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 00:58 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-13 00:58 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-13 00:58 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 00:58 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-13 00:58 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-13 00:58 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-13 00:58 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 00:58 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-10 19:08 . 2013-11-10 19:08 -------- d-----w- c:\users\Debbie\AppData\Local\PlumChoice, Inc
2013-11-10 19:06 . 2013-11-10 19:06 -------- d-----w- c:\program files (x86)\Microsoft WSE
2013-11-08 02:43 . 2013-11-08 02:43 -------- d-----w- c:\windows\SysWow64\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-07 00:37 . 2012-07-10 05:29 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-12-07 00:37 . 2012-09-17 22:31 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-11-13 22:29 . 2012-05-03 07:35 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 13:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-23 02:54 . 2013-10-23 02:54 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-09 06:01 . 2012-05-03 00:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 06:01 . 2012-05-03 00:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-08 02:30 . 2013-10-09 02:36 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 02:36 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 02:36 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-24 152392]
"WTClient"="WTClient.exe" [2012-05-31 41280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimHid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131205.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131205.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimBus.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 06:01]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000Core.job
- c:\users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17 22:24]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000UA.job
- c:\users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17 22:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-22 12452456]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-07-10 7142400]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768]
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\5d906zl8.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Slender - The Arrival Beta 1.13 - c:\program files (x86)\Blue Isle Studios\Slender - The Arrival Beta\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\rpcnet.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\program files\Tablet\Pen\WacomHost.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-12-06  16:43:51 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-07 00:43
ComboFix2.txt  2013-12-03 21:07
.
Pre-Run: 403,794,616,320 bytes free
Post-Run: 403,759,960,064 bytes free
.
- - End Of File - - C829D35968D8DE3D13F2A535FC57DBBD
 
 
  • JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Debbie on 12/06/2013 Fri at 16:45:48.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1511435031-2390956964-748544535-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\syswow64\shoB891.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{0BEFC6C6-1F3F-4C88-A9C5-00C189615CF0}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{1CA936CC-241C-45E3-8F8A-B6E65E141BB3}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{2F6CB43D-25B5-4CF9-A642-94404BA7E94E}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{2F84CF2E-096B-4DC6-87DC-39F91AA5C9F5}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{3BCCD22E-D11E-441F-AE48-376F7477F8F9}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{3C6BF224-F07C-40C4-AA01-FAEE6816A79C}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{44D1CE5A-DFDE-48D2-9750-EF7C33F83345}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{4EE54738-4D82-4B75-AF19-ABBDF4FF6C79}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{5F26DD5A-5226-4978-87F8-A88D7031D7B0}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{626DFA37-50D1-4CC9-966D-A914DCA6ABD3}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{6FA027B3-B80D-4018-A4D4-5245E726CA1F}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{76610861-B32E-4A5B-926D-C30F17E15ADE}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{776B03C8-0EE8-4733-BA53-B1652185727E}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{782C3A69-8FDA-495C-9C52-3BD7232FC599}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{79E11022-9B83-434E-9509-469A16275A4B}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{82905439-285B-49D2-AFA2-176ECFD6A1A5}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{83D778BF-A3DE-4065-AE41-D161C1B634A9}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{95B69849-AB40-4867-B30E-D038395AF158}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{B8FE192F-858C-4151-81CC-29D4420E4E15}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{C6BFEC34-24F2-4239-B3EE-656A616035ED}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{E83A3036-B013-492E-BDD6-29EC9F1F3A3C}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{F2F369AB-7FC0-438D-A63B-221E8FCBCE1C}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{F8EC3C21-D0E8-4B4F-974D-2B11B36CFF33}
Successfully deleted: [Empty Folder] C:\Users\Debbie\appdata\local\{FCBAA034-DF25-4C3F-BA07-DD8B0478A600}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Debbie\AppData\Roaming\mozilla\firefox\profiles\5d906zl8.default\extensions\staged
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/06/2013 Fri at 16:58:11.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
  • FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013
Ran by Debbie (administrator) on DAREDEVIL on 06-12-2013 17:00:49
Running from C:\Users\Debbie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccsvchst.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccsvchst.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163568 2010-11-11] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE [7142400 2012-07-09] (Broadcom Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2909968 2012-03-29] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [WTClient] - C:\Windows\\SysWOW64\WTClient.exe [41280 2012-05-30] (Tablet Driver)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\5d906zl8.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Debbie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Debbie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: greasemonkey - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\5d906zl8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
 
Chrome: 
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=AirInstaller&dpid=AirInstaller&co=US&userid=1bf0ac01-e749-8d2f-75de-173905c44dbc&searchtype=hp&installDate={installDate}
CHR RestoreOnStartup: "hxxp://google.com/"
CHR Extension: (AdBlock) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Google Wallet) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx
 
