TechSpot

HP laptop with serious infestation

By blairman
Nov 16, 2014
  1. Malwarebytes 2nd scan, first did not save,
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 11/16/2014
    Scan Time: 2:15:27 PM
    Logfile: malwarebytesscan.txt
    Administrator: Yes
    Version: 2.00.3.1025
    Malware Database: v2014.11.16.05
    Rootkit Database: v2014.11.12.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Sally
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 315136
    Time Elapsed: 44 min, 35 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)

    (end)

    DDS notepad
    DDS (Ver_2012-11-20.01) - NTFS_x86

    DDS attach notepad
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/9/2011 7:14:00 PM
    System Uptime: 11/16/2014 1:22:38 PM (0 hours ago)
    .
    Motherboard: Wistron | | 3612
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 455 GiB total, 312.585 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.822 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 15 ActiveX
    Adobe Reader 9
    Adobe Shockwave Player
    American Greetings® CreataCard® Platinum 5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CyberLink DVD Suite
    CyberLink YouCam
    ESU for Microsoft Vista
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.7
    HP FWUpdateEDO2
    HP Help and Support
    HP Officejet Pro 8600 Help
    HP Officejet Pro 8600 Product Improvement Study
    HP Officejet Pro 8610 Basic Device Software
    HP Officejet Pro 8610 Help
    HP Photosmart Essential
    HP Quick Launch Buttons 6.40 H2
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPDiagnosticAlert
    HPNetworkAssistant
    HPSSupply
    HTC Driver Installer
    HTC Sync Manager
    I.R.I.S. OCR
    Intel(R) Graphics Media Accelerator Driver
    IPTInstaller
    iTunes
    Java 7 Update 60
    Java Auto Updater
    Java(TM) 6 Update 7
    Juno Preloader
    LabelPrint
    LightScribe System Software 1.14.17.1
    Malwarebytes Anti-Malware version 2.0.3.1025
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Live Search Toolbar
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Premium
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My HP Games
    NetWaiting
    Norton 360
    Norton Internet Security
    Photo Organizer
    Power2Go
    PowerDirector
    Product Improvement Study for HP Officejet Pro 8610
    QuickTime 7
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Office 2007 (KB934528)
    Yahoo! Detect
    .
    ==== End Of File ===========================

    Internet Explorer: 9.0.8112.16592 BrowserJavaVersion: 10.60.2
    Run by Sally at 13:39:24 on 2014-11-16
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1676 [GMT -5:00]
    .
    AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\dllhost.exe
    C:\Windows\system32\dllhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uProxyOverride = <-loopback>
    uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.6.0.32\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.6.0.32\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.6.0.32\coieplg.dll
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [HP Officejet Pro 8610 (NET)] "c:\program files\hp\hp officejet pro 8610\bin\ScanToPCActivationApp.exe" -deviceID "CN48QDX0BQ:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\sally\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\AGRemind.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001060-0002-0060-ABCDEFFEDCBC} - <orphaned>
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{54169E57-2CB7-45FF-A0FC-CBC81E1EA141} : DHCPNameServer = 192.168.1.1
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1506000.020\symds.sys [2014-9-25 367704]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1506000.020\symefa.sys [2014-9-25 936152]
    R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.1.1.7\definitions\bashdefs\20141107.001\BHDrvx86.sys [2014-11-10 1138392]
    R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1506000.020\ccsetx86.sys [2014-9-25 127064]
    R1 IDSVix86;IDSVix86;c:\program files\norton 360\nortondata\21.1.1.7\definitions\ipsdefs\20141114.001\IDSvix86.sys [2014-11-14 476888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1506000.020\ironx86.sys [2014-9-25 209624]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1506000.020\symtdiv.sys [2014-9-25 384728]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 HTCMonitorService;HTCMonitorService;c:\program files\htc\htc sync manager\HSMServiceEntry.exe [2013-4-12 87368]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-16 1871160]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-16 968504]
    R2 N360;Norton 360;c:\program files\norton 360\engine\21.6.0.32\n360.exe [2014-9-25 265040]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-12-7 167424]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-9 365952]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-9 193840]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-9-9 111408]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-16 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-16 114904]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-16 51928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2013-8-25 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 23040]
    S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2009-10-27 105984]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
    .
    =============== Created Last 30 ================
    .
    2014-11-16 17:33:57 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-16 17:29:45 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-16 17:29:45 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-16 17:29:45 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-16 17:29:45 -------- d-----w- c:\programdata\Malwarebytes
    2014-11-16 17:29:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-11-13 09:03:38 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-11-13 09:03:33 619520 ----a-w- c:\windows\system32\adtschema.dll
    2014-11-13 09:03:18 449536 ----a-w- c:\windows\system32\termsrv.dll
    2014-11-13 09:03:16 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2014-11-13 09:01:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-11-13 09:01:41 1249280 ----a-w- c:\windows\system32\msxml3.dll
    2014-11-13 08:58:27 278528 ----a-w- c:\windows\system32\schannel.dll
    2014-11-13 08:57:09 67072 ----a-w- c:\windows\system32\packager.dll
    2014-11-13 08:55:20 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
    2014-11-13 08:49:21 316928 ----a-w- c:\windows\system32\audiosrv.dll
    2014-11-13 08:49:19 396800 ----a-w- c:\windows\system32\AudioEng.dll
    2014-11-13 08:49:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-11-13 08:49:18 170496 ----a-w- c:\windows\system32\EncDump.dll
    2014-11-13 08:47:47 564224 ----a-w- c:\windows\system32\oleaut32.dll
    2014-11-13 08:04:29 2054656 ----a-w- c:\windows\system32\win32k.sys
    2014-11-09 14:38:57 -------- d-----w- c:\users\sally\appdata\local\IAC
    2014-11-09 14:29:55 597512 ------w- c:\windows\system32\HPDiscoPM7112.dll
    2014-10-21 00:54:13 -------- d--h--w- c:\programdata\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
    .
    ==================== Find3M ====================
    .
    2014-11-12 01:12:33 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-12 01:12:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-10-27 19:05:44 1810944 ----a-w- c:\windows\system32\jscript9.dll
    2014-10-27 18:59:06 1129472 ----a-w- c:\windows\system32\wininet.dll
    2014-10-27 18:58:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-10-27 18:56:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-10-27 18:56:40 421376 ----a-w- c:\windows\system32\vbscript.dll
    2014-10-27 18:55:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-10-27 18:55:17 11776 ----a-w- c:\windows\system32\mshta.exe
    2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-04 23:27:58 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
    2014-08-26 02:20:22 664792 ----a-w- c:\windows\system32\drivers\n360\1506000.020\srtsp.sys
    2014-08-26 02:20:22 32984 ----a-w- c:\windows\system32\drivers\n360\1506000.020\srtspx.sys
    2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
    .
    ============= FINISH: 13:41:12.86 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes icon in the system tray and click on Exit.
     
