Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM Surrogate


  • This topic is locked This topic is locked
23 replies to this topic

#1 efrain_fl8

efrain_fl8

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 29 November 2014 - 11:17 PM

Looking around in my computer, trying to find out what was this COM Surrogate message from Norton was, found in the Task Manager several instances of this *.dll active with the Description of COM Surrogate. After searching in Google, Norton recommended that I should refer this issue to you guys. So here I am, posting this note so I can get help. Thank you. By the way, following your instructions in the Preparation Guide, here is the DDS.txt file:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17148  BrowserJavaVersion: 11.25.2
Run by Wanda at 22:49:58 on 2014-11-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8119.3732 [GMT -5:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\uistub.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={9CAC7961-A924-11E2-839E-003067640569}
mWinlogon: Userinit = userinit.exe
BHO: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BrowserAppCoreService] C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe "C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe" "restart"
dRun: [Norton Download Manager{NONE32019-ESD-FSD31014}] C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe /m
dRun: [Norton Download Manager{N360P211018-SHPD-FSD40014}] C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe /m
StartupFolder: C:\Users\Wanda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://sso.fiservsco.com/WebCaptureWeb/CheckDepositEnabler.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7BA140BA-4BB7-4B6C-9107-5C1097CC3AC3} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs=   
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coieplg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 161.58.195.155 tempdomainname.com
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-10-3 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-10-3 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [2014-11-19 1587416]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2006-10-31 14136]
R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2cIo.sys [2011-5-4 15408]
R1 BS_TPIO;BS_TPIO;C:\Windows\System32\drivers\BS_TPIO64.sys [2011-5-4 13360]
R1 ccSet_MCLIENT;Norton One Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [2013-11-30 168096]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-10-3 162392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-2-15 283064]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141128.001\IDSviA64.sys [2014-11-28 637656]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-10-3 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-10-3 593112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BTHprint;Microsoft Bluetooth Printer Class;C:\Windows\System32\drivers\BTHPRINT.SYS [2009-7-13 67072]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-10-23 349736]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-10-23 39464]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2013-4-10 1907440]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-13 52320]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-30 19456]
S3 SndTAudio;SndTAudio;C:\Windows\System32\drivers\SndTAudio.sys [2011-4-17 33264]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-30 57856]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-3-20 16384]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-11-30 02:23:30 -------- d-----w- C:\Users\Wanda\AppData\Local\NPE
2014-11-26 13:30:54 -------- d-----w- C:\Users\Wanda\AppData\Roaming\Windows
2014-11-26 13:30:47 -------- d-----w- C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
2014-11-19 14:46:01 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 14:46:01 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-19 14:46:01 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 14:46:01 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-12 15:32:03 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-12 15:32:03 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-12 15:32:02 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-12 14:53:29 17323696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-11-05 02:59:37 0 ----a-w- C:\Windows\System32\ltrjn.dll
2014-11-05 02:59:34 71168 ----a-w- C:\Windows\System32\gjuiw.dll
.
==================== Find3M  ====================
.
2014-11-07 05:15:24 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-26 01:56:17 2237952 ----a-w- C:\Windows\System32\wininet.dll
2014-10-26 01:56:06 600064 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-26 01:54:43 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-26 01:54:36 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-10-26 01:54:36 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-10-26 01:53:54 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-26 00:36:01 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-26 00:35:53 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-10-26 00:34:48 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-26 00:34:43 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-10-26 00:34:43 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-10-26 00:34:16 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-26 00:19:11 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-26 00:13:06 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-25 23:22:53 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-10-25 23:17:32 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 04:53:09 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 04:53:09 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
.
============= FINISH: 22:56:30.90 ===============
 
 
And attached is the 'Attach.txt' file per the instructions.

Attached Files


Edited by efrain_fl8, 29 November 2014 - 11:25 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 30 November 2014 - 10:46 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Step 3

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 03 December 2014 - 12:53 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 efrain_fl8

efrain_fl8
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 03 December 2014 - 02:10 PM

I will be home Saturday morning so please, my apologies for not replying sooner. Thank you for your patience.

#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 03 December 2014 - 02:23 PM

OK...:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 efrain_fl8

efrain_fl8
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 06 December 2014 - 09:57 AM

Good morning (Sat morning in Florida, USA),

 

This is the result of the PoweliksCleaner.exe. It did not find any instances of this threat in my machine. I will proceed with the next step and another post will follow.

 

Had to attach the *.txt file since the site is telling me that the post is too long. 

 

On to the next step.

 

Thank you,

 

Efrain

 

 

Attached Files



#7 efrain_fl8

efrain_fl8
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 06 December 2014 - 10:08 AM

Good morning again,

 

This is the log from FRST.exe.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014
Ran by Wanda (administrator) on WANDA-PC on 06-12-2014 10:02:49
Running from C:\Users\Wanda\Desktop
Loaded Profile: Wanda (Available profiles: Efrain & Wanda & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Symantec Corporation) C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ShopAtHome.com) C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [BrowserAppCoreService] => C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe [49152 2013-08-26] (ShopAtHome.com)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-18\...\Run: [Norton Download Manager{NONE32019-ESD-FSD31014}] => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe /m
HKU\S-1-5-18\...\Run: [Norton Download Manager{N360P211018-SHPD-FSD40014}] => C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
Startup: C:\Users\Wanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1873193979-821539997-2022934919-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={9CAC7961-A924-11E2-839E-003067640569}
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={9CAC7961-A924-11E2-839E-003067640569}
SearchScopes: HKU\S-1-5-21-1873193979-821539997-2022934919-1003 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-1873193979-821539997-2022934919-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {300BEC06-B743-4D19-86B9-11DC711D7FFB} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1873193979-821539997-2022934919-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1873193979-821539997-2022934919-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} 
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://sso.fiservsco.com/WebCaptureWeb/CheckDepositEnabler.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-29]
 