==================== Services (Whitelisted) =================
 
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE [48128 2012-07-09] (Broadcom Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131205.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131206.002\ENG64.SYS [126040 2013-12-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131206.002\EX64.SYS [2099288 2013-12-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\BCM42RLY.sys 37BB5F4A4A82FC16DAF13232319F2411
C:\Windows\System32\DRIVERS\bcmwl664.sys 0E532956841D7697BAD72B20D4D3EB5B
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys 613883A3BAC6920149C83ED751589433
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bScsiSDa.sys 280E8031E1703CAFF17C7727B74817A5
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys 56685951208AC81CF923B9B08BEDF3B7
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 1B7AA375F711F66D5FF2B855F9EC987F
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7230C8B80DDE1F0524C353240B78CC0E
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidkmdf.sys 46BBE8EA221461A65F18A078528F4B2C
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131205.001\IDSvia64.sys B96F641291378569E8525383FAA183EB
C:\Windows\System32\DRIVERS\igdkmd64.sys 3FB253E8059A1AAC3A8B83A31D094CC5
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 112A84BD9A31C59826AC2979D451F0DA
C:\Windows\System32\DRIVERS\IntcDAud.sys 6C9FFFECA9FED31347D211C5D1FFBD2D
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 3C20F584BEF50C26D1B198039658A80C
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131206.002\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131206.002\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys EE00C544C025958AF50C7B199F3C8595
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PTSimBus.sys CCDFA869C058AF99B0B77A717756F309
C:\Windows\System32\DRIVERS\PTSimHid.sys A8F54446BB467BB8D65E658ADDBDCB3F
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS 2FD9346F9D76CB4192D37329CFA47A82
C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS 0E76CEF892C45734F7AED09FDDF35D4D
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssadbus.sys 8F8324ED1DE63FFC7B1A02CD2D963C72
C:\Windows\System32\DRIVERS\ssadmdfl.sys 58221EFCB74167B73667F0024C661CE0
C:\Windows\System32\DRIVERS\ssadmdm.sys 4DA7C71BFAC5AD71255B7E4CAB980163
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS 52DC0048D667757A8A2E4C87182890AC
C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS 599872BAD7CFB45C7CE47CDED4B726D8
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS F19E5E37ED8134B9E5F6287F2D3A75D7
C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS ADF37F1A715D6C56C8E065FD8569A9A4
C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS 9CDCA70485BD6B9D230365F67C31F132
C:\Windows\System32\DRIVERS\SynTP.sys 0AB09A0DDD3CADDCD61690BF387C4A86
C:\Windows\System32\DRIVERS\TClass2k.sys 2FEF6EA93B449D5052FE294D695ECC78
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\UCTblHid.sys 5925BB28F0A6C89531DB4792BE8F3A9A
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wachidrouter.sys FDA15A0510F84FA46452B74529147A15
C:\Windows\System32\DRIVERS\wacmoumonitor.sys FE75777289278A4941FE6139E82B3BD9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacomrouterfilter.sys EABFDBDC9BEDD325F260A3A9FEE5B3F9
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-06 17:00 - 2013-12-06 17:03 - 00032144 _____ C:\Users\Debbie\Desktop\FRST.txt
2013-12-06 17:00 - 2013-12-06 17:00 - 00000000 ____D C:\FRST
2013-12-06 16:58 - 2013-12-06 16:58 - 00004208 _____ C:\Users\Debbie\Desktop\JRT.txt
2013-12-06 16:45 - 2013-12-06 16:45 - 00000000 ____D C:\Windows\ERUNT
2013-12-06 16:43 - 2013-12-06 16:43 - 00020916 _____ C:\ComboFix.txt
2013-12-06 16:16 - 2013-12-06 16:16 - 01927394 _____ (Farbar) C:\Users\Debbie\Desktop\FRST64.exe
2013-12-05 18:50 - 2013-12-05 18:50 - 01034531 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2013-12-03 13:08 - 2013-12-03 13:09 - 01110034 _____ C:\Users\Debbie\Desktop\AdwCleaner.exe
2013-12-03 12:48 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-03 12:48 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-03 12:48 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-03 12:48 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-03 12:48 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-03 12:48 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-03 12:48 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-03 12:48 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-03 12:38 - 2013-12-06 16:43 - 00000000 ____D C:\Qoobox
2013-12-03 12:38 - 2013-12-06 16:36 - 00000000 ____D C:\Windows\erdnt
2013-12-03 12:31 - 2013-12-03 12:32 - 05151572 ____R (Swearware) C:\Users\Debbie\Desktop\ComboFix.exe
2013-12-01 12:45 - 2013-12-01 12:45 - 00022222 _____ C:\Users\Debbie\Desktop\dds.txt
2013-12-01 12:45 - 2013-12-01 12:45 - 00007650 _____ C:\Users\Debbie\Desktop\attach.txt
2013-12-01 12:43 - 2013-12-01 12:43 - 00688992 ____R (Swearware) C:\Users\Debbie\Desktop\dds.com
2013-12-01 01:56 - 2013-12-03 13:12 - 00000000 ____D C:\AdwCleaner
2013-11-29 13:07 - 2013-11-29 13:07 - 00000970 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-27 13:47 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-27 13:47 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-26 00:31 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-26 00:27 - 2013-11-26 00:27 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 00:27 - 2013-11-26 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 00:27 - 2013-11-26 00:27 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 00:27 - 2013-11-26 00:27 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 00:27 - 2013-11-26 00:27 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 00:27 - 2013-11-26 00:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 00:27 - 2013-11-26 00:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 00:27 - 2013-11-26 00:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 00:27 - 2013-11-26 00:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 00:27 - 2013-11-26 00:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 00:27 - 2013-11-26 00:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-19 16:28 - 2013-11-26 00:31 - 00012409 _____ C:\Windows\IE11_main.log
2013-11-13 18:22 - 2013-11-13 18:22 - 00000000 ____D C:\Program Files\TabletPlugins
2013-11-13 18:21 - 2013-11-13 18:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2013-11-13 18:21 - 2012-12-03 16:36 - 00081824 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2013-11-13 18:21 - 2012-12-03 16:36 - 00013728 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2013-11-13 18:21 - 2012-11-15 09:41 - 00015776 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2013-11-13 18:04 - 2013-11-13 18:04 - 00000116 _____ C:\Windows\wininit.ini
2013-11-13 16:11 - 2013-11-13 16:11 - 00001140 _____ C:\Users\Debbie\Desktop\TabCfg - Shortcut.lnk
2013-11-13 14:54 - 2013-11-13 14:54 - 00000277 _____ C:\Windows\Tablet8000x5000M.ini
2013-11-13 14:36 - 2013-11-13 14:40 - 00000000 ____D C:\Program Files (x86)\TABLET
2013-11-13 14:36 - 2013-11-13 14:36 - 00000000 ____D C:\Windows\SysWOW64\TabletPmt
2013-11-13 14:36 - 2012-05-30 20:09 - 00763736 _____ (Pen Tablet) C:\Windows\SysWOW64\tabcfg.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00763736 _____ (Pen Tablet) C:\Windows\system32\tabcfg.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00440128 _____ (TODO: <公司名稱>) C:\Windows\SysWOW64\DoExec.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00241472 _____ C:\Windows\SysWOW64\MyDrawLineWindowDll.dll
2013-11-13 14:36 - 2012-05-30 20:09 - 00082240 _____ (Tablet Driver) C:\Windows\system32\Drivers\WTSrv.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00075584 _____ () C:\Windows\system32\UCMfg.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00045376 _____ C:\Windows\SysWOW64\lhtool.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00041280 _____ (Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00041280 _____ (Tablet Driver) C:\Windows\system32\WTClient.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00032576 _____ (Tablet Driver) C:\Windows\system32\Drivers\TClass2k.sys
2013-11-13 14:36 - 2012-05-30 20:09 - 00032576 _____ (PenTablet Driver) C:\Windows\system32\Drivers\PTSimBus.sys
2013-11-13 14:36 - 2012-05-30 20:09 - 00027968 _____ (Tablet Driver) C:\Windows\system32\Drivers\UCTblHid.sys
2013-11-13 14:36 - 2012-05-30 20:09 - 00022336 _____ C:\Windows\system32\ucinst32.dll
2013-11-13 14:36 - 2012-05-30 20:09 - 00022336 _____ (PenTablet Driver) C:\Windows\system32\Drivers\PTSimHid.sys
2013-11-13 14:36 - 2012-05-30 20:09 - 00010627 _____ C:\Windows\system32\Tablet2k_x64.cat
2013-11-13 14:36 - 2012-05-30 20:09 - 00009199 _____ C:\Windows\system32\PTSimHid_x64.cat
2013-11-13 14:36 - 2012-05-30 20:09 - 00009199 _____ C:\Windows\system32\PTSimBus_x64.cat
2013-11-13 14:36 - 2012-02-27 17:23 - 00058712 _____ (Pen Tablet) C:\Windows\system32\pcpanel.cpl
2013-11-13 14:36 - 2012-02-27 15:57 - 00061784 _____ (Pen Tablet) C:\Windows\SysWOW64\pcpanel.cpl
2013-11-13 14:36 - 2011-11-23 12:36 - 00344472 _____ () C:\Windows\SetupX32.EXE
2013-11-13 14:36 - 2002-04-25 10:25 - 00000056 _____ C:\Windows\SysWOW64\Desk.scf
2013-11-12 16:58 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 16:58 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 16:58 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 16:58 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 16:58 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 16:58 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 16:58 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 16:58 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 16:58 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 16:57 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 16:57 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 16:57 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 16:57 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 16:57 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 16:57 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 16:57 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 16:57 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 16:57 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 16:57 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 16:57 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 16:57 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 16:57 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 16:57 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 16:57 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 16:57 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 16:57 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 16:57 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 16:57 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 16:57 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 16:57 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 11:08 - 2013-11-10 11:08 - 00000000 ____D C:\Users\Debbie\AppData\Local\PlumChoice, Inc
2013-11-10 11:06 - 2013-11-10 11:06 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2013-11-08 13:37 - 2013-11-08 13:37 - 00000258 __RSH C:\Users\Debbie\ntuser.pol
2013-11-07 18:43 - 2013-11-07 18:43 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-11-06 17:34 - 2013-11-06 17:34 - 00000000 ____D C:\Users\Debbie\Documents\Symantec
 
