Solved HP laptop with serious infestation

[blairman]

Malwarebytes 2nd scan, first did not save,
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/16/2014
Scan Time: 2:15:27 PM
Logfile: malwarebytesscan.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.16.05
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Sally
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315136
Time Elapsed: 44 min, 35 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

DDS notepad
DDS (Ver_2012-11-20.01) - NTFS_x86

DDS attach notepad
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2011 7:14:00 PM
System Uptime: 11/16/2014 1:22:38 PM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 312.585 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.822 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader 9
Adobe Shockwave Player
American Greetings® CreataCard® Platinum 5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP FWUpdateEDO2
HP Help and Support
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Officejet Pro 8610 Basic Device Software
HP Officejet Pro 8610 Help
HP Photosmart Essential
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPNetworkAssistant
HPSSupply
HTC Driver Installer
HTC Sync Manager
I.R.I.S. OCR
Intel(R) Graphics Media Accelerator Driver
IPTInstaller
iTunes
Java 7 Update 60
Java Auto Updater
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Live Search Toolbar
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
NetWaiting
Norton 360
Norton Internet Security
Photo Organizer
Power2Go
PowerDirector
Product Improvement Study for HP Officejet Pro 8610
QuickTime 7
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Yahoo! Detect
.
==== End Of File ===========================

Internet Explorer: 9.0.8112.16592 BrowserJavaVersion: 10.60.2
Run by Sally at 13:39:24 on 2014-11-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1676 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uProxyOverride = <-loopback>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.6.0.32\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.6.0.32\coieplg.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [HP Officejet Pro 8610 (NET)] "c:\program files\hp\hp officejet pro 8610\bin\ScanToPCActivationApp.exe" -deviceID "CN48QDX0BQ:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\sally\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\AGRemind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001060-0002-0060-ABCDEFFEDCBC} - <orphaned>
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{54169E57-2CB7-45FF-A0FC-CBC81E1EA141} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1506000.020\symds.sys [2014-9-25 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1506000.020\symefa.sys [2014-9-25 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.1.1.7\definitions\bashdefs\20141107.001\BHDrvx86.sys [2014-11-10 1138392]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1506000.020\ccsetx86.sys [2014-9-25 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton 360\nortondata\21.1.1.7\definitions\ipsdefs\20141114.001\IDSvix86.sys [2014-11-14 476888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1506000.020\ironx86.sys [2014-9-25 209624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1506000.020\symtdiv.sys [2014-9-25 384728]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HTCMonitorService;HTCMonitorService;c:\program files\htc\htc sync manager\HSMServiceEntry.exe [2013-4-12 87368]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-16 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-16 968504]
R2 N360;Norton 360;c:\program files\norton 360\engine\21.6.0.32\n360.exe [2014-9-25 265040]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-12-7 167424]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-9 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-9 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-9-9 111408]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-16 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-16 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-16 51928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2013-8-25 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 23040]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2009-10-27 105984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-11-16 17:33:57 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-16 17:29:45 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-16 17:29:45 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-16 17:29:45 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-16 17:29:45 -------- d-----w- c:\programdata\Malwarebytes
2014-11-16 17:29:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-13 09:03:38 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 09:03:33 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 09:03:18 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 09:03:16 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 09:01:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 09:01:41 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 08:58:27 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 08:57:09 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-13 08:55:20 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 08:49:21 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 08:49:19 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 08:49:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 08:49:18 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 08:47:47 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 08:04:29 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-09 14:38:57 -------- d-----w- c:\users\sally\appdata\local\IAC
2014-11-09 14:29:55 597512 ------w- c:\windows\system32\HPDiscoPM7112.dll
2014-10-21 00:54:13 -------- d--h--w- c:\programdata\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
.
==================== Find3M ====================
.
2014-11-12 01:12:33 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 01:12:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-27 19:05:44 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-10-27 18:59:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-10-27 18:56:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-10-27 18:55:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- c:\windows\system32\mshta.exe
2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 23:27:58 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-08-26 02:20:22 664792 ----a-w- c:\windows\system32\drivers\n360\1506000.020\srtsp.sys
2014-08-26 02:20:22 32984 ----a-w- c:\windows\system32\drivers\n360\1506000.020\srtspx.sys
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
.
============= FINISH: 13:41:12.86 ===============

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit to your desktop.

• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Double click on downloaded file. OK self extracting prompt.
• MBAR will start. Click "Next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes icon in the system tray and click on Exit.