  3. blairman

    blairman TS Rookie Topic Starter Posts: 88

    RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Sally [Administrator]
    Mode : Delete -- Date : 11/17/2014 06:26:13
    ¤¤¤ Processes : 2 ¤¤¤
    [Proc.Injected] dllhost.exe -- C:\Windows\system32\dllhost.exe[7] -> Killed [TermProc]
    [Proc.Svchost] svchost.exe -- C:\Program Files\Internet Explorer\iexplore.exe[7] -> Killed [TermThr]
    ¤¤¤ Registry : 5 ¤¤¤
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> ERROR [2]
    [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Replaced (0)
    [Tr.Poweliks] HKEY_USERS\S-1-5-21-999287110-3378381917-3572788942-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> ERROR [2]
    ¤¤¤ Tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ Hosts File : 2 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] ::1 localhost
    ¤¤¤ Antirootkit : 141 (Driver: Loaded) ¤¤¤
    [SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x87ff1c78
    [SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x87ff1d10
    [SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x87ef8f38
    [SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x87df02b8
    [SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x884936e0
    [SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x88493a90
    [SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x884934d8
    [SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x87ec4090
    [SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x88493778
    [SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x87ef8fc0
    [SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x87ef8de8
    [SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x88493b38
    [SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x88493bb0
    [SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x87df0240
    [SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x87ef8d30
    [SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x884939f8
    [SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x87ef8040
    [SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x8831c848
    [SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x884938c8
    [SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x8831c1a8
    [SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x88493638
    [SSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : Unknown @ 0x88493430
    [SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x87ff1da8
    [SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x87ff1f70
    [SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x87ef8bf0
    [SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x88493810
    [SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x88493960
    [SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x87ff1e40
    [SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8824cdc0
    [SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x87ff1ed8
    [SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x87ef8c98
    [SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x87ef8e90
    [SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x88493580
    [ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x889c1700
    [ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x88678350
    [ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x88679d30
    [ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x8868c750
    [ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x8866d260
    [ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x88674ab8
    [ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x88671798
    [ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x8863eea0
    [ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x88a10ca0
    [ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x889c0650
    [IAT:Inl] (iexplore.exe @ IPSLdr32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ ole32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ msvcrt.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ USER32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ ADVAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ RPCRT4.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ OLEAUT32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ SHLWAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ SHELL32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ urlmon.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ iertutil.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ WININET.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ IMM32.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ MSCTF.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ comctl32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ IEFRAME.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ OLEACC.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ comdlg32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ uxtheme.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ ASOEHOOK.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ COMCTL32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ MSVCR100.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ IPSEng32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ CRYPT32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ USERENV.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ ccL120U.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ ws2_32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ dhcpcsvc.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ DNSAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ dhcpcsvc6.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ MSHTML.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ dxgi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ NTMARTA.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ RASAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ NETAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ TAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ rtutils.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ WINMM.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ mswsock.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ NLAapi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ Dxtrans.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ Flash32_15_0_0_223.ocx) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ DSOUND.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ WINSPOOL.DRV) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ GPAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ MMDevApi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ audioeng.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ WINSTA.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ MSVCR80.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ d3d9.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
    [IAT:Inl] (iexplore.exe @ IPSLdr32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ ole32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ msvcrt.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ USER32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ ADVAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ RPCRT4.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ OLEAUT32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ SHLWAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ SHELL32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ urlmon.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ iertutil.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ WININET.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ IMM32.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ MSCTF.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ comctl32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ IEFRAME.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ OLEACC.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ uxtheme.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ comdlg32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ ASOEHOOK.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ COMCTL32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ MSVCR100.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ IPSEng32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ CRYPT32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ USERENV.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ WS2_32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ ccL120U.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ dhcpcsvc.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ DNSAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ dhcpcsvc6.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ MSHTML.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ dxgi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ NTMARTA.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ RASAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ NETAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ TAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ rtutils.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ WINMM.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ mswsock.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ NLAapi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ GPAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ Dxtrans.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ WINSPOOL.DRV) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ Flash32_15_0_0_223.ocx) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ DSOUND.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ MMDevApi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ audioeng.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    [IAT:Inl] (iexplore.exe @ WINSTA.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 09778080031d7367d06e0d5c9a493caa
    [BSP] f5619e288538777490d4e8663d19c045 : Toshiba MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 465753 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 953864192 | Size: 11183 MB
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive1: +++++
    --- User ---
    [MBR] f4aac54a2faddd3beb5015259f7d81d0
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 44 | Size: 15275 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    ============================================
    RKreport_SCN_11172014_062159.log - RKreport_DEL_11172014_062545.log