Chrome: 
=======
CHR Profile: C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-22]
CHR Extension: (Google Drive) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-22]
CHR Extension: (Google Search) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-14]
CHR Extension: (SelectionLinks) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2014-02-22]
CHR Extension: (Norton Security Toolbar) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-22]
CHR Extension: (Google Wallet) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-22]
CHR Extension: (Gmail) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [kdcnnmifdmlmjffdgeieikcokcogpbej] - C:\Program Files (x86)\OApps\chromeaddon2.crx [2013-01-13]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MCLIENT; C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-10-29] (iWin Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2006-10-31] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2006-10-31] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [15408 2008-06-16] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\SysWOW64\drivers\BS_I2cIo.sys [16768 2006-12-11] (BIOSTAR Group) [File not signed]
R1 BS_TPIO; C:\Windows\system32\drivers\BS_TPIO64.sys [13360 2009-04-29] ()
S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-13] (Microsoft Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-08-20] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2011-05-08] (Devguru Co., Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-15] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2013-04-10] (Hauppauge Computer Works, Inc.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141205.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-03-13] (http://libusb-win32.sourceforge.net)
S2 MCSTRM; No ImagePath
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141205.018\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141205.018\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-01-01] (CACE Technologies, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [33264 2009-04-16] (Windows ® Codename Longhorn DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 10:02 - 2014-12-06 10:03 - 00023087 _____ () C:\Users\Wanda\Desktop\FRST.txt
2014-12-06 10:02 - 2014-12-06 10:02 - 00000000 ____D () C:\FRST
2014-12-06 09:48 - 2014-12-06 09:49 - 00397188 _____ () C:\Users\Wanda\Desktop\ESETPoweliksCleaner.exe_20141206.094840.11580.log
2014-12-06 09:47 - 2014-12-06 09:42 - 01295360 _____ () C:\Users\Wanda\Desktop\zoek.exe
2014-12-06 09:47 - 2014-12-06 09:41 - 02118144 _____ (Farbar) C:\Users\Wanda\Desktop\FRST64.exe
2014-12-06 09:47 - 2014-12-06 09:40 - 00000062 _____ () C:\Users\Wanda\Desktop\zoek_script.txt
2014-12-06 09:46 - 2014-12-06 09:33 - 00186568 _____ (ESET) C:\Users\Wanda\Desktop\ESETPoweliksCleaner.exe
2014-12-06 09:40 - 2014-12-06 09:40 - 00000062 _____ () C:\Users\Public\zoek_script.txt
2014-12-06 09:39 - 2014-12-06 09:42 - 01295360 _____ () C:\Users\Public\zoek.exe
2014-12-06 09:38 - 2014-12-06 09:41 - 02118144 _____ (Farbar) C:\Users\Public\FRST64.exe
2014-12-06 09:32 - 2014-12-06 09:33 - 00186568 _____ (ESET) C:\Users\Public\ESETPoweliksCleaner.exe
2014-11-29 23:40 - 2014-11-29 23:40 - 00000000 ____D () C:\Program Files\Logitech
2014-11-29 22:56 - 2014-11-29 23:05 - 00008764 _____ () C:\Users\Wanda\Desktop\attach.txt
2014-11-29 22:56 - 2014-11-29 23:04 - 00019442 _____ () C:\Users\Wanda\Desktop\dds.txt
2014-11-29 22:46 - 2014-11-29 22:46 - 00688992 ____R (Swearware) C:\Users\Wanda\Downloads\dds.com
2014-11-29 22:04 - 2014-11-29 22:04 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Wanda\Downloads\SpyHunter-Installer.exe
2014-11-29 21:23 - 2014-12-04 23:57 - 00000000 ____D () C:\Users\Wanda\AppData\Local\NPE
2014-11-26 08:30 - 2014-12-06 08:44 - 00000000 ____D () C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
2014-11-26 08:30 - 2014-11-26 08:30 - 00456816 _____ () C:\Users\Wanda\Downloads\ShopAtHome_AppCore_7127_C114328164_D1_R1050040_B3.exe
2014-11-26 08:30 - 2014-11-26 08:30 - 00003842 _____ () C:\Windows\System32\Tasks\Reset ShopAtHome BAC
2014-11-26 08:30 - 2014-11-26 08:30 - 00000000 ____D () C:\Users\Wanda\AppData\Roaming\Windows
2014-11-19 09:46 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:46 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 09:46 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 09:46 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 12:40 - 2014-11-18 12:51 - 00000000 ____D () C:\Users\Wanda\Documents\2014-11-18 Jury Summons 2014
2014-11-12 10:32 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:32 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:32 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 10:31 - 2014-10-25 20:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 10:31 - 2014-10-25 20:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 10:31 - 2014-10-25 20:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 10:31 - 2014-10-25 20:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 10:31 - 2014-10-25 20:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 10:31 - 2014-10-25 20:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 10:31 - 2014-10-25 20:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 10:31 - 2014-10-25 20:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 10:31 - 2014-10-25 20:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 10:31 - 2014-10-25 19:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 10:31 - 2014-10-25 19:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 10:31 - 2014-10-25 19:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 10:31 - 2014-10-25 19:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 10:31 - 2014-10-25 18:22 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-11-12 10:31 - 2014-10-25 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-12 10:31 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:31 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:31 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:31 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:31 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:31 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 10:31 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:31 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:31 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:31 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:31 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 10:31 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:31 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:31 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:31 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:31 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:31 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:31 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:31 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:31 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:31 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:31 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:31 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:31 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 10:31 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:31 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:31 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:31 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:31 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:31 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 09:53 - 2014-11-12 15:53 - 17323696 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 09:53 - 2012-03-31 16:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-06 09:46 - 2011-06-19 12:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-06 08:30 - 2009-07-13 23:45 - 00032704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-06 08:30 - 2009-07-13 23:45 - 00032704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-06 08:27 - 2011-02-27 15:21 - 02050400 _____ () C:\Windows\WindowsUpdate.log
2014-12-06 08:22 - 2011-06-19 12:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-06 08:21 - 2013-05-02 07:44 - 01135108 _____ () C:\Windows\PFRO.log
2014-12-06 08:21 - 2013-05-01 07:18 - 00059517 _____ () C:\Windows\setupact.log
2014-12-06 08:21 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 23:45 - 2014-01-18 08:15 - 00030084 _____ () C:\Windows\LDPINST.LOG
2014-11-29 23:45 - 2011-06-06 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-11-29 23:45 - 2011-06-06 22:45 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-11-29 23:42 - 2013-06-15 11:46 - 00002481 _____ () C:\Windows\LkmdfCoInst.log
2014-11-29 23:42 - 2011-06-06 22:46 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-11-29 23:40 - 2011-06-06 22:46 - 00000000 ____D () C:\ProgramData\Logishrd
2014-11-29 23:37 - 2013-03-29 15:42 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-11-29 23:37 - 2012-09-16 07:11 - 00000000 ____D () C:\Users\Efrain\AppData\Local\Akamai
2014-11-29 23:37 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-29 23:36 - 2011-03-20 15:47 - 00000000 ___RD () C:\Users\Efrain\Virtual Machines
2014-11-29 23:36 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-29 21:23 - 2011-03-05 12:07 - 00000000 ____D () C:\ProgramData\Norton
2014-11-28 20:26 - 2014-02-22 21:57 - 00088152 _____ () C:\Users\Wanda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-25 20:49 - 2013-12-02 07:58 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-18 12:48 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\My Scans
2014-11-18 12:47 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\Efrain's Jury Duty
2014-11-13 23:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 21:56 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\TOMMY'S INFORMATION
2014-11-13 21:41 - 2011-06-19 12:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 21:41 - 2011-06-19 12:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 09:22 - 2009-07-13 23:45 - 00354112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 09:20 - 2014-05-01 22:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 02:24 - 2011-03-19 07:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 02:21 - 2013-08-14 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 02:12 - 2011-02-27 15:39 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 15:04 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\Inspiration
2014-11-09 00:41 - 2014-02-22 21:30 - 00747132 _____ () C:\Windows\system32\perfh00A.dat
2014-11-09 00:41 - 2014-02-22 21:30 - 00159200 _____ () C:\Windows\system32\perfc00A.dat
2014-11-09 00:41 - 2009-07-14 00:13 - 01678290 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 12:56 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\MEDICAL INFO
2014-11-07 12:47 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\PERSONAL
2014-11-07 00:16 - 2013-10-19 11:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-07 00:15 - 2013-12-03 18:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-07 00:15 - 2013-12-03 18:18 - 00000000 ____D () C:\Program Files (x86)\Java
 
Files to move or delete:
====================
C:\Users\Public\ESETPoweliksCleaner.exe
C:\Users\Public\FRST64.exe
C:\Users\Public\zoek.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 12:30
 