 

[blairman]

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Sally [Administrator]
Mode : Delete -- Date : 11/17/2014 06:26:13
¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] dllhost.exe -- C:\Windows\system32\dllhost.exe[7] -> Killed [TermProc]
[Proc.Svchost] svchost.exe -- C:\Program Files\Internet Explorer\iexplore.exe[7] -> Killed [TermThr]
¤¤¤ Registry : 5 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> ERROR [2]
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Replaced (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Replaced (0)
[Tr.Poweliks] HKEY_USERS\S-1-5-21-999287110-3378381917-3572788942-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> ERROR [2]
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 141 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x87ff1c78
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x87ff1d10
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x87ef8f38
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x87df02b8
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x884936e0
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x88493a90
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x884934d8
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x87ec4090
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x88493778
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x87ef8fc0
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x87ef8de8
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x88493b38
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x88493bb0
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x87df0240
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x87ef8d30
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x884939f8
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x87ef8040
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x8831c848
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x884938c8
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x8831c1a8
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x88493638
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : Unknown @ 0x88493430
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x87ff1da8
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x87ff1f70
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x87ef8bf0
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x88493810
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x88493960
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x87ff1e40
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8824cdc0
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x87ff1ed8
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x87ef8c98
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x87ef8e90
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x88493580
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x889c1700
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x88678350
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x88679d30
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x8868c750
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x8866d260
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x88674ab8
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x88671798
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x8863eea0
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x88a10ca0
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x889c0650
[IAT:Inl] (iexplore.exe @ IPSLdr32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ ole32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ msvcrt.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ USER32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ ADVAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ RPCRT4.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ OLEAUT32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ urlmon.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ iertutil.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ WININET.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ IMM32.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ MSCTF.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ comctl32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ OLEACC.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ comdlg32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ uxtheme.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ ASOEHOOK.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ COMCTL32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ MSVCR100.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ IPSEng32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ CRYPT32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ USERENV.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ ccL120U.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ ws2_32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ dhcpcsvc.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ DNSAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ dhcpcsvc6.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ dxgi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ NTMARTA.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ RASAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ NETAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ TAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ rtutils.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ WINMM.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ mswsock.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ NLAapi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ Dxtrans.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_223.ocx) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ DSOUND.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ WINSPOOL.DRV) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ GPAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ MMDevApi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ audioeng.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ WINSTA.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ MSVCR80.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ d3d9.dll) KERNEL32.dll - CreateThread : Unknown @ 0x99012a (jmp 0xffffffff8977353c)
[IAT:Inl] (iexplore.exe @ IPSLdr32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ ole32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ msvcrt.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ USER32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ ADVAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ RPCRT4.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ OLEAUT32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ urlmon.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ iertutil.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ WININET.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ IMM32.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ MSCTF.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ comctl32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ OLEACC.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ uxtheme.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ comdlg32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ ASOEHOOK.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ COMCTL32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ MSVCR100.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ IPSEng32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ CRYPT32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ USERENV.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ WS2_32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ ccL120U.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ dhcpcsvc.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ DNSAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ dhcpcsvc6.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ dxgi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ NTMARTA.DLL) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ RASAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ NETAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ TAPI32.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ rtutils.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ WINMM.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ mswsock.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ NLAapi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ GPAPI.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ Dxtrans.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ WINSPOOL.DRV) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_223.ocx) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ DSOUND.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ MMDevApi.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ audioeng.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
[IAT:Inl] (iexplore.exe @ WINSTA.dll) KERNEL32.dll - CreateThread : Unknown @ 0x286012a (jmp 0xffffffff8b64353c)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 09778080031d7367d06e0d5c9a493caa
[BSP] f5619e288538777490d4e8663d19c045 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 465753 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 953864192 | Size: 11183 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] f4aac54a2faddd3beb5015259f7d81d0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 44 | Size: 15275 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_11172014_062159.log - RKreport_DEL_11172014_062545.log

malwarebytes anti root kit found no malware, nothing to clean up

 

[Broni]

We have Poweliks infection there.

RogueKiller fixes some but let's double check.

Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.

2. Read the terms of the End-user license agreement and click Agree.

3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

The tool will produce a log in the same directory the tool was run from.

That log is usually pretty long so as an exception you can attach it.

 

[blairman]

Latest malwarebytes scan
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/18/2014
Scan Time: 7:02:59 AM
Logfile: malwarebytesscan.txt
Administrator: Yes
Version: 0.00.0.0000
Malware Database: v2014.11.18.04
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Sally
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314893
Time Elapsed: 11 min, 21 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

 

[blairman]

Eset powelik text Broni, computer seems to be back. moving very quickly now,


log way too long to post
what next?