    malwarebytes anti root kit found no malware, nothing to clean up
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We have Poweliks infection there.

    RogueKiller fixes some but let's double check.

    Please download Powelikscleaner (by ESET) and save it to your Desktop.

    1. Double-click on ESETPoweliksCleaner.exe to start the tool.

    2. Read the terms of the End-user license agreement and click Agree.

    3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

    [​IMG]

    4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

    [​IMG]

    The tool will produce a log in the same directory the tool was run from.

    That log is usually pretty long so as an exception you can attach it.
     
  5. blairman

    blairman TS Rookie Topic Starter Posts: 88

    Latest malwarebytes scan
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 11/18/2014
    Scan Time: 7:02:59 AM
    Logfile: malwarebytesscan.txt
    Administrator: Yes
    Version: 0.00.0.0000
    Malware Database: v2014.11.18.04
    Rootkit Database: v2014.11.12.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Sally
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 314893
    Time Elapsed: 11 min, 21 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)

    (end)
     
  6. blairman

    blairman TS Rookie Topic Starter Posts: 88

    Eset powelik text Broni, computer seems to be back. moving very quickly now,


    log way too long to post
    what next?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

     
  8. blairman

    blairman TS Rookie Topic Starter Posts: 88

    Broni, I tried to post it, and I said it was too long, I divided in it half, still too long, how do I do this exception thing
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Click on "Upload a File" button to attach log to your reply.
     
  10. blairman

    blairman TS Rookie Topic Starter Posts: 88

    Broni, sorry, tried on 3 computers to upload the file, tried to rename it to a .pdf, .doc, and when I open the upload a file window, it does not see anything by eset. all 3 computers are the same.
     
    maccnacc likes this.
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    ESETPoweliksCleaner.exe_xxxxxx.log is located in the very same place where you ran ESETPoweliksCleaner from.
     
  12. blairman

    blairman TS Rookie Topic Starter Posts: 88

    Yes sir, when I use windows explorer, I can see it, when I hit the upload a file button below, I only see folders, not files. the drop down says all files, then a bunch of possible extensions, but they don't show up. tried to delete the all file from the drop down, and could not. tried to upload from 3 different computers. I think there is an issue with the upload files app. again, I see the file in windows explorer, just can't see it in the upload file browsing box.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    See if you can...

    Upload the file(s) here: http://www.sendspace.com/
    Click on Browse button and navigate to the file you want to upload.
    Click on Upload button.
    Click on FIRST Copy Link button and paste the link in your next reply.
     
  14. blairman

    blairman TS Rookie Topic Starter Posts: 88

  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very good. Poweliks is gone.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  16. blairman

    blairman TS Rookie Topic Starter Posts: 88

    Broni, haven't mentioned this yet, maybe I should. I have not been able to download anything to this laptop. I have been downloading the apps to my net book, then copying them to a thumb drive to transfer to this laptop. the files download, get to 100% then say "file could not be downloaded, with a retry, which never works, cancel and view downloads. is this somthing that is part of the virus or another problem.???
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    What is the exact error message?
     
  18. blairman

    blairman TS Rookie Topic Starter Posts: 88

    Yellow bar appears on bottom of screen. asks to run, save (w/dropdown) or cancel I have been selecting save's dropdown, save to I select desktop, and then the save button.
    the file appears to download, with the percentage of download counter running right up to 100%, then immediately says file could not be downloaded, with a retry, (which never works), cancel and view downloads buttons. only works on my netbook, hp desktop not working either. stops at 0%, but that is a different computer. but coincidental?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We'll keep checking.
    Go ahead with Combofix.
     