==================== One Month Modified Files and Folders =======
 
2013-12-06 17:03 - 2013-12-06 17:00 - 00032144 _____ C:\Users\Debbie\Desktop\FRST.txt
2013-12-06 17:00 - 2013-12-06 17:00 - 00000000 ____D C:\FRST
2013-12-06 16:58 - 2013-12-06 16:58 - 00004208 _____ C:\Users\Debbie\Desktop\JRT.txt
2013-12-06 16:58 - 2012-05-02 16:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-06 16:46 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-06 16:46 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-06 16:45 - 2013-12-06 16:45 - 00000000 ____D C:\Windows\ERUNT
2013-12-06 16:43 - 2013-12-06 16:43 - 00020916 _____ C:\ComboFix.txt
2013-12-06 16:43 - 2013-12-03 12:38 - 00000000 ____D C:\Qoobox
2013-12-06 16:42 - 2012-07-09 21:33 - 01654313 _____ C:\Windows\WindowsUpdate.log
2013-12-06 16:42 - 2009-07-13 21:13 - 00727334 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-06 16:38 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-06 16:37 - 2012-09-17 14:31 - 00058288 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-12-06 16:37 - 2012-07-09 21:29 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2013-12-06 16:37 - 2010-11-20 19:47 - 00123036 _____ C:\Windows\PFRO.log
2013-12-06 16:37 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-06 16:37 - 2009-07-13 20:51 - 00128558 _____ C:\Windows\setupact.log
2013-12-06 16:36 - 2013-12-03 12:38 - 00000000 ____D C:\Windows\erdnt
2013-12-06 16:36 - 2009-07-13 18:34 - 64946176 _____ C:\Windows\system32\config\software.bak
2013-12-06 16:36 - 2009-07-13 18:34 - 18087936 _____ C:\Windows\system32\config\system.bak
2013-12-06 16:36 - 2009-07-13 18:34 - 00258048 _____ C:\Windows\system32\config\default.bak
2013-12-06 16:36 - 2009-07-13 18:34 - 00057344 _____ C:\Windows\system32\config\sam.bak
2013-12-06 16:36 - 2009-07-13 18:34 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-12-06 16:16 - 2013-12-06 16:16 - 01927394 _____ (Farbar) C:\Users\Debbie\Desktop\FRST64.exe
2013-12-06 16:16 - 2012-09-17 14:24 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000UA.job
2013-12-06 16:16 - 2012-09-17 14:24 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000Core.job
2013-12-05 18:50 - 2013-12-05 18:50 - 01034531 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2013-12-05 00:55 - 2012-09-17 22:26 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\SoftGrid Client
2013-12-05 00:47 - 2012-09-18 05:16 - 00060728 _____ C:\Users\Debbie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-04 16:20 - 2012-09-17 14:30 - 00002378 _____ C:\Users\Debbie\Desktop\Google Chrome.lnk
2013-12-04 16:11 - 2012-09-17 14:24 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000UA
2013-12-04 16:11 - 2012-09-17 14:24 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000Core
2013-12-03 14:27 - 2013-01-28 20:41 - 00000000 ____D C:\Users\Debbie\Desktop\Photoshop
2013-12-03 13:12 - 2013-12-01 01:56 - 00000000 ____D C:\AdwCleaner
2013-12-03 13:09 - 2013-12-03 13:08 - 01110034 _____ C:\Users\Debbie\Desktop\AdwCleaner.exe
2013-12-03 12:32 - 2013-12-03 12:31 - 05151572 ____R (Swearware) C:\Users\Debbie\Desktop\ComboFix.exe
2013-12-03 12:32 - 2012-12-20 13:20 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-12-03 00:25 - 2013-05-20 19:57 - 00000000 ____D C:\Users\Debbie\Desktop\Average Problems of Average People
2013-12-01 12:45 - 2013-12-01 12:45 - 00022222 _____ C:\Users\Debbie\Desktop\dds.txt
2013-12-01 12:45 - 2013-12-01 12:45 - 00007650 _____ C:\Users\Debbie\Desktop\attach.txt
2013-12-01 12:43 - 2013-12-01 12:43 - 00688992 ____R (Swearware) C:\Users\Debbie\Desktop\dds.com
2013-12-01 12:33 - 2013-08-16 13:05 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\BitTorrent
2013-12-01 12:31 - 2012-09-18 05:16 - 00000000 ___RD C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-01 02:26 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-01 02:25 - 2012-09-18 05:16 - 00000000 ____D C:\Users\Debbie
2013-12-01 01:58 - 2013-01-15 17:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-29 13:10 - 2013-11-04 14:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-29 13:07 - 2013-11-29 13:07 - 00000970 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-26 10:40 - 2012-09-18 05:16 - 00001420 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 10:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-26 00:31 - 2013-11-19 16:28 - 00012409 _____ C:\Windows\IE11_main.log
2013-11-26 00:27 - 2013-11-26 00:27 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 00:27 - 2013-11-26 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 00:27 - 2013-11-26 00:27 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 00:27 - 2013-11-26 00:27 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 00:27 - 2013-11-26 00:27 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 00:27 - 2013-11-26 00:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 00:27 - 2013-11-26 00:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 00:27 - 2013-11-26 00:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 00:27 - 2013-11-26 00:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 00:27 - 2013-11-26 00:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 00:27 - 2013-11-26 00:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-18 00:45 - 2012-10-18 16:43 - 00000000 ____D C:\Users\Debbie\AppData\Local\Apple Computer
2013-11-18 00:44 - 2012-11-20 20:52 - 00000000 ____D C:\Users\Debbie\AppData\Local\CrashDumps
2013-11-13 18:22 - 2013-11-13 18:22 - 00000000 ____D C:\Program Files\TabletPlugins
2013-11-13 18:22 - 2012-10-09 21:38 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-11-13 18:21 - 2013-11-13 18:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2013-11-13 18:21 - 2012-10-09 21:38 - 00000000 ____D C:\Program Files\Tablet
2013-11-13 18:04 - 2013-11-13 18:04 - 00000116 _____ C:\Windows\wininit.ini
2013-11-13 16:11 - 2013-11-13 16:11 - 00001140 _____ C:\Users\Debbie\Desktop\TabCfg - Shortcut.lnk
2013-11-13 14:54 - 2013-11-13 14:54 - 00000277 _____ C:\Windows\Tablet8000x5000M.ini
2013-11-13 14:40 - 2013-11-13 14:36 - 00000000 ____D C:\Program Files (x86)\TABLET
2013-11-13 14:36 - 2013-11-13 14:36 - 00000000 ____D C:\Windows\SysWOW64\TabletPmt
2013-11-13 14:33 - 2013-07-23 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 14:29 - 2012-05-02 23:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2010-11-20 19:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 19:24 - 2013-01-28 20:54 - 00001456 _____ C:\Users\Debbie\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-11-10 11:08 - 2013-11-10 11:08 - 00000000 ____D C:\Users\Debbie\AppData\Local\PlumChoice, Inc
2013-11-10 11:06 - 2013-11-10 11:06 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2013-11-08 14:16 - 2012-12-20 13:20 - 00000000 ____D C:\Program Files (x86)\BitZipper
2013-11-08 13:37 - 2013-11-08 13:37 - 00000258 __RSH C:\Users\Debbie\ntuser.pol
2013-11-08 13:37 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-08 13:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-11-07 18:43 - 2013-11-07 18:43 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-11-06 17:34 - 2013-11-06 17:34 - 00000000 ____D C:\Users\Debbie\Documents\Symantec
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {ccc61b1a-ca57-11e1-b2b4-cba082dba6fd}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {ccc61b1c-ca57-11e1-b2b4-cba082dba6fd}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {ccc61b1a-ca57-11e1-b2b4-cba082dba6fd}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {ccc61b1c-ca57-11e1-b2b4-cba082dba6fd}
device                  ramdisk=[C:]\Recovery\ccc61b1c-ca57-11e1-b2b4-cba082dba6fd\Winre.wim,{ccc61b1d-ca57-11e1-b2b4-cba082dba6fd}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\ccc61b1c-ca57-11e1-b2b4-cba082dba6fd\Winre.wim,{ccc61b1d-ca57-11e1-b2b4-cba082dba6fd}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {ccc61b1a-ca57-11e1-b2b4-cba082dba6fd}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {ccc61b1d-ca57-11e1-b2b4-cba082dba6fd}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\ccc61b1c-ca57-11e1-b2b4-cba082dba6fd\boot.sdi
 