==================== End Of Log ============================
 
And this is the log for Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2014
Ran by Wanda at 2014-12-06 10:03:45
Running from C:\Users\Wanda\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
ASUS Android USB Drivers (HKLM\...\{F6AEADC0-6B97-430E-B78A-C1D633A6528D}) (Version: 4.0.6753 - ASUSTeK Computer Inc.)
ASUS Sync (HKLM-x32\...\{488E9FD9-7C30-4120-8790-410F46F13CD6}) (Version: 1.0.97 - FutureDial Inc.)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.143.296 - ASUS Cloud Corporation)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version:  - )
Canon MX430 series User Registration (HKLM-x32\...\Canon MX430 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kies mini (HKLM-x32\...\InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Kies mini (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{46EA439E-2D16-49B6-AA80-00DE992FE7CE}) (Version: 7601 - Microsoft)
Morgan Stream Switcher (HKLM-x32\...\mmswitch) (Version:  - )
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10400.4.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10600.4.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10600.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10300.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.10800.7.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10400.3.100 - Nero AG)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton One (HKLM-x32\...\MCLIENT) (Version: 3.2.2.12 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Season Match 2 (HKLM-x32\...\Season Match 2) (Version:  - Pogo.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
ShopAtHome.com BrowserAppCore Service Chrome (HKLM-x32\...\ShopAtHome.com BrowserAppCore Service Chrome) (Version:  - ShopAtHome.com) <==== ATTENTION
Simpo PDF to Word (HKLM-x32\...\Simpo PDF to Word_is1) (Version:  - Simpo Technologies)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Technical Support Web Controls (HKLM-x32\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip (HKLM-x32\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version:  - PopCap Games)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
07-11-2014 15:53:36 Scheduled Checkpoint
13-11-2014 07:09:26 Windows Update
20-11-2014 08:00:15 Windows Update
29-11-2014 00:16:09 Scheduled Checkpoint
06-12-2014 14:40:24 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2011-12-10 21:31 - 00000823 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1       www.applian.securesites.com
161.58.195.155   tempdomainname.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09F1A151-8D8F-4C82-9AC4-BE5E3E93F3E3} - System32\Tasks\{F9869A67-7330-4A3B-8B28-92D8B81C7DC2} => C:\BIOSTAR\TOVERCLOCKER\TOC.exe
Task: {0D16C4DD-3573-4F1D-856F-77BCD404DE28} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {15B1C88B-B319-481C-BFAC-9835A3FE15CE} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {19662CE4-CBD5-480B-8B2C-4127B68F9586} - System32\Tasks\{D9A028FA-76DF-C2AB-282C-9EAD4AF9C7EA} => C:\Windows\system32\gjuiw.dll [2014-11-04] ()
Task: {1A58D61B-5E7D-46FF-881E-D3800ED6B7BF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {2A37BF06-7789-44F3-9660-2DB7726B04D1} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2012-10-29] (iWin Inc.)
Task: {437598A0-A22A-4903-A89C-4AD696D3989E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {459E66F9-5C02-4418-B954-B4624BA3E494} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {54A2DC8E-214D-4B60-98CE-40CB8A6E338E} - System32\Tasks\Norton One\Norton Error Analyzer => C:\Program Files (x86)\Norton One\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {6A89E8E7-C0AD-47A1-B889-313C007CB7BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {6C270EC0-BBA3-4079-8A70-5B3842036571} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [2013-03-01] (Futuredial Inc.)
Task: {797A5CFB-0394-4D9D-B707-E1AC0C9FE150} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {7A8C638F-D638-45B1-9143-5F516F16CA00} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {804316C9-6A9D-4CF2-8F58-5CF765E5A9CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {83C88AB0-3F97-491C-ABA0-663C1EAC4898} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8FA88EA8-4D2C-4272-915D-88488604FEBE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {95E11C1B-150E-48FA-A80B-325BAA801A84} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {99D850D9-B59F-4EE9-9152-8FC0BE7907DF} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {9BD53C89-E806-4130-8CC7-BC242B911DB7} - System32\Tasks\Norton One\Norton Error Processor => C:\Program Files (x86)\Norton One\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {B5000ABB-098F-4915-8448-5BF1E23FAE38} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B6847AF5-9AFB-4338-8909-AFFE111C25A0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BCD700E2-3E27-4212-B64F-F63B83F0D2ED} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {BD789DE4-7EC9-448D-A5D7-385214B307AC} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C3800AF8-6F67-49DA-8BED-BB5AF76A7AA3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C5319027-2B67-4F2A-87B9-4F26DC714C0A} - System32\Tasks\Reset ShopAtHome BAC => C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe [2013-08-26] (ShopAtHome.com)
Task: {D071E98F-902C-4DCB-B881-F13C6C23B417} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DEE2F890-5BD0-4E3F-BFFF-ED095DC3D3C7} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {E8C7F287-13C3-4F0F-AE4D-B80DFB9D303F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {F9C65123-617F-4FA2-817D-A1B8D6392920} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FD522578-7A8F-401F-94BD-6CC430FC94BF} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {FE810FF5-3E2D-408E-9FBA-257FE7F5C7B3} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-03-20 08:32 - 2008-06-19 23:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-08-31 18:13 - 2011-08-31 18:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-25 20:49 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-25 20:49 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-25 20:49 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 20:49 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:2B11E0DF
AlternateDataStreams: C:\ProgramData\TEMP:5690D76E
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Efrain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ASUS Sync Loader => "C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe" -startup
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: DAP10 => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1873193979-821539997-2022934919-500 - Administrator - Disabled)
Efrain (S-1-5-21-1873193979-821539997-2022934919-1001 - Administrator - Enabled) => C:\Users\Efrain
Guest (S-1-5-21-1873193979-821539997-2022934919-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1873193979-821539997-2022934919-1002 - Limited - Enabled)
Wanda (S-1-5-21-1873193979-821539997-2022934919-1003 - Administrator - Enabled) => C:\Users\Wanda
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/03/2014 01:32:23 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <10, 0x80070005, "">.
 
Error: (11/29/2014 11:07:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1148
 
Start Time: 01d00c531723b4e0
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 6bf9df37-7846-11e4-b450-003067640569
 
Error: (11/29/2014 11:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ad8
 
Start Time: 01d00c47b9544637
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 45ebf095-7846-11e4-b450-003067640569
 
Error: (11/29/2014 09:45:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2890
 
Start Time: 01d00c47a701fc1b
 
Termination Time: 35
 
Application Path: C:\Windows\explorer.exe
 
Report Id: f4801217-783a-11e4-b450-003067640569
 
Error: (11/29/2014 09:45:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2b50
 
Start Time: 01d00c47401b1db1
 
Termination Time: 35
 
Application Path: C:\Windows\explorer.exe
 
Report Id: e26b2c88-783a-11e4-b450-003067640569
 
Error: (11/29/2014 09:42:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9f0
 
Start Time: 01d00c462ab7c805
 
Termination Time: 16
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 7a6c29cf-783a-11e4-b450-003067640569
 
Error: (11/23/2014 10:50:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 13fc
 
Start Time: 01d0078e7bead535
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (11/20/2014 09:55:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1bc34
 
Start Time: 01d0053415af2c77
 
Termination Time: 31
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (11/13/2014 10:42:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 14.0.7135.5000, time stamp: 0x542ecc23
Faulting module name: hpzuiw71.dll, version: 0.3.7071.0, time stamp: 0x4a5bdfca
Exception code: 0xc0000005
Fault offset: 0x0000000000192138
Faulting process id: 0xc14
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
 
Error: (11/12/2014 02:20:22 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
 
System errors:
=============
Error: (12/06/2014 10:00:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/06/2014 10:00:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/06/2014 10:00:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/06/2014 10:00:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/06/2014 09:37:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/06/2014 09:37:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/06/2014 09:37:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/06/2014 09:37:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/06/2014 09:37:12 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/06/2014 09:37:12 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
Microsoft Office Sessions:
=========================
Error: (12/03/2014 01:32:23 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 100x80070005
 
Error: (11/29/2014 11:07:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567114801d00c531723b4e00C:\Windows\explorer.exe6bf9df37-7846-11e4-b450-003067640569
 
Error: (11/29/2014 11:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567ad801d00c47b95446370C:\Windows\explorer.exe45ebf095-7846-11e4-b450-003067640569
 
Error: (11/29/2014 09:45:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567289001d00c47a701fc1b35C:\Windows\explorer.exef4801217-783a-11e4-b450-003067640569
 
Error: (11/29/2014 09:45:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.175672b5001d00c47401b1db135C:\Windows\explorer.exee26b2c88-783a-11e4-b450-003067640569
 
Error: (11/29/2014 09:42:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175679f001d00c462ab7c80516C:\Windows\Explorer.EXE7a6c29cf-783a-11e4-b450-003067640569
 