  20. blairman

    blairman TS Rookie Topic Starter Posts: 88

    ComboFix 14-11-18.01 - Sally 11/19/2014 22:27:20.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1759 [GMT -5:00]
    Running from: c:\users\Sally\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
    SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\FunWebProducts
    c:\program files\MyWebSearch
    c:\users\Sally\AppData\Local\BrowserSafeguard
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-10-20 to 2014-11-20 )))))))))))))))))))))))))))))))
    .
    .
    2014-11-20 05:46 . 2014-11-20 05:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-11-19 02:01 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-17 21:04 . 2014-11-17 21:04 -------- d-----w- c:\programdata\WindowsSearch
    2014-11-17 11:47 . 2014-11-18 01:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-11-17 02:34 . 2014-11-17 02:34 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-11-17 02:34 . 2014-11-17 02:34 -------- d-----w- c:\programdata\RogueKiller
    2014-11-16 17:33 . 2014-11-20 02:58 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-16 17:29 . 2014-11-20 01:23 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-11-16 17:29 . 2014-11-17 11:43 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-16 17:29 . 2014-11-16 17:29 -------- d-----w- c:\programdata\Malwarebytes
    2014-11-16 17:29 . 2014-10-01 16:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-16 17:29 . 2014-10-01 16:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-13 09:03 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-11-13 09:03 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
    2014-11-13 09:03 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
    2014-11-13 09:03 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2014-11-13 09:01 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-11-13 09:01 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
    2014-11-13 08:58 . 2014-09-19 00:50 278528 ----a-w- c:\windows\system32\schannel.dll
    2014-11-13 08:57 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
    2014-11-13 08:55 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
    2014-11-13 08:49 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
    2014-11-13 08:49 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
    2014-11-13 08:49 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-11-13 08:49 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
    2014-11-13 08:47 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
    2014-11-13 08:04 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys
    2014-11-09 14:38 . 2014-11-09 14:38 -------- d-----w- c:\users\Sally\AppData\Local\IAC
    2014-11-09 14:29 . 2014-03-06 16:48 597512 ------w- c:\windows\system32\HPDiscoPM7112.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-12 01:12 . 2012-03-29 22:57 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-11-12 01:12 . 2011-08-10 00:55 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-09-09 06:24 . 2014-09-24 07:00 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-04 23:27 . 2014-10-16 07:03 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
    2014-08-26 02:20 . 2014-09-25 21:24 32984 ----a-w- c:\windows\system32\drivers\N360\1506000.020\srtspx.sys
    2014-08-26 02:20 . 2014-09-25 21:24 664792 ----a-w- c:\windows\system32\drivers\N360\1506000.020\srtsp.sys
    2014-08-23 01:03 . 2014-08-28 07:00 297984 ----a-w- c:\windows\system32\gdi32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "HP Officejet Pro 8610 (NET)"="c:\program files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" [2014-03-06 2427400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
    "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-01 152392]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
    .
    c:\users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe /Q [2011-9-22 323584]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 01:12]
    .
    2014-11-17 c:\windows\Tasks\HPCeeScheduleForSally.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-09 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <-loopback>
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    Toolbar-10 - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-11-20 00:46
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    "ImagePath"="\SystemRoot\System32\Drivers\N360\1506000.020\SYMTDIV.SYS"
    "TrustedImagePaths"="c:\program files\Norton 360\Engine\21.6.0.32"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2014-11-20 00:50:55
    ComboFix-quarantined-files.txt 2014-11-20 05:50
    .
    Pre-Run: 333,126,983,680 bytes free
    Post-Run: 354,571,001,856 bytes free
    .
    - - End Of File - - 642950314694CDF5D5E8BF69F9CD9A34
    588AE8F0C685C02BA11F30D9CD7E61A0
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  22. blairman

    blairman TS Rookie Topic Starter Posts: 88

    # AdwCleaner v4.101 - Report created 21/11/2014 at 05:40:36
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-16.1 [Live]
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Sally - SALLY-PC
    # Running from : C:\Users\Sally\Desktop\adwcleaner_4.101.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\ProgramData\VisualBee
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\CursorMania
    Folder Deleted : C:\Program Files\Dogpile Bundle Toolbar
    Folder Deleted : C:\Program Files\iMesh Applications
    Folder Deleted : C:\Program Files\PopularScreensavers
    Folder Deleted : C:\Program Files\V-bates
    Folder Deleted : C:\Windows\system32\SearchProtect
    Folder Deleted : C:\Users\Sally\AppData\Local\Conduit
    Folder Deleted : C:\Users\Sally\AppData\Local\iac
    Folder Deleted : C:\Users\Sally\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Sally\AppData\Local\visi_coupon
    Folder Deleted : C:\Users\Sally\AppData\Local\WeatherAlerts
    Folder Deleted : C:\Users\Sally\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Sally\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\Sally\AppData\LocalLow\FunWebProducts
    Folder Deleted : C:\Users\Sally\AppData\LocalLow\iac
    Folder Deleted : C:\Users\Sally\AppData\LocalLow\MyWebSearch
    Folder Deleted : C:\Users\Sally\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Sally\AppData\LocalLow\wincoreimband
    Folder Deleted : C:\Users\Sally\Documents\PC Health Kit
    File Deleted : C:\END
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Windows\system32\p5PSSavr.scr
    ***** [ Scheduled Tasks ] *****
    Task Deleted : Optimizer Pro Schedule
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FB5B50A-863D-4C0D-8E84-92A59565D087}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C39937A0-C59D-4506-A9FC-0A0138192287}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B2E5F9A4-0587-4525-8602-E08E32510243}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C39937A5-C59D-4506-A9FC-0A0138192287}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5957D8D4-6FF0-43FB-B50B-49079FE61659}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C522512A-9C2C-4DE5-9F63-976B560FEF14}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5957D8D4-6FF0-43FB-B50B-49079FE61659}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C39937A9-C59D-4506-A9FC-0A0138192287}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8798BBE7-DDF6-448B-AE0E-83C9E28A5598}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5EFC8634-B65E-4D0D-8337-6036E9882D9B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A3D46FB8-5812-4147-B284-1FB1D580FD2C}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D41DFFDD-0129-4747-BEB1-2B0BF2EEAF55}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EFC8634-B65E-4D0D-8337-6036E9882D9B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}
    Key Deleted : HKCU\Software\CToolbar
    Key Deleted : HKCU\Software\Imesh
    Key Deleted : HKCU\Software\SoftwareUpdater
    Key Deleted : HKCU\Software\usyndication.com
    Key Deleted : HKCU\Software\visualbee
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
    Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\CToolbar
    Key Deleted : HKLM\SOFTWARE\PopularScreensavers
    Key Deleted : HKLM\SOFTWARE\TBID
    Key Deleted : HKLM\SOFTWARE\VBMZ
    Key Deleted : HKLM\SOFTWARE\visualbee
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkuryjs.info
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mywebface.com
    ***** [ Browsers ] *****
    -\\ Internet Explorer v9.0.8112.16592