 
 
LastRegBack: 2013-08-16 15:04
 
==================== End Of Log ============================
 
 
  • Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2013
Ran by Debbie at 2013-12-06 17:04:07
Running from C:\Users\Debbie\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 Premier Edition (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Acer Crystal Eye Webcam (x32 Version: 1.5.2728.00)
Acer ePower Management (x32 Version: 6.00.3010)
Acer eRecovery Management (x32 Version: 5.00.3508)
Acer Updater (x32 Version: 1.02.3501)
Adobe AIR (x32 Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.5.146)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.2 (x32 Version: 2.0.2)
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 15.0.7.2)
Broadcom NetLink Controller (Version: 15.2.5.1)
Broadcom Wireless Utility (Version: 5.100.196.11)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
D3DX10 (x32 Version: 15.4.2368.0902)
Façade (x32 Version: 1.1.2)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (HKCU Version: 31.0.1650.63)
iCloud (Version: 3.0.2.163)
Identity Card (x32 Version: 1.00.3501)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 8.0.2.1410)
Intel® OpenCL CPU Runtime (x32)
Intel® Processor Graphics (x32 Version: 8.15.10.2712)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
iTunes (Version: 11.1.2.32)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.1.15)
Level Quality Watcher (x32 Version: 1.0.0.0) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 18.0 (x86 en-US) (x32 Version: 18.0)
Mozilla Maintenance Service (x32 Version: 18.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Norton 360 Premier Edition (x32 Version: 20.4.0.40)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6577)
Skype™ 6.6 (x32 Version: 6.6.106)
Slender - The Arrival Beta 1.13 (x32 Version: 1.13)
Steam (x32)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.1.0.0)
Tablet Driver V7.0 (x32)
Team Fortress 2 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Wacom (Version: 5.3.2-1)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.07.1404.01)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
Zune (Version: 04.07.1404.01)
Zune Language Pack (DEU) (Version: 04.07.1404.01)
Zune Language Pack (ESP) (Version: 04.07.1404.01)
Zune Language Pack (FRA) (Version: 04.07.1404.01)
Zune Language Pack (ITA) (Version: 04.07.1404.01)
Zune Language Pack (NLD) (Version: 04.07.1404.01)
Zune Language Pack (PTB) (Version: 04.07.1404.01)
Zune Language Pack (PTG) (Version: 04.07.1404.01)
 