 

[Broni]

That log is usually pretty long so as an exception you can attach it.

 

[blairman]

Broni, I tried to post it, and I said it was too long, I divided in it half, still too long, how do I do this exception thing

 

[Broni]

Click on "Upload a File" button to attach log to your reply.

 

[blairman]

Broni, sorry, tried on 3 computers to upload the file, tried to rename it to a .pdf, .doc, and when I open the upload a file window, it does not see anything by eset. all 3 computers are the same.

 

[Broni]

ESETPoweliksCleaner.exe_xxxxxx.log is located in the very same place where you ran ESETPoweliksCleaner from.

 

[blairman]

Yes sir, when I use windows explorer, I can see it, when I hit the upload a file button below, I only see folders, not files. the drop down says all files, then a bunch of possible extensions, but they don't show up. tried to delete the all file from the drop down, and could not. tried to upload from 3 different computers. I think there is an issue with the upload files app. again, I see the file in windows explorer, just can't see it in the upload file browsing box.

 

[Broni]

See if you can...

Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.

 

[blairman]

https://www.sendspace.com/file/69zlog
Broni, keep in mind, the name of the file has been shortened. the content is the eset text file. thanks.

 

[Broni]

Very good. Poweliks is gone.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[blairman]

Broni, haven't mentioned this yet, maybe I should. I have not been able to download anything to this laptop. I have been downloading the apps to my net book, then copying them to a thumb drive to transfer to this laptop. the files download, get to 100% then say "file could not be downloaded, with a retry, which never works, cancel and view downloads. is this somthing that is part of the virus or another problem.???

 

[Broni]

What is the exact error message?

 

[blairman]

Yellow bar appears on bottom of screen. asks to run, save (w/dropdown) or cancel I have been selecting save's dropdown, save to I select desktop, and then the save button.
the file appears to download, with the percentage of download counter running right up to 100%, then immediately says file could not be downloaded, with a retry, (which never works), cancel and view downloads buttons. only works on my netbook, hp desktop not working either. stops at 0%, but that is a different computer. but coincidental?

 

[Broni]

We'll keep checking.
Go ahead with Combofix.

 

[blairman]

ComboFix 14-11-18.01 - Sally 11/19/2014 22:27:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1759 [GMT -5:00]
Running from: c:\users\Sally\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\users\Sally\AppData\Local\BrowserSafeguard
.
.
((((((((((((((((((((((((( Files Created from 2014-10-20 to 2014-11-20 )))))))))))))))))))))))))))))))
.
.
2014-11-20 05:46 . 2014-11-20 05:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-19 02:01 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-17 21:04 . 2014-11-17 21:04 -------- d-----w- c:\programdata\WindowsSearch
2014-11-17 11:47 . 2014-11-18 01:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-17 02:34 . 2014-11-17 02:34 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-17 02:34 . 2014-11-17 02:34 -------- d-----w- c:\programdata\RogueKiller
2014-11-16 17:33 . 2014-11-20 02:58 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-16 17:29 . 2014-11-20 01:23 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-16 17:29 . 2014-11-17 11:43 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-16 17:29 . 2014-11-16 17:29 -------- d-----w- c:\programdata\Malwarebytes
2014-11-16 17:29 . 2014-10-01 16:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-16 17:29 . 2014-10-01 16:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-13 09:03 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 09:03 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 09:03 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 09:03 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 09:01 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 09:01 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 08:58 . 2014-09-19 00:50 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 08:57 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-13 08:55 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 08:49 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 08:49 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 08:49 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 08:49 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 08:47 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 08:04 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-09 14:38 . 2014-11-09 14:38 -------- d-----w- c:\users\Sally\AppData\Local\IAC
2014-11-09 14:29 . 2014-03-06 16:48 597512 ------w- c:\windows\system32\HPDiscoPM7112.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 01:12 . 2012-03-29 22:57 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 01:12 . 2011-08-10 00:55 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 06:24 . 2014-09-24 07:00 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 23:27 . 2014-10-16 07:03 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-08-26 02:20 . 2014-09-25 21:24 32984 ----a-w- c:\windows\system32\drivers\N360\1506000.020\srtspx.sys
2014-08-26 02:20 . 2014-09-25 21:24 664792 ----a-w- c:\windows\system32\drivers\N360\1506000.020\srtsp.sys
2014-08-23 01:03 . 2014-08-28 07:00 297984 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HP Officejet Pro 8610 (NET)"="c:\program files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" [2014-03-06 2427400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-01 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
c:\users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe /Q [2011-9-22 323584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 01:12]
.
2014-11-17 c:\windows\Tasks\HPCeeScheduleForSally.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-09 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-20 00:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360\1506000.020\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files\Norton 360\Engine\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-11-20 00:50:55
ComboFix-quarantined-files.txt 2014-11-20 05:50
.
Pre-Run: 333,126,983,680 bytes free
Post-Run: 354,571,001,856 bytes free
.
- - End Of File - - 642950314694CDF5D5E8BF69F9CD9A34
588AE8F0C685C02BA11F30D9CD7E61A0