    *************************
    AdwCleaner[R0].txt - [10757 octets] - [21/11/2014 05:31:53]
    AdwCleaner[S0].txt - [10606 octets] - [21/11/2014 05:40:36]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10667 octets] ##########
     
  23. blairman

    blairman TS Rookie Topic Starter Posts: 88

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.9 (11.15.2014:2)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Sally on Fri 11/21/2014 at 5:47:34.22
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CursorMania_7l.SkinLauncher
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CursorMania_7l.SkinLauncher.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MyWebFace_5a.ToolbarProtector
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MyWebFace_5a.ToolbarProtector.1
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D1A2079E-1FBB-461A-AC3F-A29DBD650FE0}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C3A70544-BF8E-4133-AE57-761D214BC72A}
    ~~~ Files
    ~~~ Folders
    Successfully deleted: [Folder] "C:\Users\Sally\appdata\locallow\cursormania_7l"
    Successfully deleted: [Folder] "C:\Users\Sally\appdata\locallow\yahoocouponaddon"
    Successfully deleted: [Folder] "C:\Program Files\cursormania_7l"
    Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 11/21/2014 at 5:52:22.10
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  24. blairman

    blairman TS Rookie Topic Starter Posts: 88

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2014
    Ran by Sally (administrator) on SALLY-PC on 21-11-2014 05:53:50
    Running from C:\Users\Sally\Desktop
    Loaded Profile: Sally (Available profiles: Sally)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
    (CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
    () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    () C:\Program Files\SMINST\BLService.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo.exe
    () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
    (Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
    HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.)
    HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
    HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)
    HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
    HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM\...\Run: [UpdatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
    HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
    HKU\S-1-5-21-999287110-3378381917-3572788942-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
    HKU\S-1-5-21-999287110-3378381917-3572788942-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
    HKU\S-1-5-21-999287110-3378381917-3572788942-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-999287110-3378381917-3572788942-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [2427400 2014-03-06] (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forget Me Not.lnk
    ShortcutTarget: Forget Me Not.lnk -> C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Multimedia Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    Startup: C:\Users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-999287110-3378381917-3572788942-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    HKU\S-1-5-21-999287110-3378381917-3572788942-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {D41DFFDD-0129-4747-BEB1-2B0BF2EEAF55} URL =
    SearchScopes: HKU\S-1-5-21-999287110-3378381917-3572788942-1000 -> DefaultScope {D41DFFDD-0129-4747-BEB1-2B0BF2EEAF55} URL =
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    FireFox:
    ========
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @popularscreensavers.com/Plugin -> C:\Program Files\PopularScreensavers\NPp5Stub.dll No File
    FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn [2014-11-21]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-15]
    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
    ========================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
    R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 N360; C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
    R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
    S2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20141118.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
    R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20141120.001\IDSvix86.sys [479448 2014-11-17] (Symantec Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
    R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20141120.003\NAVENG.SYS [95704 2014-11-16] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20141120.003\NAVEX15.SYS [1636696 2014-11-16] (Symantec Corporation)
    R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\N360\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360\1506000.020\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360\1506000.020\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-02-25] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
    R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1506000.020\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\Sally\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-11-21 05:53 - 2014-11-21 05:54 - 00017164 _____ () C:\Users\Sally\Desktop\FRST.txt
    2014-11-21 05:53 - 2014-11-21 05:53 - 00000000 ____D () C:\FRST
    2014-11-21 05:52 - 2014-11-21 05:53 - 00001724 _____ () C:\Users\Sally\Desktop\JRT.txt
