So I am doing this for another person's computer, as my own is different. What is going on is that whenever the person goes to netflix or other websites, a pop up appears, as well as a back page of pop ups, and they continue to keep spawning. It is sporadic with the other websites but most notably it is netflix, which is the website the person who owns the computer goes to often.
From what we have gathered, it is something called PicColor and HitBlender, which we have removed the extension that was in Chrome.
Here is the DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17496
Run by Grammie at 21:23:32 on 2014-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2008.1141 [GMT -6:00]
.
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\STacSV.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe
C:\ProgramData\PicColor Utility\ColorMedia.exe
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\ProgramData\PicColor Utility\PicColor.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\HitsBlenderUpdater\HitsBlenderUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\vVX3000.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.6.0.32\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.6.0.32\ips\IPSBHO.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.6.0.32\CoIEPlg.dll
uRun: [Facebook Update] "c:\users\grammie\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [HitsBlender] "c:\program files\hitsblender\hitsblender.exe" -s
uRunOnce: [Adobe Speed Launcher] 1419436572
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "c:\programdata\malwarebytes\malwarebytes anti-malware\mbamdor.exe" "c:\programdata\malwarebytes\Malwarebytes Anti-Malware"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\ColorMedia.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{52214220-9A99-44D8-BB02-80FF9C6DD0E2} : DHCPNameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{52214220-9A99-44D8-BB02-80FF9C6DD0E2}\348414E444 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{52214220-9A99-44D8-BB02-80FF9C6DD0E2}\441696C69702742796E64602745756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{52214220-9A99-44D8-BB02-80FF9C6DD0E2}\45F6D637D20534D275962756C6563737 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{52214220-9A99-44D8-BB02-80FF9C6DD0E2}\94E6475627E65647 : DHCPNameServer = 208.67.222.222 208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1506000.020\SymDS.sys [2014-10-13 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1506000.020\SymEFA.sys [2014-10-13 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.6.0.32\definitions\bashdefs\20141209.001\BHDrvx86.sys [2014-12-11 1138392]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1506000.020\ccSetx86.sys [2014-10-13 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton 360\nortondata\21.6.0.32\definitions\ipsdefs\20141226.001\IDSvix86.sys [2014-12-26 479448]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1506000.020\Ironx86.sys [2014-10-13 209624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1506000.020\symnets.sys [2014-10-13 447704]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe [2009-10-3 81920]
R2 HTCMonitorService;HTCMonitorService;c:\program files\htc\htc sync manager\HSMServiceEntry.exe [2014-8-4 87368]
R2 N360;Norton 360;c:\program files\norton 360\engine\21.6.0.32\N360.exe [2014-10-13 265040]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2013-10-17 166912]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-10-2 648432]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-10-2 144128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-12-13 111408]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
RUnknown ColorMedia;ColorMedia; [x]
RUnknown PicColor Service;PicColor Service; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\docklogin.exe --> c:\program files\dell\delldock\DockLogin.exe [?]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-10-28 87064]
S3 ghsdiagMDM;Handset Diagnostic Port;c:\windows\system32\drivers\ghsdiagMDM.sys [2011-11-28 106624]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2013-10-17 23040]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-12-9 102912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-20 14848]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-10-28 182680]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-20 49664]
.
=============== Created Last 30 ================
.
2014-12-28 02:59:12 52440 ----a-w- c:\windows\system32\drivers\lknhwbs.sys
2014-12-28 02:13:33 52440 ----a-w- c:\windows\system32\drivers\cjnfg.sys
2014-12-28 01:39:19 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-28 01:38:52 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-28 01:38:52 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-28 01:38:52 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-28 01:38:52 -------- d-----w- c:\programdata\Malwarebytes
2014-12-28 01:38:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-19 02:08:50 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-14 10:19:29 332568 ----a-w- c:\windows\system32\ColorMedia.dll
2014-12-14 10:18:29 -------- d-----w- c:\programdata\PurpleRain
2014-12-14 10:17:04 -------- d-----w- c:\users\grammie\appdata\local\hitsblender
2014-12-14 10:16:46 -------- d-----w- c:\program files\HitsBlenderUpdater
2014-12-14 10:16:12 -------- d-----w- c:\programdata\PicColor Utility
2014-12-14 10:15:19 -------- d-----w- c:\users\grammie\appdata\roaming\SimpleFiles
2014-12-10 09:13:29 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 09:10:21 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 09:10:21 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-10 09:10:21 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 09:10:21 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 09:10:21 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 02:43:59 815280 ----a-w- c:\program files\internet explorer\iexplore.exe
2014-12-10 02:43:33 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 02:43:22 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 02:43:22 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 02:43:22 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 02:43:22 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 02:43:22 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 02:43:22 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-03 06:31:20 227048 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2014-12-10 04:11:07 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 04:11:07 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-04 04:38:59 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 04:38:45 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 04:38:40 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 04:38:37 728576 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 04:38:36 202752 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 04:38:36 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 04:34:13 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28:26 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-22 02:20:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55:14 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54:30 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48:26 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22:49 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-11 02:44:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32:14 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50:41 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-13 06:40:15 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 01:44:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44:26 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- c:\windows\system32\AudioSes.dll
.