==================== Restore Points  =========================
 
13-11-2013 22:37:14 Device Driver Package Install: PenTablet Human Interface Devices
13-11-2013 22:38:06 Device Driver Package Install: PenTablet System devices
17-11-2013 20:15:49 Windows Update
20-11-2013 00:27:34 Windows Update
23-11-2013 21:11:34 Windows Update
26-11-2013 08:25:44 Windows Update
29-11-2013 20:15:38 Windows Update
01-12-2013 09:48:20 Removed ScorpionSaver Services
01-12-2013 10:02:48 Removed ScorpionSaver
01-12-2013 10:04:25 Removed ScorpionSaver
01-12-2013 20:30:37 Removed Cox PC HealthCheck
01-12-2013 20:34:30 Removed Façade
01-12-2013 20:35:35 Removed Façade
01-12-2013 20:36:50 Removed Façade
01-12-2013 20:38:18 Removed Façade
01-12-2013 20:39:20 Removed Livestream Procaster
03-12-2013 20:48:09 ComboFix created restore point
04-12-2013 01:00:24 Windows Update
07-12-2013 00:23:15 ComboFix created restore point
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2013-12-06 16:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {164AFEFC-4FCD-4AB7-B566-AA72740900D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {1D06ED55-BB92-487B-8BBE-D5A5DC118C75} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {3ABDF563-AFD7-4DB5-81E4-0103C6D2F3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000UA => C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {6BE8CB34-52A9-4D72-A2CE-B7B2AC5B736C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
Task: {73421D78-902C-46A2-A6D1-DB0727628C4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {952E8C23-EA33-4F26-AF0B-79FE744CB9AE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {CCDB1C7C-BA32-4F03-BDFA-E8A9929640EE} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {DA87149B-05AF-4619-9D4F-E0507AC47A35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000Core => C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000Core.job => C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000UA.job => C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-09 21:38 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-13 10:16 - 2012-05-30 06:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360 PREMIER EDITION\ENGINE\20.4.0.40\wincfi39.dll
2013-08-14 12:24 - 2013-08-14 12:24 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-05-02 02:43 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-09 21:42 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 3932.36 MB
Available physical RAM: 2670.07 MB
Total Pagefile: 7862.9 MB
Available Pagefile: 6573.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:449.66 GB) (Free:376 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5938CB44)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#12 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:08:39 AM

Posted 09 December 2013 - 01:17 PM

Hi senaka :)
 
Now please follow these steps: 
 
1- Unistall unwanted software

  • click on the Start button => Control Panel => click on Programs icon
  • double click on Level Quality Watcher entry and then click Yes
  • double click on Snap.do entry and then click Yes 
  • if you see in the list something related to Adpeak, double click on it and then click Yes 
  • double click on Java 7 Update 11 (64-bit) (Version: 7.0.110) entry and then click Yes
  • close Control Panel

 

2- Reset Chrome Home Page 
 
It seems your home page has been recently hijacked.
Please open Chrome then follow these instructions to reset your home page.
As address just for now you can put www.google.com, or if you want you can put an address of your choice.
 
 
3- Run a FRST Fix

  • Download the attached fixlist.txt file and save it to your Desktop 
  • Right click on the FRST icon and select Run As Administrator to run the tool
  • Press the Fix button
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate the Fixlog.txt file on the Desktop; close it​

 

4- Run ESET Online Scanner (<= Please notice that it may take long time)

  • Hold down Control and click on this link to open ESET OnlineScan in a new window
  • Click the esetonlinebtn.png button
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer and save it to your desktop
    • Double click on the esetsmartinstaller_enu.png icon on your desktop
  • Check "YES, I accept the Terms of Use."
  • Click the Start button
  • Accept any security warnings from your browser
  • Under scan settings, check Scan Archives and Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan
  • Click the Back button
  • Click the Finish button

 

5- Run a FRST scan

  • Right click on the FRST icon and select Run As Administrator to run the tool
  • When the tool opens click Yes to the disclaimer
  • Press Scan button
  • When the scan has finished, the FRST.txt file will open; please close it
  • Close the log files and quit FRST

 

In your next reply please post the contents of these files:

  • Fixlog.txt
  • the ESET scanlog
  • FRST.txt
  • Addition.txt

 

Regards

Attached Files


Edited by Clairvoyant, 09 December 2013 - 01:19 PM.


#13 senaka

senaka
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 10 December 2013 - 07:29 PM

When I went to uninstall software, the only ones I've found was the java 64bit, but i made sure to uninstall that.

 

  • Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2013
Ran by Debbie at 2013-12-10 13:07:08 Run:1
Running from C:\Users\Debbie\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
2013-11-27 13:47 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-27 13:47 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-12-03 12:32 - 2012-12-20 13:20 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
*****************
 
C:\Windows\system32\AdpeakProxy64.dll => Moved successfully.
C:\Windows\SysWOW64\AdpeakProxy.dll => Moved successfully.
C:\Program Files (x86)\File Type Assistant => Moved successfully.
 
==== End of Fixlog ====
 
 
 
 
  • ESET Scanlog
 
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir a variant of Win32/AdWare.Adpeak.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir a variant of Win64/Adware.Adpeak.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\nsprotector.js.vir Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\CltMngSvc.exe.vir Win32/Conduit.SearchProtect.E application cleaned by deleting - quarantined
C:\Windows\Installer\29244d.msi a variant of Win64/Adware.Adpeak.B application deleted - quarantined
C:\Windows\Installer\MSI35A7.tmp a variant of Win64/Adware.Adpeak.B application cleaned by deleting - quarantined
 

 

 

 

  • FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2013 01
Ran by Debbie (administrator) on DAREDEVIL on 10-12-2013 15:54:51
Running from C:\Users\Debbie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccsvchst.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccsvchst.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163568 2010-11-11] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE [7142400 2012-07-09] (Broadcom Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2909968 2012-03-29] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [WTClient] - C:\Windows\\SysWOW64\WTClient.exe [41280 2012-05-30] (Tablet Driver)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\5d906zl8.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Debbie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Debbie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: greasemonkey - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\5d906zl8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR RestoreOnStartup: "hxxp://google.com/"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (AdBlock) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Google Wallet) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx
 