    2014-11-21 05:47 - 2014-11-21 05:47 - 00000000 ____D () C:\Windows\ERUNT
    2014-11-21 05:45 - 2014-11-21 05:45 - 00010748 _____ () C:\Users\Sally\Desktop\AdwCleaner[S0].txt
    2014-11-21 05:31 - 2014-11-21 05:40 - 00000000 ____D () C:\AdwCleaner
    2014-11-21 05:30 - 2014-11-20 22:07 - 01108992 _____ (Farbar) C:\Users\Sally\Desktop\FRST.exe
    2014-11-21 05:30 - 2014-11-20 22:02 - 01707532 _____ (Thisisu) C:\Users\Sally\Desktop\JRT.exe
    2014-11-21 05:30 - 2014-11-20 22:01 - 02140160 _____ () C:\Users\Sally\Desktop\adwcleaner_4.101.exe
    2014-11-20 03:48 - 2014-11-20 03:48 - 00011567 _____ () C:\Users\Sally\Desktop\combofixtext.txt
    2014-11-20 00:50 - 2014-11-20 00:50 - 00011567 _____ () C:\ComboFix.txt
    2014-11-19 22:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-11-19 22:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-11-19 22:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-11-19 22:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-11-19 22:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-11-19 22:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-11-19 22:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-11-19 22:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-11-19 22:14 - 2014-11-20 00:51 - 00000000 ____D () C:\Qoobox
    2014-11-19 22:12 - 2014-11-20 00:49 - 00000000 ____D () C:\Windows\erdnt
    2014-11-19 22:10 - 2014-11-19 22:00 - 05598306 ____R (Swearware) C:\Users\Sally\Desktop\ComboFix.exe
    2014-11-18 21:01 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-18 07:06 - 2014-11-18 07:07 - 01143336 _____ () C:\Users\Sally\Desktop\ESET.pdf.log
    2014-11-18 07:05 - 2014-11-18 06:51 - 00186568 _____ (ESET) C:\Users\Sally\Desktop\ESETPoweliksCleaner.exe
    2014-11-17 22:32 - 2014-11-17 22:30 - 00186568 _____ (ESET) C:\Users\Sally\Desktop\ESETPoweliksCleaner
    2014-11-17 16:04 - 2014-11-17 16:04 - 00000000 ____D () C:\ProgramData\WindowsSearch
    2014-11-17 06:47 - 2014-11-17 20:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-11-17 06:42 - 2014-11-17 20:32 - 00000000 ____D () C:\Users\Sally\Desktop\mbar
    2014-11-17 06:33 - 2014-11-17 06:33 - 00016997 _____ () C:\Users\Sally\Desktop\RKreport_DEL_11172014_062613.log
    2014-11-16 21:34 - 2014-11-16 21:34 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-11-16 21:34 - 2014-11-16 21:34 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-11-16 20:24 - 2014-11-16 20:26 - 00000000 ____D () C:\Users\Sally\Desktop\RK_Quarantine
    2014-11-16 20:22 - 2014-11-16 21:21 - 14678104 _____ () C:\Users\Sally\Desktop\RogueKiller.exe
    2014-11-16 20:22 - 2014-02-08 06:24 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Sally\Desktop\mbar-1.07.0.1009.exe
    2014-11-16 14:18 - 2014-11-21 05:39 - 00001071 _____ () C:\Users\Sally\Desktop\malwarebytesscan.txt
    2014-11-16 13:49 - 2014-11-16 13:49 - 00004459 _____ () C:\Users\Sally\Desktop\attach.txt
    2014-11-16 13:49 - 2014-11-16 13:41 - 00016212 _____ () C:\Users\Sally\Desktop\dds.txt
    2014-11-16 13:39 - 2014-11-16 13:35 - 00688992 ____R (Swearware) C:\Users\Sally\Desktop\dds (1).com
    2014-11-16 12:33 - 2014-11-21 05:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-16 12:29 - 2014-11-19 20:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-11-16 12:29 - 2014-11-17 06:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-16 12:29 - 2014-11-16 12:29 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-16 12:29 - 2014-11-16 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-16 12:29 - 2014-11-16 12:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-16 12:29 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-16 12:29 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-16 10:48 - 2014-11-16 10:48 - 00000872 _____ () C:\Users\Sally\Desktop\mbam-setup-2.0.3.1025 - Shortcut.lnk
    2014-11-16 09:58 - 2014-11-16 09:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Sally\Desktop\mbam-setup-2.0.3.1025.exe
    2014-11-16 09:25 - 2014-11-16 09:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Sally\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-14 07:13 - 2014-11-14 07:14 - 00143512 _____ () C:\Windows\Minidump\Mini111414-01.dmp
    2014-11-13 21:45 - 2014-11-13 21:45 - 00015360 _____ () C:\Users\Sally\Documents\Book1.xls
    2014-11-13 04:03 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-13 04:03 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-13 04:03 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-13 04:03 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-13 04:01 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-13 04:01 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-13 03:58 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-13 03:57 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-13 03:55 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-13 03:49 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-13 03:49 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-13 03:49 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-13 03:49 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-13 03:47 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-13 03:04 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-12 20:20 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-12 20:20 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-12 20:20 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-12 20:20 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-12 