Error: (11/23/2014 10:50:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.1714813fc01d0078e7bead53516C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (11/20/2014 09:55:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.171481bc3401d0053415af2c7731C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (11/13/2014 10:42:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: EXCEL.EXE14.0.7135.5000542ecc23hpzuiw71.dll0.3.7071.04a5bdfcac00000050000000000192138c1401cfff58343f46cdC:\Program Files\Microsoft Office\Office14\EXCEL.EXEC:\Windows\system32\spool\DRIVERS\x64\3\hpzuiw71.dllb99fab55-6b4b-11e4-a602-003067640569
 
Error: (11/12/2014 02:20:22 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-02 21:07:29.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:07:25.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:07:18.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:07:05.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:07:03.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:07:00.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:06:54.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:06:41.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:05:44.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:05:38.162
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 60%
Total physical RAM: 8119.12 MB
Available physical RAM: 3208.33 MB
Total Pagefile: 16236.41 MB
Available Pagefile: 10457.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:292.88 GB) NTFS
Drive d: (Storage) (Fixed) (Total:149.04 GB) (Free:67.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: C84A899F)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AB910A50)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
And now, on to the next step.
 
Thank you,
 
Efrain
 


#8 efrain_fl8

efrain_fl8
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 06 December 2014 - 10:38 AM

And here is the Zoek.exe results

 

 
Zoek.exe v5.0.0.0 Updated 03-December-2014
Tool run by Wanda on Sat 12/06/2014 at 10:13:43.86.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Wanda\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
12/6/2014 10:20:13 AM Zoek.exe System Restore Point Created Succesfully.
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWow64\svchost.exe
C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Users\Wanda\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWow64\dllhost.exe
 