==================== Services (Whitelisted) =================
 
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE [48128 2012-07-09] (Broadcom Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131207.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131210.004\ENG64.SYS [126040 2013-12-04] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131210.004\EX64.SYS [2099288 2013-12-04] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-10 13:09 - 2013-12-10 13:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-10 13:08 - 2013-12-10 13:08 - 02347384 _____ (ESET) C:\Users\Debbie\Desktop\esetsmartinstaller_enu.exe
2013-12-10 13:06 - 2013-12-10 15:54 - 00000000 ____D C:\Users\Debbie\Desktop\FRST-OlderVersion
2013-12-06 17:04 - 2013-12-06 17:04 - 00012826 _____ C:\Users\Debbie\Desktop\Addition.txt
2013-12-06 17:00 - 2013-12-10 15:54 - 00015250 _____ C:\Users\Debbie\Desktop\FRST.txt
2013-12-06 17:00 - 2013-12-10 15:54 - 00000000 ____D C:\FRST
2013-12-06 16:58 - 2013-12-06 16:58 - 00004208 _____ C:\Users\Debbie\Desktop\JRT.txt
2013-12-06 16:45 - 2013-12-06 16:45 - 00000000 ____D C:\Windows\ERUNT
2013-12-06 16:43 - 2013-12-06 16:43 - 00020916 _____ C:\ComboFix.txt
2013-12-06 16:16 - 2013-12-10 15:54 - 01928212 _____ (Farbar) C:\Users\Debbie\Desktop\FRST64.exe
2013-12-05 18:50 - 2013-12-05 18:50 - 01034531 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2013-12-03 13:08 - 2013-12-03 13:09 - 01110034 _____ C:\Users\Debbie\Desktop\AdwCleaner.exe
2013-12-03 12:48 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-03 12:48 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-03 12:48 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-03 12:48 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-03 12:48 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-03 12:48 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-03 12:48 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-03 12:48 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-03 12:38 - 2013-12-06 16:43 - 00000000 ____D C:\Qoobox
2013-12-03 12:38 - 2013-12-06 16:36 - 00000000 ____D C:\Windows\erdnt
2013-12-03 12:31 - 2013-12-03 12:32 - 05151572 ____R (Swearware) C:\Users\Debbie\Desktop\ComboFix.exe
2013-12-01 12:45 - 2013-12-01 12:45 - 00022222 _____ C:\Users\Debbie\Desktop\dds.txt
2013-12-01 12:45 - 2013-12-01 12:45 - 00007650 _____ C:\Users\Debbie\Desktop\attach.txt
2013-12-01 12:43 - 2013-12-01 12:43 - 00688992 ____R (Swearware) C:\Users\Debbie\Desktop\dds.com
2013-12-01 01:56 - 2013-12-03 13:12 - 00000000 ____D C:\AdwCleaner
2013-11-29 13:07 - 2013-11-29 13:07 - 00000970 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-26 00:31 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-26 00:27 - 2013-11-26 00:27 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 00:27 - 2013-11-26 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 00:27 - 2013-11-26 00:27 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 00:27 - 2013-11-26 00:27 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 00:27 - 2013-11-26 00:27 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 00:27 - 2013-11-26 00:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 00:27 - 2013-11-26 00:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 00:27 - 2013-11-26 00:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 00:27 - 2013-11-26 00:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 00:27 - 2013-11-26 00:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 00:27 - 2013-11-26 00:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-19 16:28 - 2013-11-26 00:31 - 00012409 _____ C:\Windows\IE11_main.log
2013-11-13 18:22 - 2013-11-13 18:22 - 00000000 ____D C:\Program Files\TabletPlugins
2013-11-13 18:21 - 2013-11-13 18:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2013-11-13 18:21 - 2012-12-03 16:36 - 00081824 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2013-11-13 18:21 - 2012-12-03 16:36 - 00013728 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2013-11-13 18:21 - 2012-11-15 09:41 - 00015776 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2013-11-13 18:04 - 2013-11-13 18:04 - 00000116 _____ C:\Windows\wininit.ini
2013-11-13 16:11 - 2013-11-13 16:11 - 00001140 _____ C:\Users\Debbie\Desktop\TabCfg - Shortcut.lnk
2013-11-13 14:54 - 2013-11-13 14:54 - 00000277 _____ C:\Windows\Tablet8000x5000M.ini
2013-11-13 14:36 - 2013-11-13 14:40 - 00000000 ____D C:\Program Files (x86)\TABLET
2013-11-13 14:36 - 2013-11-13 14:36 - 00000000 ____D C:\Windows\SysWOW64\TabletPmt
2013-11-13 14:36 - 2012-05-30 20:09 - 00763736 _____ (Pen Tablet) C:\Windows\SysWOW64\tabcfg.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00763736 _____ (Pen Tablet) C:\Windows\system32\tabcfg.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00440128 _____ (TODO: <公司名稱>) C:\Windows\SysWOW64\DoExec.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00241472 _____ C:\Windows\SysWOW64\MyDrawLineWindowDll.dll
2013-11-13 14:36 - 2012-05-30 20:09 - 00082240 _____ (Tablet Driver) C:\Windows\system32\Drivers\WTSrv.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00075584 _____ () C:\Windows\system32\UCMfg.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00045376 _____ C:\Windows\SysWOW64\lhtool.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00041280 _____ (Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00041280 _____ (Tablet Driver) C:\Windows\system32\WTClient.exe
2013-11-13 14:36 - 2012-05-30 20:09 - 00032576 _____ (Tablet Driver) C:\Windows\system32\Drivers\TClass2k.sys
2013-11-13 14:36 - 2012-05-30 20:09 - 00032576 _____ (PenTablet Driver) C:\Windows\system32\Drivers\PTSimBus.sys
2013-11-13 14:36 - 2012-05-30 20:09 - 00027968 _____ (Tablet Driver) C:\Windows\system32\Drivers\UCTblHid.sys
2013-11-13 14:36 - 2012-05-30 20:09 - 00022336 _____ C:\Windows\system32\ucinst32.dll
2013-11-13 14:36 - 2012-05-30 20:09 - 00022336 _____ (PenTablet Driver) C:\Windows\system32\Drivers\PTSimHid.sys
2013-11-13 14:36 - 2012-05-30 20:09 - 00010627 _____ C:\Windows\system32\Tablet2k_x64.cat
2013-11-13 14:36 - 2012-05-30 20:09 - 00009199 _____ C:\Windows\system32\PTSimHid_x64.cat
2013-11-13 14:36 - 2012-05-30 20:09 - 00009199 _____ C:\Windows\system32\PTSimBus_x64.cat
2013-11-13 14:36 - 2012-02-27 17:23 - 00058712 _____ (Pen Tablet) C:\Windows\system32\pcpanel.cpl
2013-11-13 14:36 - 2012-02-27 15:57 - 00061784 _____ (Pen Tablet) C:\Windows\SysWOW64\pcpanel.cpl
2013-11-13 14:36 - 2011-11-23 12:36 - 00344472 _____ () C:\Windows\SetupX32.EXE
2013-11-13 14:36 - 2002-04-25 10:25 - 00000056 _____ C:\Windows\SysWOW64\Desk.scf
2013-11-12 16:58 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 16:58 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 16:58 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 16:58 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 16:58 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 16:58 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 16:58 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 16:58 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 16:58 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 16:57 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 16:57 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 16:57 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 16:57 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 16:57 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 16:57 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 16:57 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 16:57 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 16:57 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 16:57 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 16:57 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 16:57 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 16:57 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 16:57 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 16:57 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 16:57 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 16:57 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 16:57 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 16:57 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 16:57 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 16:57 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 11:08 - 2013-11-10 11:08 - 00000000 ____D C:\Users\Debbie\AppData\Local\PlumChoice, Inc
2013-11-10 11:06 - 2013-11-10 11:06 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
 