20:20 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-12 20:20 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-12 20:20 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-11-12 20:20 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-12 20:20 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-12 20:20 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-11-12 20:20 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-12 20:20 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-12 20:20 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-12 20:20 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-12 20:20 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-12 20:20 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-12 20:20 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-12 20:20 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-11-12 20:20 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-11-12 20:20 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-11-12 20:20 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-09 09:29 - 2014-11-09 09:29 - 00002103 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk
    2014-11-09 09:29 - 2014-03-06 11:48 - 00597512 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM7112.dll
    2014-11-08 23:06 - 2014-11-08 23:06 - 00139336 _____ () C:\Windows\Minidump\Mini110814-01.dmp
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-11-21 05:49 - 2011-08-09 18:13 - 01287380 _____ () C:\Windows\WindowsUpdate.log
    2014-11-21 05:43 - 2013-08-25 16:50 - 00000000 ____D () C:\Users\Sally\AppData\Local\HTC MediaHub
    2014-11-21 05:43 - 2012-07-25 20:10 - 00258926 _____ () C:\Windows\PFRO.log
    2014-11-21 05:43 - 2011-08-09 18:41 - 00000284 _____ () C:\ProgramData\hpqp.ini
    2014-11-21 05:43 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-21 05:43 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-21 05:43 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-21 05:41 - 2009-04-09 04:51 - 00000012 _____ () C:\Windows\bthservsdp.dat
    2014-11-21 05:41 - 2006-11-02 08:01 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-11-21 05:28 - 2012-03-29 17:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-21 05:28 - 2011-08-09 15:57 - 00000322 _____ () C:\Windows\Tasks\HPCeeScheduleForSally.job
    2014-11-20 00:50 - 2014-04-22 16:46 - 00000000 ____D () C:\Users\dub_cm_auto
    2014-11-20 00:50 - 2009-04-09 04:55 - 00000000 ____D () C:\Users\Administrator
    2014-11-20 00:50 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
    2014-11-20 00:50 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
    2014-11-20 00:46 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
    2014-11-19 22:31 - 2011-09-22 17:33 - 00000000 ____D () C:\Users\Sally\AppData\Local\CrashDumps
    2014-11-19 20:23 - 2011-08-09 18:41 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
    2014-11-16 20:25 - 2006-11-02 05:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-16 13:38 - 2013-08-25 16:31 - 00014094 _____ () C:\Windows\setupact.log
    2014-11-16 13:12 - 2014-10-20 19:54 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
    2014-11-16 11:12 - 2011-08-10 07:37 - 00006648 _____ () C:\Users\Sally\AppData\Local\d3d9caps.dat
    2014-11-16 08:12 - 2011-09-18 19:51 - 00000000 ____D () C:\Users\Sally\AppData\Local\QuickPlay
    2014-11-16 08:12 - 2011-08-10 09:56 - 00000000 ____D () C:\ProgramData\HP
    2014-11-16 08:12 - 2009-04-09 06:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-11-16 08:12 - 2006-11-02 06:18 - 00000000 __RSD () C:\Windows\Media
    2014-11-16 08:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
    2014-11-16 08:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
    2014-11-16 08:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
    2014-11-14 19:42 - 2011-09-16 19:14 - 00000052 _____ () C:\Windows\system32\DOErrors.log
    2014-11-14 07:13 - 2012-01-15 19:14 - 490294541 _____ () C:\Windows\MEMORY.DMP
    2014-11-14 07:13 - 2012-01-15 19:14 - 00000000 ____D () C:\Windows\Minidump
    2014-11-13 21:44 - 2011-08-09 18:37 - 00025088 _____ () C:\Users\Sally\Documents\ADDRESS LIST FOR CHRISTMAS CARDS.xls
    2014-11-13 05:09 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-11-13 04:32 - 2006-11-02 07:47 - 00391608 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-13 03:42 - 2013-08-14 17:27 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-13 03:08 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-11-11 20:12 - 2012-03-29 17:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-11-11 20:12 - 2011-08-09 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-11-09 09:31 - 2013-09-01 08:56 - 00000000 ____D () C:\Users\Sally\AppData\Local\HP
    2014-11-09 09:30 - 2011-08-16 18:35 - 00000000 ____D () C:\Users\Sally\AppData\Roaming\HpUpdate
    2014-11-09 09:29 - 2011-08-09 15:48 - 00000000 ____D () C:\Users\Sally
    2014-11-09 09:27 - 2009-04-09 06:30 - 00000000 ____D () C:\Program Files\HP
    2014-11-09 09:27 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\twain_32
    2014-11-08 19:19 - 2013-02-02 17:23 - 00006144 _____ () C:\Users\Sally\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    Some content of TEMP:
    ====================
    C:\Users\Sally\AppData\Local\Temp\Quarantine.exe
    C:\Users\Sally\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-11-21 05:51
    ==================== End Of Log ============================
     