==== System Specs ======================
 
Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8120 MB
CPU Info: Intel® Core™ i3 CPU         550  @ 3.20GHz
CPU Speed: 3060.9 MHz
Sound Card: Speakers (2- High Definition Au | 
Digital Audio (S/PDIF) (2- High | 
Display Adapters: Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; ACER AL2216W  | 
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
CD / DVD Drives: 2x (E: | F: | ) E: TSSTcorpCDW/DVD TS-H492C | F: DTSOFT  BDROM
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  465.7GB | D:  149.0GB
Hard Disks - Free: C:  292.9GB | D:  67.6GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 02/24/10 | _ASUS_ - 20100224
Time Zone: Eastern Standard Time
Motherboard *: BIOSTAR Group TH55 HD
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Norton 360 Premier Edition On-access scanning disabled (Outdated)
Anti-Spyware: Norton 360 Premier Edition disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Norton 360 Premier Edition disabled
Internet Explorer Version: 10.0.9200.17148 
Mozilla Firefox version: 26.0 (x86 en-US)
Google Chrome version: 39.0.2171.71
Adobe Reader version: 11.0.9.29
Sun Java version: 1.8.0_25 (32-bit) 
Sun Java version: 1.8.0_25 (64-bit) 
Flash Player version: 15.0.0.152
Shockwave Player version: 12.0.7r148
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\Wanda\AppData\Local\Temp ====
====== Java Cache =====
2014-11-08 06:28:05 51F98A8FF2A1E36B87B540ED266EA31E 2165 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\144486c0-31abe253
2014-11-08 06:02:50 54075F45E154CBBD05AE12CBEAA92F87 1752 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\32231c80-4d27c64b
2014-11-12 03:13:38 3F53293334F4EAE256990C78CC476030 1387 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\37842d40-35549167
2014-11-08 06:02:50 79C59E19AA4F74E80A677574A0DABB9C 23590 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\569f090a-3f3d460e
2014-11-10 05:31:49 EA64436752C273540CE6ECAA0891C19F 4878 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\33cc1b4b-3c47c64b
2014-11-08 06:28:05 B238C731F042784CBF3CB29DB3D7981D 2693 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\105d844e-48255b09
2014-11-20 06:20:14 46F39EF8EEA146D692ADE6914F157ADA 639 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3015098f-2f3ffb1b
2014-11-24 03:51:25 276C7DFB6B0B9F36D137E3B1AD95BFBC 1580 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4eb3e64f-6a75c299
2014-11-16 04:59:58 7474993079652BB703B373BE3DF20FD1 633 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\2d66f850-7f8a3205
2014-12-02 06:24:34 0075B09ADF083E6C95D51C3F012028B0 566 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\457ed9d0-76b85602
2014-11-16 04:19:47 46F3D0908CC8EE816EA3033AB1C2EBEC 638 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\686aeb12-1163700a
2014-11-26 01:13:05 E1375C59D4BE68CFFBDD7728425143E4 12320 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\6b5c5d2-7ec17863
2014-11-18 03:12:00 9E9A4CA9CA455AB4860DFA58301DA99B 1742 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\79118412-724134a0
2014-11-08 06:28:05 B96676B302324DAB23C06862CFAEFEA6 4860 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\65854a93-54c553ba
2014-11-08 06:02:50 6A625BA4359BC07602F9C308BB11743E 1501 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\54d58802-58607bd2
2014-11-20 06:27:26 7B2AEF8522706842A7AE357A919B0BF0 485 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\4ff6c054-36dc36ec
2014-11-08 06:02:50 4655686592489DB11FA0FAA5C10A955C 1274 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1fdfd315-6fdf54fd
2014-11-12 03:30:48 BCEC6F50FAD220BAF2B815E1C2C82914 1727 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\66d43d55-4d420a10
2014-11-16 02:49:03 6E5FC2063F73EDED25DEEEE476E53D70 591 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\40088996-17491c5f
2014-11-08 06:02:50 FB807E59794FAE586AA58708772F9CD8 1465 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6fbfe196-68f0cdd5
2014-11-08 06:28:05 EAE4BDB33F25548551DF6AA71AD427A3 3613 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\288ab558-59976a2b
2014-11-26 01:12:56 A539CACA91F2E27AB3404B8C20735FC0 7019 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\548f0d98-5f6bd349
2014-11-26 01:12:54 0CD5B92A41AD17D165E900839608007C 438 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\14df44da-159d0c0e8a263d7b3c77319f9b8be196445b6e8e858072f370f828aae3b39ac4-6.0.lap
2014-11-20 06:34:08 0F8AE8E58FF30B023E933A56D99D4D17 11309 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2ae28da-54262305
2014-11-12 02:55:36 8EC8F3538EAB540C2E1FEF242ED61467 1347 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7331a91b-55c30d81
2014-11-08 06:02:50 4DB9CDAEA5DE775567435431685C8A49 1407 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\7e0fd2dc-5fa82da4
2014-11-12 02:55:29 0C811B516E629A9854DA43F42302431F 1630394 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5469459d-42d0d1f2
2014-11-12 02:55:36 6F847A94F51C56DD37916889BC8D0521 59203 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\20ad0483-7eefaa8d
2014-11-12 05:08:53 41970B948B90DBA79C2887BE016FF4E6 1716 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3cc5d1c3-72d00014
2014-11-08 06:02:50 41A7F5CEC19DC4D4AFAB637AAE3AEC9D 2280 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\521529f-277db002
2014-11-15 06:08:22 215F04DCC1962E9309868859C59C5B8C 19683 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\6191a65f-40727926
2014-11-12 02:55:28 1BFF13F6C9E21FE7FE78F43AF61D2CC3 93 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\27d23420-a6decf535eee8573faf56e51171311451395c60694aad6bce67b50d9ab323041-6.0.lap
2014-11-08 06:02:43 33B9BF164A6BD96F6DF0F02AA4EAB8EB 93 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\33469922-5fa5e33e321670f56028034e976e12d37c3cb0fe1749c54dcb49d8ca7863a568-6.0.lap
2014-11-24 03:55:37 435535D1039A13E4823761846CF85686 1808 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\516f7923-1aed4c26
2014-11-13 06:12:42 A46CC1AA1E3E8BA9516B31313D05EE00 1681768 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5d55ce3-1f6ec901
2014-11-13 04:22:09 2BAAE5245EEB178C0D423743E5B82D1B 1434 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\5003b565-4c67b52c
2014-11-12 02:55:32 4539ECC7E3031EEECD45BD7D3E357DC4 436 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\74c397e6-c8934f2bd829d3586d5034dc6657f0b780b1d8b77fccab50c9ef267d1e771228-6.0.lap
2014-11-08 06:02:39 1EBBB9789D5198E53317451AC88F5062 93 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\91ce7a6-aac31c2f267d4a18cc01200a47ec10fe9a67572705e007dbcdc60c214b72b6c1-6.0.lap
2014-11-08 06:02:44 AC449EB8536CB4C24F3E7A407F9D574B 315 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5df6f0c4-75f42e5a
2014-11-08 06:02:45 F87292BE7386F7F6E5AF53FB1751D290 436 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\635c4ac4-423ebde4d81b8d62f928e2518f84b7dff292ac5cb67a36bac5cb25ed8286927a-6.0.lap
2014-11-26 01:13:00 A8BA0056324DFC0B785720FDBBA0A3DE 1630254 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\24406968-33c04a63
2014-11-08 06:02:50 07CDF1D9C5CB0934C27E6476E77C4FF2 31328 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\5ec1dead-7893bbfe
2014-11-26 01:12:59 16DD161D604FC40A0F5E03217F4B1F6F 436 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\367ec0ee-43de5072703bc1cb3e48ce77f7efd065b395fac51546102af29136baa2175145-6.0.lap
2014-11-12 02:55:37 DC2D0D4FF64B63EA7B99A18757A4EE8D 207623 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\7e91326e-5ac6c5d7
2014-11-08 06:02:50 23B45DE439292B4A36B71ABFB128F756 14608 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\77ee530-44d21e87
2014-11-08 06:28:06 6D9D132662CB081C3987ED04E8C21EB9 1722952 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\35b6dcb1-13ae5498
2014-11-26 01:13:03 A05454AE4208347F32472A82F3572EA0 93 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\3f411db1-c0d66a663cdac532fa12bb3256672903ef6287288eae6e6dcf2ff00d611843e2-6.0.lap
2014-11-25 05:23:33 804AB998AAC142F0BF871B79C9D2B772 1825 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1113c005-43ad607d
2014-11-26 01:13:03 A05454AE4208347F32472A82F3572EA0 93 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\79d98e05-8f0c0c1d640bc937df654eb450e1e4748ae33466a3753f2fd763477c6de47b04-6.0.lap
2014-11-08 06:28:05 8EC6FFDD31E6BE9704BF6BB7D0C78433 1716 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\57ec8872-1799898f
2014-11-26 01:13:06 EEF52C3BE29992014B9D269891D8900D 203104 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\60553ef4-49ccef77
2014-11-20 06:29:24 73602A717BC99027FE3EB3CEBC89AD36 582 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\12467b35-54d0cd92
2014-11-12 02:55:16 E7FF509F36F8B0EE10A9606D9AD45CAD 438 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5571f4b5-1f6fbf9c9d720ad4f352a2251c5d039086a8889033cff6263bc8c3c120084887-6.0.lap
2014-11-08 06:02:50 10121AC40DE08A1C146A7D1F3B1065F8 7941 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\18c4d7b6-44a72efd
2014-11-08 06:02:50 F427F92FACE22DD46B79B522B6B39F2A 1413 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\48ca9ff7-145449d6
2014-11-08 06:02:50 61D9B21DE2DB978CEEB83C6C7339A9DD 2079 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\79ffaafa-71447d6b
2014-11-13 04:22:10 408CD9B656C1B605D7BAFE00F812EDF1 830 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7ca07c3b-709df1e0
2014-11-08 06:02:50 84317B671EF199E5F90C36489D77C6F9 3765 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\17500b46-3ef8682b
2014-11-12 02:55:32 4D996BFC310A54E5E947302C6AAB5B93 93 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\2f386506-3b9cb46baa5b0112adafbe278f2da39c410ff0dce809d5cc27e0bbb1c6d4997e-6.0.lap
2014-11-13 04:22:10 A3D4AB76D508714436A1A347773420A2 1431 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1600e507-5aa9f5e7
2014-11-12 02:55:19 3264797A138439046C0E08DC1BB0C6FB 7017 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\331e7b87-2b33ed32
2014-11-18 03:00:59 2C32347501A0511CD69B3D7D32EA884C 1918 ----a-w- C:\Users\Wanda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\59ed7049-6277fb1d
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-11-12 15:31:55 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
2014-11-26 13:30:54 CDBFB8112CA47140A38733CCB37FB93A 3842 ----a-w- C:\Windows\Sysnative\Tasks\Reset ShopAtHome BAC
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-11-07 05:16:01 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Wanda\AppData\Roaming ======
2014-11-30 02:23:30 -------- d-----w- C:\Users\Wanda\AppData\Local\NPE
2014-11-26 13:30:54 -------- d-----w- C:\Users\Wanda\AppData\Roaming\Windows
2014-11-26 13:30:47 -------- d-----w- C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
====== C:\Users\Wanda ======
2014-12-06 14:47:05 F4F789173E79E7E01F83417A76538E11 2118144 ----a-w- C:\Users\Wanda\Desktop\FRST64.exe
2014-12-06 14:46:58 7650EF7FFE338A50ADE28288FB601B7A 186568 ----a-w- C:\Users\Wanda\Desktop\ESETPoweliksCleaner.exe
2014-12-06 14:38:35 F4F789173E79E7E01F83417A76538E11 2118144 ----a-w- C:\Users\Public\FRST64.exe
2014-12-06 14:32:22 7650EF7FFE338A50ADE28288FB601B7A 186568 ----a-w- C:\Users\Public\ESETPoweliksCleaner.exe
2014-11-30 03:46:39 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Wanda\Downloads\dds.com
2014-11-30 03:04:57 2312A73CC833FFDAFEE32D6A87A769D2 2998656 ----a-w- C:\Users\Wanda\Downloads\SpyHunter-Installer.exe
2014-11-26 13:30:37 338D00098FFE4F11919168A9CDCCEFD7 456816 ----a-w- C:\Users\Wanda\Downloads\ShopAtHome_AppCore_7127_C114328164_D1_R1050040_B3.exe
 