 

[Broni]

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[blairman]

# AdwCleaner v4.101 - Report created 21/11/2014 at 05:40:36
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Sally - SALLY-PC
# Running from : C:\Users\Sally\Desktop\adwcleaner_4.101.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\CursorMania
Folder Deleted : C:\Program Files\Dogpile Bundle Toolbar
Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Program Files\PopularScreensavers
Folder Deleted : C:\Program Files\V-bates
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\Sally\AppData\Local\Conduit
Folder Deleted : C:\Users\Sally\AppData\Local\iac
Folder Deleted : C:\Users\Sally\AppData\Local\PackageAware
Folder Deleted : C:\Users\Sally\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Sally\AppData\Local\WeatherAlerts
Folder Deleted : C:\Users\Sally\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sally\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Sally\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Sally\AppData\LocalLow\iac
Folder Deleted : C:\Users\Sally\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Sally\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Sally\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\Sally\Documents\PC Health Kit
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\system32\p5PSSavr.scr
***** [ Scheduled Tasks ] *****
Task Deleted : Optimizer Pro Schedule
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FB5B50A-863D-4C0D-8E84-92A59565D087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C39937A0-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B2E5F9A4-0587-4525-8602-E08E32510243}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C39937A5-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5957D8D4-6FF0-43FB-B50B-49079FE61659}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C522512A-9C2C-4DE5-9F63-976B560FEF14}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5957D8D4-6FF0-43FB-B50B-49079FE61659}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8798BBE7-DDF6-448B-AE0E-83C9E28A5598}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5EFC8634-B65E-4D0D-8337-6036E9882D9B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A3D46FB8-5812-4147-B284-1FB1D580FD2C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D41DFFDD-0129-4747-BEB1-2B0BF2EEAF55}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EFC8634-B65E-4D0D-8337-6036E9882D9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\CToolbar
Key Deleted : HKLM\SOFTWARE\PopularScreensavers
Key Deleted : HKLM\SOFTWARE\TBID
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkuryjs.info
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mywebface.com
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16592

*************************
AdwCleaner[R0].txt - [10757 octets] - [21/11/2014 05:31:53]
AdwCleaner[S0].txt - [10606 octets] - [21/11/2014 05:40:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10667 octets] ##########

 

