Malwarebytes 2nd scan, first did not save,
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/16/2014
Scan Time: 2:15:27 PM
Logfile: malwarebytesscan.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.16.05
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Sally
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315136
Time Elapsed: 44 min, 35 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
DDS notepad
DDS (Ver_2012-11-20.01) - NTFS_x86
DDS attach notepad
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2011 7:14:00 PM
System Uptime: 11/16/2014 1:22:38 PM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 312.585 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.822 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader 9
Adobe Shockwave Player
American Greetings® CreataCard® Platinum 5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP FWUpdateEDO2
HP Help and Support
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Officejet Pro 8610 Basic Device Software
HP Officejet Pro 8610 Help
HP Photosmart Essential
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPNetworkAssistant
HPSSupply
HTC Driver Installer
HTC Sync Manager
I.R.I.S. OCR
Intel(R) Graphics Media Accelerator Driver
IPTInstaller
iTunes
Java 7 Update 60
Java Auto Updater
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Live Search Toolbar
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
NetWaiting
Norton 360
Norton Internet Security
Photo Organizer
Power2Go
PowerDirector
Product Improvement Study for HP Officejet Pro 8610
QuickTime 7
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Yahoo! Detect
.
==== End Of File ===========================
Internet Explorer: 9.0.8112.16592 BrowserJavaVersion: 10.60.2
Run by Sally at 13:39:24 on 2014-11-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1676 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uProxyOverride = <-loopback>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.6.0.32\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.6.0.32\coieplg.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [HP Officejet Pro 8610 (NET)] "c:\program files\hp\hp officejet pro 8610\bin\ScanToPCActivationApp.exe" -deviceID "CN48QDX0BQ:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\sally\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\AGRemind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001060-0002-0060-ABCDEFFEDCBC} - <orphaned>
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{54169E57-2CB7-45FF-A0FC-CBC81E1EA141} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1506000.020\symds.sys [2014-9-25 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1506000.020\symefa.sys [2014-9-25 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.1.1.7\definitions\bashdefs\20141107.001\BHDrvx86.sys [2014-11-10 1138392]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1506000.020\ccsetx86.sys [2014-9-25 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton 360\nortondata\21.1.1.7\definitions\ipsdefs\20141114.001\IDSvix86.sys [2014-11-14 476888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1506000.020\ironx86.sys [2014-9-25 209624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1506000.020\symtdiv.sys [2014-9-25 384728]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HTCMonitorService;HTCMonitorService;c:\program files\htc\htc sync manager\HSMServiceEntry.exe [2013-4-12 87368]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-16 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-16 968504]
R2 N360;Norton 360;c:\program files\norton 360\engine\21.6.0.32\n360.exe [2014-9-25 265040]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-12-7 167424]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-9 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-9 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-9-9 111408]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-16 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-16 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-16 51928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2013-8-25 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 23040]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2009-10-27 105984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-11-16 17:33:57 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-16 17:29:45 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-16 17:29:45 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-16 17:29:45 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-16 17:29:45 -------- d-----w- c:\programdata\Malwarebytes
2014-11-16 17:29:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-13 09:03:38 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 09:03:33 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 09:03:18 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 09:03:16 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 09:01:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 09:01:41 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 08:58:27 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 08:57:09 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-13 08:55:20 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 08:49:21 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 08:49:19 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 08:49:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 08:49:18 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 08:47:47 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 08:04:29 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-09 14:38:57 -------- d-----w- c:\users\sally\appdata\local\IAC
2014-11-09 14:29:55 597512 ------w- c:\windows\system32\HPDiscoPM7112.dll
2014-10-21 00:54:13 -------- d--h--w- c:\programdata\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
.
==================== Find3M ====================
.
2014-11-12 01:12:33 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 01:12:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-27 19:05:44 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-10-27 18:59:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-10-27 18:56:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-10-27 18:55:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- c:\windows\system32\mshta.exe
2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 23:27:58 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-08-26 02:20:22 664792 ----a-w- c:\windows\system32\drivers\n360\1506000.020\srtsp.sys
2014-08-26 02:20:22 32984 ----a-w- c:\windows\system32\drivers\n360\1506000.020\srtspx.sys
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
.