====== C: exe-files ==
=== C: other files ==
2014-12-03 14:19:25 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Users\Wanda\AppData\LocalLow\Adobe\mvvfrlkrb\Bbhbguwm\36.0.1985.143\default_apps\youtube.crx
2014-12-03 14:19:25 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Users\Wanda\AppData\LocalLow\Adobe\mvvfrlkrb\Bbhbguwm\36.0.1985.143\default_apps\search.crx
2014-12-03 14:19:25 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Users\Wanda\AppData\LocalLow\Adobe\mvvfrlkrb\Bbhbguwm\36.0.1985.143\default_apps\drive.crx
2014-12-03 14:19:25 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Users\Wanda\AppData\LocalLow\Adobe\mvvfrlkrb\Bbhbguwm\36.0.1985.143\default_apps\gmail.crx
2014-12-03 14:19:25 2C71C49F991095A1848624907BACBB08 4578 ----a-w- C:\Users\Wanda\AppData\LocalLow\Adobe\mvvfrlkrb\Bbhbguwm\36.0.1985.143\default_apps\docs.crx
2014-11-30 03:46:39 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Wanda\Downloads\dds.com
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{NONE32019-ESD-FSD31014}"="C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe /m"
"Norton Download Manager{N360P211018-SHPD-FSD40014}"="C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe /m"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{NONE32019-ESD-FSD31014}"="C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe /m"
"Norton Download Manager{N360P211018-SHPD-FSD40014}"="C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe /m"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"BrowserAppCoreService"="C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe restart"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="  "
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="  "
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Sync Loader]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ASUS Sync Loader"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ASUS\\ASUS Sync\\asusUPCTLoader.exe\" -startup"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ASUSWebStorage"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ASUS WebStorage\\3.0.143.296\\AsusWSPanel.exe /S"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonMyPrinter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonSolutionMenuEx"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAP10]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAP10"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAP\\DAP.EXE\" /STARTUP"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DownloadAccelerator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DownloadAccelerator"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAP\\DAP.EXE\" /STARTUP"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScannerSelectorEX]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IJNetworkScannerSelectorEX"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\IJ Network Scanner Selector EX\\CNMNSST.exe /FORCE"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Download Assistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logitech Download Assistant"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\System32\\LogiLDA.dll,LogiFetch"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Nero\\Nero 10\\Nero BackItUp\\NBAgent.exe\" /WinStart"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TkBellExe"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Real\\RealPlayer\\Update\\realsched.exe\" -osboot"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk"
"backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe "
"item"="Bluetooth"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Efrain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
"path"="C:\\Users\\Efrain\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Screen Clipper and Launcher.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2010 Screen Clipper and Launcher.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office14\\ONENOTEM.EXE /tsr"
"item"="OneNote 2010 Screen Clipper and Launcher"
 
 
==== Startup Folders ======================
 
2014-02-23 03:05:37 1262 ----a-w- C:\Users\Wanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/23/2014 11:53 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/21/2014 02:34 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/21/2014 02:34 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Launch ASUS Sync Loader" [C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe"]
"C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873193979-821539997-2022934919-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1873193979-821539997-2022934919-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-1873193979-821539997-2022934919-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\Reset ShopAtHome BAC" ["C:\Users\Wanda\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe"]
"C:\Windows\SysNative\tasks\RunAsStdUser Task" [C:\Program Files (x86)\Pogo Games\PogoDGC.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{D9A028FA-76DF-C2AB-282C-9EAD4AF9C7EA}" [C:\Windows\system32\regsvr32.exe]
"C:\Windows\SysNative\tasks\{F9869A67-7330-4A3B-8B28-92D8B81C7DC2}" [C:\BIOSTAR\TOVERCLOCKER\TOC.exe]
"C:\Windows\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe]
"C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Management\Norton Error Analyzer" [C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Management\Norton Error Processor" [C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton One\Norton Error Analyzer" [C:\Program Files (x86)\Norton One\Engine\3.2.2.12\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton One\Norton Error Processor" [C:\Program Files (x86)\Norton One\Engine\3.2.2.12\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Sat 12/06/2014 at 10:35:47.62 ======================
 
 
 
Thank you,
 
Efrain


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 06 December 2014 - 11:00 AM

Many greetings from Germany! :)

Step 1

Please uninstall some programs:
  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:
                                                                        Pogo Games
                                           ShopAtHome.com BrowserAppCore Service Chrome



Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

Please download and install mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
Step 5

Can you please try to post a Norton log:

...trying to find out what was this COM Surrogate message from Norton was,


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 efrain_fl8

efrain_fl8
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 06 December 2014 - 04:20 PM

Here are the results of the AdwCleaner scan:

 

# AdwCleaner v4.104 - Report created 06/12/2014 at 15:34:45
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Wanda - WANDA-PC
# Running from : C:\Users\Wanda\Desktop\Malware Scan Results\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\GameTap Web Player
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\SearchPredict
Folder Deleted : C:\Program Files (x86)\Speedbit Video Downloader
Folder Deleted : C:\Users\Efrain\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Efrain\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Efrain\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Efrain\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Folder Deleted : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Folder Deleted : C:\Users\Efrain\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Efrain\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : RunAsStdUser Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17148
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v39.0.2171.71
 
[C:\Users\Efrain\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Efrain\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Efrain\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
 
*************************
 
AdwCleaner[R0].txt - [6388 octets] - [06/12/2014 15:33:02]
AdwCleaner[S0].txt - [5843 octets] - [06/12/2014 15:34:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5903 octets] ##########
 
Thank you,
 
Efrain


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 06 December 2014 - 04:28 PM

OK...Please go ahead with the other steps as well...:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 efrain_fl8

efrain_fl8
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 06 December 2014 - 04:32 PM

The only thing I got from the Malwarebytes scan was this:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
But there were several threats detected; only one malicious threat. All other were PUP's.
 
I have not run FRST again, but now I DO NOT have any instances of COM Surrogate running in the computer any longer. I will run FRST again though. Will post shortly,
 
Thank you,
 
Efrain


#13 efrain_fl8

efrain_fl8
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 06 December 2014 - 04:38 PM

Here is the new scan result from FRST.exe after Malwarebytes was run.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 02
Ran by Wanda (administrator) on WANDA-PC on 06-12-2014 16:36:02
Running from C:\Users\Wanda\Desktop\Malware Scan Results
Loaded Profile: Wanda (Available profiles: Efrain & Wanda & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Symantec Corporation) C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-18\...\Run: [Norton Download Manager{NONE32019-ESD-FSD31014}] => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe /m
HKU\S-1-5-18\...\Run: [Norton Download Manager{N360P211018-SHPD-FSD40014}] => C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
Startup: C:\Users\Wanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1873193979-821539997-2022934919-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1873193979-821539997-2022934919-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1873193979-821539997-2022934919-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} 
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://sso.fiservsco.com/WebCaptureWeb/CheckDepositEnabler.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-29]
 