==================== One Month Modified Files and Folders =======
 
2013-12-10 15:57 - 2013-12-06 17:00 - 00015250 _____ C:\Users\Debbie\Desktop\FRST.txt
2013-12-10 15:54 - 2013-12-10 13:06 - 00000000 ____D C:\Users\Debbie\Desktop\FRST-OlderVersion
2013-12-10 15:54 - 2013-12-06 17:00 - 00000000 ____D C:\FRST
2013-12-10 15:54 - 2013-12-06 16:16 - 01928212 _____ (Farbar) C:\Users\Debbie\Desktop\FRST64.exe
2013-12-10 15:16 - 2012-09-17 14:24 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000UA.job
2013-12-10 14:58 - 2012-05-02 16:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 14:52 - 2012-07-09 21:33 - 01790965 _____ C:\Windows\WindowsUpdate.log
2013-12-10 13:59 - 2012-05-02 16:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 13:59 - 2012-05-02 16:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 13:59 - 2012-05-02 16:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 13:09 - 2013-12-10 13:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-10 13:08 - 2013-12-10 13:08 - 02347384 _____ (ESET) C:\Users\Debbie\Desktop\esetsmartinstaller_enu.exe
2013-12-10 12:46 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 12:46 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 12:43 - 2009-07-13 21:13 - 00727334 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 12:39 - 2012-09-17 14:31 - 00058288 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-12-10 12:39 - 2012-07-09 21:29 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2013-12-10 12:39 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 12:39 - 2009-07-13 20:51 - 00128726 _____ C:\Windows\setupact.log
2013-12-06 21:51 - 2012-09-17 22:26 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\SoftGrid Client
2013-12-06 21:50 - 2013-05-20 19:57 - 00000000 ____D C:\Users\Debbie\Desktop\APAP
2013-12-06 21:48 - 2009-07-13 21:08 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-06 17:04 - 2013-12-06 17:04 - 00012826 _____ C:\Users\Debbie\Desktop\Addition.txt
2013-12-06 16:58 - 2013-12-06 16:58 - 00004208 _____ C:\Users\Debbie\Desktop\JRT.txt
2013-12-06 16:45 - 2013-12-06 16:45 - 00000000 ____D C:\Windows\ERUNT
2013-12-06 16:43 - 2013-12-06 16:43 - 00020916 _____ C:\ComboFix.txt
2013-12-06 16:43 - 2013-12-03 12:38 - 00000000 ____D C:\Qoobox
2013-12-06 16:38 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-06 16:37 - 2010-11-20 19:47 - 00123036 _____ C:\Windows\PFRO.log
2013-12-06 16:36 - 2013-12-03 12:38 - 00000000 ____D C:\Windows\erdnt
2013-12-06 16:36 - 2009-07-13 18:34 - 64946176 _____ C:\Windows\system32\config\software.bak
2013-12-06 16:36 - 2009-07-13 18:34 - 18087936 _____ C:\Windows\system32\config\system.bak
2013-12-06 16:36 - 2009-07-13 18:34 - 00258048 _____ C:\Windows\system32\config\default.bak
2013-12-06 16:36 - 2009-07-13 18:34 - 00057344 _____ C:\Windows\system32\config\sam.bak
2013-12-06 16:36 - 2009-07-13 18:34 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-12-06 16:16 - 2012-09-17 14:24 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000Core.job
2013-12-05 18:50 - 2013-12-05 18:50 - 01034531 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2013-12-05 00:47 - 2012-09-18 05:16 - 00060728 _____ C:\Users\Debbie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-04 16:20 - 2012-09-17 14:30 - 00002378 _____ C:\Users\Debbie\Desktop\Google Chrome.lnk
2013-12-04 16:11 - 2012-09-17 14:24 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000UA
2013-12-04 16:11 - 2012-09-17 14:24 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000Core
2013-12-03 14:27 - 2013-01-28 20:41 - 00000000 ____D C:\Users\Debbie\Desktop\Photoshop
2013-12-03 13:12 - 2013-12-01 01:56 - 00000000 ____D C:\AdwCleaner
2013-12-03 13:09 - 2013-12-03 13:08 - 01110034 _____ C:\Users\Debbie\Desktop\AdwCleaner.exe
2013-12-03 12:32 - 2013-12-03 12:31 - 05151572 ____R (Swearware) C:\Users\Debbie\Desktop\ComboFix.exe
2013-12-01 12:45 - 2013-12-01 12:45 - 00022222 _____ C:\Users\Debbie\Desktop\dds.txt
2013-12-01 12:45 - 2013-12-01 12:45 - 00007650 _____ C:\Users\Debbie\Desktop\attach.txt
2013-12-01 12:43 - 2013-12-01 12:43 - 00688992 ____R (Swearware) C:\Users\Debbie\Desktop\dds.com
2013-12-01 12:33 - 2013-08-16 13:05 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\BitTorrent
2013-12-01 12:31 - 2012-09-18 05:16 - 00000000 ___RD C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-01 02:26 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-01 02:25 - 2012-09-18 05:16 - 00000000 ____D C:\Users\Debbie
2013-12-01 01:58 - 2013-01-15 17:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-29 13:10 - 2013-11-04 14:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-29 13:07 - 2013-11-29 13:07 - 00000970 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-26 10:40 - 2012-09-18 05:16 - 00001420 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 10:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-26 00:31 - 2013-11-19 16:28 - 00012409 _____ C:\Windows\IE11_main.log
2013-11-26 00:27 - 2013-11-26 00:27 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 00:27 - 2013-11-26 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 00:27 - 2013-11-26 00:27 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 00:27 - 2013-11-26 00:27 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 00:27 - 2013-11-26 00:27 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 00:27 - 2013-11-26 00:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 00:27 - 2013-11-26 00:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 00:27 - 2013-11-26 00:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 00:27 - 2013-11-26 00:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 00:27 - 2013-11-26 00:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 00:27 - 2013-11-26 00:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 00:27 - 2013-11-26 00:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 00:27 - 2013-11-26 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-18 00:45 - 2012-10-18 16:43 - 00000000 ____D C:\Users\Debbie\AppData\Local\Apple Computer
2013-11-18 00:44 - 2012-11-20 20:52 - 00000000 ____D C:\Users\Debbie\AppData\Local\CrashDumps
2013-11-13 18:22 - 2013-11-13 18:22 - 00000000 ____D C:\Program Files\TabletPlugins
2013-11-13 18:22 - 2012-10-09 21:38 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-11-13 18:21 - 2013-11-13 18:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2013-11-13 18:21 - 2012-10-09 21:38 - 00000000 ____D C:\Program Files\Tablet
2013-11-13 18:04 - 2013-11-13 18:04 - 00000116 _____ C:\Windows\wininit.ini
2013-11-13 16:11 - 2013-11-13 16:11 - 00001140 _____ C:\Users\Debbie\Desktop\TabCfg - Shortcut.lnk
2013-11-13 14:54 - 2013-11-13 14:54 - 00000277 _____ C:\Windows\Tablet8000x5000M.ini
2013-11-13 14:40 - 2013-11-13 14:36 - 00000000 ____D C:\Program Files (x86)\TABLET
2013-11-13 14:36 - 2013-11-13 14:36 - 00000000 ____D C:\Windows\SysWOW64\TabletPmt
2013-11-13 14:33 - 2013-07-23 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 14:29 - 2012-05-02 23:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2010-11-20 19:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 19:24 - 2013-01-28 20:54 - 00001456 _____ C:\Users\Debbie\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-11-10 11:08 - 2013-11-10 11:08 - 00000000 ____D C:\Users\Debbie\AppData\Local\PlumChoice, Inc
2013-11-10 11:06 - 2013-11-10 11:06 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-16 15:04
 