============= FINISH: 13:41:12.86 ===============
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/16/2014
Scan Time: 2:15:27 PM
Logfile: malwarebytesscan.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.16.05
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Sally
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315136
Time Elapsed: 44 min, 35 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
DDS notepad
DDS (Ver_2012-11-20.01) - NTFS_x86
DDS attach notepad
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2011 7:14:00 PM
System Uptime: 11/16/2014 1:22:38 PM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 312.585 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.822 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader 9
Adobe Shockwave Player
American Greetings® CreataCard® Platinum 5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP FWUpdateEDO2
HP Help and Support
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Officejet Pro 8610 Basic Device Software
HP Officejet Pro 8610 Help
HP Photosmart Essential
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPNetworkAssistant
HPSSupply
HTC Driver Installer
HTC Sync Manager
I.R.I.S. OCR
Intel(R) Graphics Media Accelerator Driver
IPTInstaller
iTunes
Java 7 Update 60
Java Auto Updater
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Live Search Toolbar
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
NetWaiting
Norton 360
Norton Internet Security
Photo Organizer
Power2Go
PowerDirector
Product Improvement Study for HP Officejet Pro 8610
QuickTime 7
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Yahoo! Detect
.
==== End Of File ===========================
Internet Explorer: 9.0.8112.16592 BrowserJavaVersion: 10.60.2
Run by Sally at 13:39:24 on 2014-11-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1676 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uProxyOverride = <-loopback>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.6.0.32\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.6.0.32\coieplg.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [HP Officejet Pro 8610 (NET)] "c:\program files\hp\hp officejet pro 8610\bin\ScanToPCActivationApp.exe" -deviceID "CN48QDX0BQ:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\sally\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\AGRemind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001060-0002-0060-ABCDEFFEDCBC} - <orphaned>
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{54169E57-2CB7-45FF-A0FC-CBC81E1EA141} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1506000.020\symds.sys [2014-9-25 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1506000.020\symefa.sys [2014-9-25 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.1.1.7\definitions\bashdefs\20141107.001\BHDrvx86.sys [2014-11-10 1138392]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1506000.020\ccsetx86.sys [2014-9-25 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton 360\nortondata\21.1.1.7\definitions\ipsdefs\20141114.001\IDSvix86.sys [2014-11-14 476888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1506000.020\ironx86.sys [2014-9-25 209624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1506000.020\symtdiv.sys [2014-9-25 384728]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HTCMonitorService;HTCMonitorService;c:\program files\htc\htc sync manager\HSMServiceEntry.exe [2013-4-12 87368]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-16 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-16 968504]
R2 N360;Norton 360;c:\program files\norton 360\engine\21.6.0.32\n360.exe [2014-9-25 265040]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-12-7 167424]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-9 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-9 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-9-9 111408]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-16 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-16 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-16 51928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2013-8-25 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 23040]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2009-10-27 105984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-11-16 17:33:57 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-16 17:29:45 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-16 17:29:45 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-16 17:29:45 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-16 17:29:45 -------- d-----w- c:\programdata\Malwarebytes
2014-11-16 17:29:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-13 09:03:38 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 09:03:33 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 09:03:18 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 09:03:16 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 09:01:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 09:01:41 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 08:58:27 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 08:57:09 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-13 08:55:20 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 08:49:21 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 08:49:19 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 08:49:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 08:49:18 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 08:47:47 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 08:04:29 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-09 14:38:57 -------- d-----w- c:\users\sally\appdata\local\IAC
2014-11-09 14:29:55 597512 ------w- c:\windows\system32\HPDiscoPM7112.dll
2014-10-21 00:54:13 -------- d--h--w- c:\programdata\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
.
==================== Find3M ====================
.
2014-11-12 01:12:33 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 01:12:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-27 19:05:44 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-10-27 18:59:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-10-27 18:56:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-10-27 18:55:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- c:\windows\system32\mshta.exe
2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 23:27:58 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-08-26 02:20:22 664792 ----a-w- c:\windows\system32\drivers\n360\1506000.020\srtsp.sys
2014-08-26 02:20:22 32984 ----a-w- c:\windows\system32\drivers\n360\1506000.020\srtspx.sys
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
.
============= FINISH: 13:41:12.86 ===============