Chrome: 
=======
CHR Profile: C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-22]
CHR Extension: (Google Drive) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-22]
CHR Extension: (Google Search) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-14]
CHR Extension: (Google Wallet) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-22]
CHR Extension: (Gmail) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MCLIENT; C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2006-10-31] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2006-10-31] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [15408 2008-06-16] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\SysWOW64\drivers\BS_I2cIo.sys [16768 2006-12-11] (BIOSTAR Group) [File not signed]
R1 BS_TPIO; C:\Windows\system32\drivers\BS_TPIO64.sys [13360 2009-04-29] ()
S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-13] (Microsoft Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-08-20] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2011-05-08] (Devguru Co., Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-15] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2013-04-10] (Hauppauge Computer Works, Inc.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141205.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-03-13] (http://libusb-win32.sourceforge.net)
S2 MCSTRM; No ImagePath
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141205.018\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141205.018\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-01-01] (CACE Technologies, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [33264 2009-04-16] (Windows ® Codename Longhorn DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 15:45 - 2014-12-06 16:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-06 15:44 - 2014-12-06 15:44 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-06 15:44 - 2014-12-06 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 15:44 - 2014-12-06 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-06 15:44 - 2014-12-06 15:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-06 15:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-06 15:44 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-06 15:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-06 15:43 - 2014-12-06 15:43 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wanda\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-06 15:32 - 2014-12-06 15:35 - 00000000 ____D () C:\AdwCleaner
2014-12-06 15:32 - 2014-12-06 15:32 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-06 10:43 - 2014-12-06 16:36 - 00000000 ____D () C:\Users\Wanda\Desktop\Malware Scan Results
2014-12-06 10:20 - 2014-12-06 10:35 - 00028218 _____ () C:\zoek-results.log
2014-12-06 10:13 - 2014-12-06 10:13 - 00000000 ____D () C:\zoek_backup
2014-12-06 10:02 - 2014-12-06 16:36 - 00000000 ____D () C:\FRST
2014-11-29 23:40 - 2014-11-29 23:40 - 00000000 ____D () C:\Program Files\Logitech
2014-11-29 22:46 - 2014-11-29 22:46 - 00688992 ____R (Swearware) C:\Users\Wanda\Downloads\dds.com
2014-11-29 22:04 - 2014-11-29 22:04 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Wanda\Downloads\SpyHunter-Installer.exe
2014-11-29 21:23 - 2014-12-04 23:57 - 00000000 ____D () C:\Users\Wanda\AppData\Local\NPE
2014-11-26 08:30 - 2014-11-26 08:30 - 00456816 _____ () C:\Users\Wanda\Downloads\ShopAtHome_AppCore_7127_C114328164_D1_R1050040_B3.exe
2014-11-26 08:30 - 2014-11-26 08:30 - 00000000 ____D () C:\Users\Wanda\AppData\Roaming\Windows
2014-11-19 09:46 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:46 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 09:46 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 09:46 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 12:40 - 2014-11-18 12:51 - 00000000 ____D () C:\Users\Wanda\Documents\2014-11-18 Jury Summons 2014
2014-11-12 10:32 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:32 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:32 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 10:31 - 2014-10-25 20:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 10:31 - 2014-10-25 20:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 10:31 - 2014-10-25 20:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 10:31 - 2014-10-25 20:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 10:31 - 2014-10-25 20:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 10:31 - 2014-10-25 20:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 10:31 - 2014-10-25 20:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 10:31 - 2014-10-25 20:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 10:31 - 2014-10-25 20:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 10:31 - 2014-10-25 20:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 10:31 - 2014-10-25 19:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 10:31 - 2014-10-25 19:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 10:31 - 2014-10-25 19:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 10:31 - 2014-10-25 19:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 10:31 - 2014-10-25 19:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 10:31 - 2014-10-25 19:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 10:31 - 2014-10-25 18:22 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-11-12 10:31 - 2014-10-25 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-12 10:31 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:31 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:31 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:31 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:31 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:31 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 10:31 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:31 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:31 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:31 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:31 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 10:31 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:31 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:31 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:31 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:31 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:31 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:31 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:31 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:31 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:31 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:31 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:31 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:31 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:31 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 10:31 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 10:31 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:31 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:31 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:31 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:31 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:31 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 09:53 - 2014-11-12 15:53 - 17323696 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 16:16 - 2009-07-13 23:45 - 00032704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-06 16:16 - 2009-07-13 23:45 - 00032704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-06 16:13 - 2011-02-27 15:21 - 02092476 _____ () C:\Windows\WindowsUpdate.log
2014-12-06 16:09 - 2013-05-02 07:44 - 01162012 _____ () C:\Windows\PFRO.log
2014-12-06 16:09 - 2013-05-01 07:18 - 00059629 _____ () C:\Windows\setupact.log
2014-12-06 16:09 - 2011-06-19 12:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-06 16:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-06 15:53 - 2012-03-31 16:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-06 15:46 - 2011-06-19 12:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-06 15:29 - 2012-12-25 20:24 - 00000000 ____D () C:\ProgramData\PogoDGC
2014-12-06 15:29 - 2011-07-01 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
2014-12-06 15:29 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-06 10:29 - 2014-03-26 06:09 - 00000000 ____D () C:\Users\Wanda\AppData\Local\CrashDumps
2014-11-29 23:45 - 2014-01-18 08:15 - 00030084 _____ () C:\Windows\LDPINST.LOG
2014-11-29 23:45 - 2011-06-06 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-11-29 23:45 - 2011-06-06 22:45 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-11-29 23:42 - 2013-06-15 11:46 - 00002481 _____ () C:\Windows\LkmdfCoInst.log
2014-11-29 23:42 - 2011-06-06 22:46 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-11-29 23:40 - 2011-06-06 22:46 - 00000000 ____D () C:\ProgramData\Logishrd
2014-11-29 23:37 - 2013-03-29 15:42 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-11-29 23:37 - 2012-09-16 07:11 - 00000000 ____D () C:\Users\Efrain\AppData\Local\Akamai
2014-11-29 23:37 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-29 23:36 - 2011-03-20 15:47 - 00000000 ___RD () C:\Users\Efrain\Virtual Machines
2014-11-29 23:36 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-29 21:23 - 2011-03-05 12:07 - 00000000 ____D () C:\ProgramData\Norton
2014-11-28 20:26 - 2014-02-22 21:57 - 00088152 _____ () C:\Users\Wanda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-25 20:49 - 2013-12-02 07:58 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-18 12:48 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\My Scans
2014-11-18 12:47 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\Efrain's Jury Duty
2014-11-13 23:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 21:56 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\TOMMY'S INFORMATION
2014-11-13 21:41 - 2011-06-19 12:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 21:41 - 2011-06-19 12:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 09:22 - 2009-07-13 23:45 - 00354112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 09:20 - 2014-05-01 22:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 02:24 - 2011-03-19 07:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 02:21 - 2013-08-14 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 02:12 - 2011-02-27 15:39 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 15:04 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\Inspiration
2014-11-09 00:41 - 2014-02-22 21:30 - 00747132 _____ () C:\Windows\system32\perfh00A.dat
2014-11-09 00:41 - 2014-02-22 21:30 - 00159200 _____ () C:\Windows\system32\perfc00A.dat
2014-11-09 00:41 - 2009-07-14 00:13 - 01678290 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 12:56 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\MEDICAL INFO
2014-11-07 12:47 - 2014-02-22 22:45 - 00000000 ____D () C:\Users\Wanda\Documents\PERSONAL
2014-11-07 00:16 - 2013-10-19 11:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-07 00:15 - 2013-12-03 18:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-07 00:15 - 2013-12-03 18:18 - 00000000 ____D () C:\Program Files (x86)\Java
 
Some content of TEMP:
====================
C:\Users\Wanda\AppData\Local\Temp\Quarantine.exe
C:\Users\Wanda\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 12:30
 
==================== End Of Log ============================
 
Next post is the new Addition.txt
 
Thank you,
 
Efrain


#14 efrain_fl8

efrain_fl8
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 06 December 2014 - 04:39 PM