============= FINISH: 21:24:39.08 ===============
From what we have gathered, it is something called PicColor and HitBlender, which we have removed the extension that was in Chrome.
Here is the DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17496
Run by Grammie at 21:23:32 on 2014-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2008.1141 [GMT -6:00]
.
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\STacSV.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe
C:\ProgramData\PicColor Utility\ColorMedia.exe
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\ProgramData\PicColor Utility\PicColor.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\HitsBlenderUpdater\HitsBlenderUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\vVX3000.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.6.0.32\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.6.0.32\ips\IPSBHO.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.6.0.32\CoIEPlg.dll
uRun: [Facebook Update] "c:\users\grammie\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [HitsBlender] "c:\program files\hitsblender\hitsblender.exe" -s
uRunOnce: [Adobe Speed Launcher] 1419436572
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "c:\programdata\malwarebytes\malwarebytes anti-malware\mbamdor.exe" "c:\programdata\malwarebytes\Malwarebytes Anti-Malware"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\ColorMedia.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{52214220-9A99-44D8-BB02-80FF9C6DD0E2} : DHCPNameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{52214220-9A99-44D8-BB02-80FF9C6DD0E2}\348414E444 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{52214220-9A99-44D8-BB02-80FF9C6DD0E2}\441696C69702742796E64602745756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{52214220-9A99-44D8-BB02-80FF9C6DD0E2}\45F6D637D20534D275962756C6563737 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{52214220-9A99-44D8-BB02-80FF9C6DD0E2}\94E6475627E65647 : DHCPNameServer = 208.67.222.222 208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1506000.020\SymDS.sys [2014-10-13 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1506000.020\SymEFA.sys [2014-10-13 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.6.0.32\definitions\bashdefs\20141209.001\BHDrvx86.sys [2014-12-11 1138392]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1506000.020\ccSetx86.sys [2014-10-13 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton 360\nortondata\21.6.0.32\definitions\ipsdefs\20141226.001\IDSvix86.sys [2014-12-26 479448]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1506000.020\Ironx86.sys [2014-10-13 209624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1506000.020\symnets.sys [2014-10-13 447704]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe [2009-10-3 81920]
R2 HTCMonitorService;HTCMonitorService;c:\program files\htc\htc sync manager\HSMServiceEntry.exe [2014-8-4 87368]
R2 N360;Norton 360;c:\program files\norton 360\engine\21.6.0.32\N360.exe [2014-10-13 265040]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2013-10-17 166912]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-10-2 648432]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-10-2 144128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-12-13 111408]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
RUnknown ColorMedia;ColorMedia; [x]
RUnknown PicColor Service;PicColor Service; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\docklogin.exe --> c:\program files\dell\delldock\DockLogin.exe [?]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-10-28 87064]
S3 ghsdiagMDM;Handset Diagnostic Port;c:\windows\system32\drivers\ghsdiagMDM.sys [2011-11-28 106624]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2013-10-17 23040]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-12-9 102912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-20 14848]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-10-28 182680]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-20 49664]
.
=============== Created Last 30 ================
.
2014-12-28 02:59:12 52440 ----a-w- c:\windows\system32\drivers\lknhwbs.sys
2014-12-28 02:13:33 52440 ----a-w- c:\windows\system32\drivers\cjnfg.sys
2014-12-28 01:39:19 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-28 01:38:52 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-28 01:38:52 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-28 01:38:52 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-28 01:38:52 -------- d-----w- c:\programdata\Malwarebytes
2014-12-28 01:38:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-19 02:08:50 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-14 10:19:29 332568 ----a-w- c:\windows\system32\ColorMedia.dll
2014-12-14 10:18:29 -------- d-----w- c:\programdata\PurpleRain
2014-12-14 10:17:04 -------- d-----w- c:\users\grammie\appdata\local\hitsblender
2014-12-14 10:16:46 -------- d-----w- c:\program files\HitsBlenderUpdater
2014-12-14 10:16:12 -------- d-----w- c:\programdata\PicColor Utility
2014-12-14 10:15:19 -------- d-----w- c:\users\grammie\appdata\roaming\SimpleFiles
2014-12-10 09:13:29 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 09:10:21 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 09:10:21 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-10 09:10:21 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 09:10:21 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 09:10:21 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 02:43:59 815280 ----a-w- c:\program files\internet explorer\iexplore.exe
2014-12-10 02:43:33 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 02:43:22 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 02:43:22 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 02:43:22 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 02:43:22 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 02:43:22 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 02:43:22 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-03 06:31:20 227048 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2014-12-10 04:11:07 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 04:11:07 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-04 04:38:59 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 04:38:45 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 04:38:40 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 04:38:37 728576 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 04:38:36 202752 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 04:38:36 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 04:34:13 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28:26 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-22 02:20:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55:14 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54:30 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48:26 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22:49 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-11 02:44:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32:14 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50:41 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-13 06:40:15 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 01:44:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44:26 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- c:\windows\system32\AudioSes.dll
.
============= FINISH: 21:24:39.08 ===============