==================== End Of Log ============================
 
 
 
  • Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2013
Ran by Debbie at 2013-12-06 17:04:07
Running from C:\Users\Debbie\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 Premier Edition (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Acer Crystal Eye Webcam (x32 Version: 1.5.2728.00)
Acer ePower Management (x32 Version: 6.00.3010)
Acer eRecovery Management (x32 Version: 5.00.3508)
Acer Updater (x32 Version: 1.02.3501)
Adobe AIR (x32 Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.5.146)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.2 (x32 Version: 2.0.2)
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 15.0.7.2)
Broadcom NetLink Controller (Version: 15.2.5.1)
Broadcom Wireless Utility (Version: 5.100.196.11)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
D3DX10 (x32 Version: 15.4.2368.0902)
Façade (x32 Version: 1.1.2)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (HKCU Version: 31.0.1650.63)
iCloud (Version: 3.0.2.163)
Identity Card (x32 Version: 1.00.3501)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 8.0.2.1410)
Intel® OpenCL CPU Runtime (x32)
Intel® Processor Graphics (x32 Version: 8.15.10.2712)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
iTunes (Version: 11.1.2.32)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.1.15)
Level Quality Watcher (x32 Version: 1.0.0.0) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 18.0 (x86 en-US) (x32 Version: 18.0)
Mozilla Maintenance Service (x32 Version: 18.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Norton 360 Premier Edition (x32 Version: 20.4.0.40)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6577)
Skype™ 6.6 (x32 Version: 6.6.106)
Slender - The Arrival Beta 1.13 (x32 Version: 1.13)
Steam (x32)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.1.0.0)
Tablet Driver V7.0 (x32)
Team Fortress 2 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Wacom (Version: 5.3.2-1)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.07.1404.01)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
Zune (Version: 04.07.1404.01)
Zune Language Pack (DEU) (Version: 04.07.1404.01)
Zune Language Pack (ESP) (Version: 04.07.1404.01)
Zune Language Pack (FRA) (Version: 04.07.1404.01)
Zune Language Pack (ITA) (Version: 04.07.1404.01)
Zune Language Pack (NLD) (Version: 04.07.1404.01)
Zune Language Pack (PTB) (Version: 04.07.1404.01)
Zune Language Pack (PTG) (Version: 04.07.1404.01)
 
==================== Restore Points  =========================
 
13-11-2013 22:37:14 Device Driver Package Install: PenTablet Human Interface Devices
13-11-2013 22:38:06 Device Driver Package Install: PenTablet System devices
17-11-2013 20:15:49 Windows Update
20-11-2013 00:27:34 Windows Update
23-11-2013 21:11:34 Windows Update
26-11-2013 08:25:44 Windows Update
29-11-2013 20:15:38 Windows Update
01-12-2013 09:48:20 Removed ScorpionSaver Services
01-12-2013 10:02:48 Removed ScorpionSaver
01-12-2013 10:04:25 Removed ScorpionSaver
01-12-2013 20:30:37 Removed Cox PC HealthCheck
01-12-2013 20:34:30 Removed Façade
01-12-2013 20:35:35 Removed Façade
01-12-2013 20:36:50 Removed Façade
01-12-2013 20:38:18 Removed Façade
01-12-2013 20:39:20 Removed Livestream Procaster
03-12-2013 20:48:09 ComboFix created restore point
04-12-2013 01:00:24 Windows Update
07-12-2013 00:23:15 ComboFix created restore point
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2013-12-06 16:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {164AFEFC-4FCD-4AB7-B566-AA72740900D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {1D06ED55-BB92-487B-8BBE-D5A5DC118C75} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {3ABDF563-AFD7-4DB5-81E4-0103C6D2F3E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000UA => C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {6BE8CB34-52A9-4D72-A2CE-B7B2AC5B736C} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
Task: {73421D78-902C-46A2-A6D1-DB0727628C4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {952E8C23-EA33-4F26-AF0B-79FE744CB9AE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {CCDB1C7C-BA32-4F03-BDFA-E8A9929640EE} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {DA87149B-05AF-4619-9D4F-E0507AC47A35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000Core => C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000Core.job => C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1511435031-2390956964-748544535-1000UA.job => C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-09 21:38 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-13 10:16 - 2012-05-30 06:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360 PREMIER EDITION\ENGINE\20.4.0.40\wincfi39.dll
2013-08-14 12:24 - 2013-08-14 12:24 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-05-02 02:43 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-07-09 21:42 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 3932.36 MB
Available physical RAM: 2670.07 MB
Total Pagefile: 7862.9 MB
Available Pagefile: 6573.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:449.66 GB) (Free:376 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5938CB44)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#14 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:08:39 AM

Posted 12 December 2013 - 05:26 PM

Hello senaka :)

Please download SystemLook, save it to your desktop then:
  • Rightclick on SystemLook.exe => Run as Administrator
  • Copy the content of the following codebox into the textbox
    :regfind
    Level Quality Watcher
  • Click the Look button to start the scan and wait for the log
When finished, the SystemLook.txt file will be created on your desktop.
Please post the contents of that file in your next reply.


Regards

#15 senaka

senaka
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 12 December 2013 - 05:49 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 14:47 on 12/12/2013 by Debbie
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "Level Quality Watcher"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Level Quality Watcher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8BA5CD9129705784F8B198C6A5C96EEA]
"ProductName"="Level Quality Watcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Level Quality Watcher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Level Quality Watcher\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B]
"8BA5CD9129705784F8B198C6A5C96EEA"="C:\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4297B1FD53964CD47962133DB06117BE]
"8BA5CD9129705784F8B198C6A5C96EEA"="01:\Software\AppDataLow\Software\Level Quality Watcher\file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8]
"8BA5CD9129705784F8B198C6A5C96EEA"="C:\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BA5CD9129705784F8B198C6A5C96EEA\InstallProperties]
"DisplayName"="Level Quality Watcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}]
"DisplayName"="Level Quality Watcher"
[HKEY_USERS\S-1-5-21-1511435031-2390956964-748544535-1000\Software\AppDataLow\Software\Level Quality Watcher]
 
-= EOF =-





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users