Here is the new Addition.txt after Malwarebytes was run.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2014 02
Ran by Wanda at 2014-12-06 16:36:45
Running from C:\Users\Wanda\Desktop\Malware Scan Results
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
ASUS Android USB Drivers (HKLM\...\{F6AEADC0-6B97-430E-B78A-C1D633A6528D}) (Version: 4.0.6753 - ASUSTeK Computer Inc.)
ASUS Sync (HKLM-x32\...\{488E9FD9-7C30-4120-8790-410F46F13CD6}) (Version: 1.0.97 - FutureDial Inc.)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.143.296 - ASUS Cloud Corporation)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version:  - )
Canon MX430 series User Registration (HKLM-x32\...\Canon MX430 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kies mini (HKLM-x32\...\InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Kies mini (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{46EA439E-2D16-49B6-AA80-00DE992FE7CE}) (Version: 7601 - Microsoft)
Morgan Stream Switcher (HKLM-x32\...\mmswitch) (Version:  - )
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10400.4.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10600.4.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10600.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10300.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.10800.7.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10400.3.100 - Nero AG)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton One (HKLM-x32\...\MCLIENT) (Version: 3.2.2.12 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Season Match 2 (HKLM-x32\...\Season Match 2) (Version:  - Pogo.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Simpo PDF to Word (HKLM-x32\...\Simpo PDF to Word_is1) (Version:  - Simpo Technologies)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Technical Support Web Controls (HKLM-x32\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip (HKLM-x32\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version:  - PopCap Games)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-11-2014 07:09:26 Windows Update
20-11-2014 08:00:15 Windows Update
29-11-2014 00:16:09 Scheduled Checkpoint
06-12-2014 14:40:24 Scheduled Checkpoint
06-12-2014 15:20:01 zoek.exe restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2011-12-10 21:31 - 00000823 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1       www.applian.securesites.com
161.58.195.155   tempdomainname.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09F1A151-8D8F-4C82-9AC4-BE5E3E93F3E3} - System32\Tasks\{F9869A67-7330-4A3B-8B28-92D8B81C7DC2} => C:\BIOSTAR\TOVERCLOCKER\TOC.exe
Task: {0D16C4DD-3573-4F1D-856F-77BCD404DE28} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {15B1C88B-B319-481C-BFAC-9835A3FE15CE} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {19662CE4-CBD5-480B-8B2C-4127B68F9586} - System32\Tasks\{D9A028FA-76DF-C2AB-282C-9EAD4AF9C7EA} => C:\Windows\system32\gjuiw.dll/s "C:\Windows\system32\gjuiw.dll"
Task: {1A58D61B-5E7D-46FF-881E-D3800ED6B7BF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {437598A0-A22A-4903-A89C-4AD696D3989E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {459E66F9-5C02-4418-B954-B4624BA3E494} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {54A2DC8E-214D-4B60-98CE-40CB8A6E338E} - System32\Tasks\Norton One\Norton Error Analyzer => C:\Program Files (x86)\Norton One\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {6A89E8E7-C0AD-47A1-B889-313C007CB7BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {6C270EC0-BBA3-4079-8A70-5B3842036571} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [2013-03-01] (Futuredial Inc.)
Task: {797A5CFB-0394-4D9D-B707-E1AC0C9FE150} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {7A8C638F-D638-45B1-9143-5F516F16CA00} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {804316C9-6A9D-4CF2-8F58-5CF765E5A9CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {83C88AB0-3F97-491C-ABA0-663C1EAC4898} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8FA88EA8-4D2C-4272-915D-88488604FEBE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {95E11C1B-150E-48FA-A80B-325BAA801A84} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {99D850D9-B59F-4EE9-9152-8FC0BE7907DF} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {9BD53C89-E806-4130-8CC7-BC242B911DB7} - System32\Tasks\Norton One\Norton Error Processor => C:\Program Files (x86)\Norton One\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {B5000ABB-098F-4915-8448-5BF1E23FAE38} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B6847AF5-9AFB-4338-8909-AFFE111C25A0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BCD700E2-3E27-4212-B64F-F63B83F0D2ED} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {BD789DE4-7EC9-448D-A5D7-385214B307AC} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C3800AF8-6F67-49DA-8BED-BB5AF76A7AA3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {D071E98F-902C-4DCB-B881-F13C6C23B417} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DEE2F890-5BD0-4E3F-BFFF-ED095DC3D3C7} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1873193979-821539997-2022934919-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {E8C7F287-13C3-4F0F-AE4D-B80DFB9D303F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {F9C65123-617F-4FA2-817D-A1B8D6392920} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FD522578-7A8F-401F-94BD-6CC430FC94BF} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {FE810FF5-3E2D-408E-9FBA-257FE7F5C7B3} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-08-31 18:13 - 2011-08-31 18:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-20 08:32 - 2008-06-19 23:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-11-25 20:49 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-25 20:49 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-25 20:49 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 20:49 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:2B11E0DF
AlternateDataStreams: C:\ProgramData\TEMP:5690D76E
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Efrain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ASUS Sync Loader => "C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe" -startup
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: DAP10 => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1873193979-821539997-2022934919-500 - Administrator - Disabled)
Efrain (S-1-5-21-1873193979-821539997-2022934919-1001 - Administrator - Enabled) => C:\Users\Efrain
Guest (S-1-5-21-1873193979-821539997-2022934919-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1873193979-821539997-2022934919-1002 - Limited - Enabled)
Wanda (S-1-5-21-1873193979-821539997-2022934919-1003 - Administrator - Enabled) => C:\Users\Wanda
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/06/2014 04:16:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 808
 
Start Time: 01d01198f52dc5f1
 
Termination Time: 0
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 16c95461-7d8d-11e4-85ff-003067640569
 
Error: (12/06/2014 10:20:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0x334
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3
 
Error: (12/06/2014 10:20:41 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.InternalSubStringWithChecks(Int32, Int32, Boolean)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (12/03/2014 01:32:23 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <10, 0x80070005, "">.
 
Error: (11/29/2014 11:07:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1148
 
Start Time: 01d00c531723b4e0
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 6bf9df37-7846-11e4-b450-003067640569
 
Error: (11/29/2014 11:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ad8
 
Start Time: 01d00c47b9544637
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 45ebf095-7846-11e4-b450-003067640569
 
Error: (11/29/2014 09:45:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2890
 
Start Time: 01d00c47a701fc1b
 
Termination Time: 35
 
Application Path: C:\Windows\explorer.exe
 
Report Id: f4801217-783a-11e4-b450-003067640569
 
Error: (11/29/2014 09:45:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2b50
 
Start Time: 01d00c47401b1db1
 
Termination Time: 35
 
Application Path: C:\Windows\explorer.exe
 
Report Id: e26b2c88-783a-11e4-b450-003067640569
 
Error: (11/29/2014 09:42:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9f0
 
Start Time: 01d00c462ab7c805
 
Termination Time: 16
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 7a6c29cf-783a-11e4-b450-003067640569
 
Error: (11/23/2014 10:50:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17148 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 13fc
 
Start Time: 01d0078e7bead535
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
 
System errors:
=============
Error: (12/06/2014 04:09:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error: 
%%2
 
Error: (12/06/2014 04:07:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/06/2014 04:07:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/06/2014 04:07:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/06/2014 04:07:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/06/2014 04:07:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/06/2014 04:07:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/06/2014 04:07:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/06/2014 04:07:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/06/2014 04:07:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
Microsoft Office Sessions:
=========================
Error: (12/06/2014 04:16:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756780801d01198f52dc5f10C:\Windows\Explorer.EXE16c95461-7d8d-11e4-85ff-003067640569
 
Error: (12/06/2014 10:20:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DaS_21.exe2.1.0.4540c90b2KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d33401d011682e62062eC:\Users\Wanda\AppData\Local\Temp\DaS_21.exeC:\Windows\system32\KERNELBASE.dll76fd4e79-7d5b-11e4-834a-003067640569
 
Error: (12/06/2014 10:20:41 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.InternalSubStringWithChecks(Int32, Int32, Boolean)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (12/03/2014 01:32:23 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 100x80070005
 
Error: (11/29/2014 11:07:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567114801d00c531723b4e00C:\Windows\explorer.exe6bf9df37-7846-11e4-b450-003067640569
 
Error: (11/29/2014 11:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567ad801d00c47b95446370C:\Windows\explorer.exe45ebf095-7846-11e4-b450-003067640569
 
Error: (11/29/2014 09:45:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567289001d00c47a701fc1b35C:\Windows\explorer.exef4801217-783a-11e4-b450-003067640569
 
Error: (11/29/2014 09:45:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.175672b5001d00c47401b1db135C:\Windows\explorer.exee26b2c88-783a-11e4-b450-003067640569
 
Error: (11/29/2014 09:42:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175679f001d00c462ab7c80516C:\Windows\Explorer.EXE7a6c29cf-783a-11e4-b450-003067640569
 
Error: (11/23/2014 10:50:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.1714813fc01d0078e7bead53516C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-02 21:07:29.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:07:25.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:07:18.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:07:05.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:07:03.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:07:00.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:06:54.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:06:41.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:05:44.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-02 21:05:38.162
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ljkb\lmrn.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 29%
Total physical RAM: 8119.12 MB
Available physical RAM: 5731.16 MB
Total Pagefile: 16236.41 MB
Available Pagefile: 13805.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:293.83 GB) NTFS
Drive d: (Storage) (Fixed) (Total:149.04 GB) (Free:67.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: C84A899F)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AB910A50)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:49 PM

Posted 06 December 2014 - 04:59 PM

Malwarebytes Scan:

How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

Edited by deeprybka, 06 December 2014 - 05:00 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users