  25. blairman

    blairman TS Rookie Topic Starter Posts: 88

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2014
    Ran by Sally at 2014-11-21 05:54:38
    Running from C:\Users\Sally\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
    American Greetings® CreataCard® Platinum 5 (HKLM\...\American Greetings CreataCard 5.0) (Version: - )
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)
    CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
    CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2328 - CyberLink Corp.)
    ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
    HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
    HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
    HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
    HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
    HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
    HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8610 Basic Device Software (HKLM\...\{982EC692-AF53-4B66-B56C-5199DFC207E5}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    HP Officejet Pro 8610 Help (HKLM\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
    HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
    HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
    HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
    HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
    HTC Sync Manager (HKLM\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.54.0 - HTC)
    I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
    iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
    Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.600 - Oracle)
    Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
    Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
    LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
    LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
    LightScribe System Software 1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Live Search Toolbar (HKLM\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
    Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30716.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31119 - Microsoft Corporation)
    Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
    Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
    Norton 360 (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
    Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
    Photo Organizer (HKLM\...\Photo Organizer 1.8) (Version: - )
    Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
    Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
    PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
    PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
    Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{159FEB97-8A7B-446E-AEBF-DDC026561F1D}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20133 - Realtek Semiconductor Corp.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
    Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
    Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-999287110-3378381917-3572788942-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
    CustomCLSID: HKU\S-1-5-21-999287110-3378381917-3572788942-1000_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32 -> C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\spwizimg.dll No File
    ==================== Restore Points =========================
    23-08-2014 12:40:25 Scheduled Checkpoint
    24-08-2014 12:41:49 Device Driver Package Install: HTC, Corporation Android USB Devices
    24-08-2014 12:49:49 Device Driver Package Install: HTC Corporation Ports (COM & LPT)
    28-08-2014 07:00:23 Windows Update
    02-09-2014 16:50:25 Scheduled Checkpoint
    10-09-2014 04:06:07 Scheduled Checkpoint
    10-09-2014 07:00:20 Windows Update
    14-09-2014 15:11:33 Scheduled Checkpoint
    22-09-2014 07:00:41 Windows Update
    24-09-2014 07:00:17 Windows Update
    27-09-2014 17:30:16 Scheduled Checkpoint
    15-10-2014 13:00:25 Scheduled Checkpoint
    16-10-2014 07:00:21 Windows Update
    16-10-2014 07:00:56 Scheduled Checkpoint
    16-10-2014 07:03:46 Windows Modules Installer
    09-11-2014 14:21:04 Removed HP Officejet Pro 8600 Basic Device Software
    09-11-2014 14:27:53 Device Driver Package Install: HP Printers
    09-11-2014 14:28:11 Device Driver Package Install: Hewlett-Packard Imaging devices
    09-11-2014 14:28:43 Device Driver Package Install: HP Printers
    09-11-2014 14:29:17 Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
    13-11-2014 08:01:43 Windows Update
    14-11-2014 03:01:36 Restore Operation
    16-11-2014 12:43:08 Restore Operation
    17-11-2014 08:35:29 Scheduled Checkpoint
    17-11-2014 11:37:13 malwarebytesrootkit
    19-11-2014 01:59:51 Windows Update
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {162518B0-8ECD-44D5-9332-C56193584F40} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {1CE434C7-1AF5-4C64-BD06-8EEB935D1878} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {250B0B85-1A1B-4AA7-979F-DFFE1104F555} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3BBAA8CA-0AFA-4F0A-BD34-87B233599068} - System32\Tasks\HPCeeScheduleForSally => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
    Task: {6AEE5A07-45BE-44F0-8AD4-14C9BF98C84A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
    Task: {76DCC44E-70B7-4CB1-9906-4A5E8C47ACAF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {77605A8D-4FFA-4E52-9C12-5251E5754377} - \VisualBeeRecovery No Task File <==== ATTENTION
    Task: {903D29E5-D460-4093-ACFD-819237D49366} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
    Task: {9056F1F4-17CD-403B-943B-3A185F76702D} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
    Task: {B311C0A1-57A7-4C46-87F4-7BD1FBFFA67D} - \FF Watcher {B91FE0E0-3F9E-415B-AE8C-2F54975034F2} No Task File <==== ATTENTION
    Task: {F114D7FA-ECCD-46CA-A94A-2311A9AE67D5} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
    Task: {F8AEAE50-B5B0-4D71-A196-2A548EF4BB30} - System32\Tasks\Microsoft\Windows\RestartManager\{EBF703A6-0F5D-458f-B51D-FAED3B3C97F7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForSally.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
    ==================== Loaded Modules (whitelisted) =============
    2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2007-07-12 15:55 - 2007-07-12 15:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
    2007-08-14 15:59 - 2007-08-14 15:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
    2007-07-12 15:55 - 2007-07-12 15:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2008-09-30 18:52 - 2008-09-30 18:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    2008-09-30 18:56 - 2008-09-30 18:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
    2008-09-30 18:51 - 2008-09-30 18:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
    2008-09-30 18:51 - 2008-09-30 18:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
    2008-09-30 18:51 - 2008-09-30 18:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    2008-09-30 18:51 - 2008-09-30 18:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    2011-08-20 13:01 - 2009-04-11 01:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
    2008-09-30 18:51 - 2008-09-30 18:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
    2008-09-30 18:52 - 2008-09-30 18:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
    2013-08-15 15:40 - 2013-08-15 15:40 - 00030056 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
    2013-08-15 15:41 - 2013-08-15 15:41 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
    2013-08-15 15:41 - 2013-08-15 15:41 - 00044392 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
    2013-08-15 15:41 - 2013-08-15 15:41 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
    2013-08-15 15:42 - 2013-08-15 15:42 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
    2013-08-15 15:49 - 2013-08-15 15:49 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
    2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2009-04-09 06:31 - 2008-10-06 11:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
    2009-04-09 06:31 - 2008-10-06 11:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
    2009-04-09 06:24 - 2008-09-15 09:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
    2013-08-15 15:43 - 2013-08-15 15:43 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    2009-04-09 05:28 - 2008-04-11 11:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================
    Administrator (S-1-5-21-999287110-3378381917-3572788942-500 - Administrator - Disabled)
    Guest (S-1-5-21-999287110-3378381917-3572788942-501 - Limited - Disabled)
    Sally (S-1-5-21-999287110-3378381917-3572788942-1000 - Administrator - Enabled) => C:\Users\Sally
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    System errors:
    =============
    Microsoft Office Sessions:
    =========================
    CodeIntegrity Errors:
    ===================================
    Date: 2014-11-21 05:54:33.272
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-21 05:54:32.835
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-21 05:54:32.383
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-21 05:54:31.946
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-21 05:54:14.503
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-21 05:54:14.067
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-21 05:54:13.630
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-21 05:54:13.193
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-21 05:54:00.900
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20141118.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
    Date: 2014-11-21 05:54:00.463
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20141118.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
    Percentage of memory in use: 40%
    Total physical RAM: 3002.45 MB
    Available physical RAM: 1791.27 MB
    Total Pagefile: 6223.15 MB
    Available Pagefile: 4757.45 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1886.52 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:454.84 GB) (Free:329.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (AGCCARDCD2) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: F9C66BD5)
    Partition 1: (Active) - (Size=454.8 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...