[blairman]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows Vista (TM) Home Premium x86
Ran by Sally on Fri 11/21/2014 at 5:47:34.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CursorMania_7l.SkinLauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CursorMania_7l.SkinLauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MyWebFace_5a.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MyWebFace_5a.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D1A2079E-1FBB-461A-AC3F-A29DBD650FE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C3A70544-BF8E-4133-AE57-761D214BC72A}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Sally\appdata\locallow\cursormania_7l"
Successfully deleted: [Folder] "C:\Users\Sally\appdata\locallow\yahoocouponaddon"
Successfully deleted: [Folder] "C:\Program Files\cursormania_7l"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/21/2014 at 5:52:22.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[blairman]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2014
Ran by Sally (administrator) on SALLY-PC on 21-11-2014 05:53:50
Running from C:\Users\Sally\Desktop
Loaded Profile: Sally (Available profiles: Sally)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-999287110-3378381917-3572788942-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-999287110-3378381917-3572788942-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\S-1-5-21-999287110-3378381917-3572788942-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-999287110-3378381917-3572788942-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [2427400 2014-03-06] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forget Me Not.lnk
ShortcutTarget: Forget Me Not.lnk -> C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Multimedia Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.6.0.32\buShell.dll (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-999287110-3378381917-3572788942-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-999287110-3378381917-3572788942-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {D41DFFDD-0129-4747-BEB1-2B0BF2EEAF55} URL =
SearchScopes: HKU\S-1-5-21-999287110-3378381917-3572788942-1000 -> DefaultScope {D41DFFDD-0129-4747-BEB1-2B0BF2EEAF55} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @popularscreensavers.com/Plugin -> C:\Program Files\PopularScreensavers\NPp5Stub.dll No File
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn [2014-11-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-15]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
S2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20141118.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20141120.001\IDSvix86.sys [479448 2014-11-17] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20141120.003\NAVENG.SYS [95704 2014-11-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20141120.003\NAVEX15.SYS [1636696 2014-11-16] (Symantec Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1506000.020\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1506000.020\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-02-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1506000.020\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Sally\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 05:53 - 2014-11-21 05:54 - 00017164 _____ () C:\Users\Sally\Desktop\FRST.txt
2014-11-21 05:53 - 2014-11-21 05:53 - 00000000 ____D () C:\FRST
2014-11-21 05:52 - 2014-11-21 05:53 - 00001724 _____ () C:\Users\Sally\Desktop\JRT.txt
2014-11-21 05:47 - 2014-11-21 05:47 - 00000000 ____D () C:\Windows\ERUNT
2014-11-21 05:45 - 2014-11-21 05:45 - 00010748 _____ () C:\Users\Sally\Desktop\AdwCleaner[S0].txt
2014-11-21 05:31 - 2014-11-21 05:40 - 00000000 ____D () C:\AdwCleaner
2014-11-21 05:30 - 2014-11-20 22:07 - 01108992 _____ (Farbar) C:\Users\Sally\Desktop\FRST.exe
2014-11-21 05:30 - 2014-11-20 22:02 - 01707532 _____ (Thisisu) C:\Users\Sally\Desktop\JRT.exe
2014-11-21 05:30 - 2014-11-20 22:01 - 02140160 _____ () C:\Users\Sally\Desktop\adwcleaner_4.101.exe
2014-11-20 03:48 - 2014-11-20 03:48 - 00011567 _____ () C:\Users\Sally\Desktop\combofixtext.txt
2014-11-20 00:50 - 2014-11-20 00:50 - 00011567 _____ () C:\ComboFix.txt
2014-11-19 22:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-19 22:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-19 22:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-19 22:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-19 22:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-19 22:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-19 22:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-19 22:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-19 22:14 - 2014-11-20 00:51 - 00000000 ____D () C:\Qoobox
2014-11-19 22:12 - 2014-11-20 00:49 - 00000000 ____D () C:\Windows\erdnt
2014-11-19 22:10 - 2014-11-19 22:00 - 05598306 ____R (Swearware) C:\Users\Sally\Desktop\ComboFix.exe
2014-11-18 21:01 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 07:06 - 2014-11-18 07:07 - 01143336 _____ () C:\Users\Sally\Desktop\ESET.pdf.log
2014-11-18 07:05 - 2014-11-18 06:51 - 00186568 _____ (ESET) C:\Users\Sally\Desktop\ESETPoweliksCleaner.exe
2014-11-17 22:32 - 2014-11-17 22:30 - 00186568 _____ (ESET) C:\Users\Sally\Desktop\ESETPoweliksCleaner
2014-11-17 16:04 - 2014-11-17 16:04 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-11-17 06:47 - 2014-11-17 20:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-17 06:42 - 2014-11-17 20:32 - 00000000 ____D () C:\Users\Sally\Desktop\mbar
2014-11-17 06:33 - 2014-11-17 06:33 - 00016997 _____ () C:\Users\Sally\Desktop\RKreport_DEL_11172014_062613.log
2014-11-16 21:34 - 2014-11-16 21:34 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-16 21:34 - 2014-11-16 21:34 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-16 20:24 - 2014-11-16 20:26 - 00000000 ____D () C:\Users\Sally\Desktop\RK_Quarantine
2014-11-16 20:22 - 2014-11-16 21:21 - 14678104 _____ () C:\Users\Sally\Desktop\RogueKiller.exe
2014-11-16 20:22 - 2014-02-08 06:24 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Sally\Desktop\mbar-1.07.0.1009.exe
2014-11-16 14:18 - 2014-11-21 05:39 - 00001071 _____ () C:\Users\Sally\Desktop\malwarebytesscan.txt
2014-11-16 13:49 - 2014-11-16 13:49 - 00004459 _____ () C:\Users\Sally\Desktop\attach.txt
2014-11-16 13:49 - 2014-11-16 13:41 - 00016212 _____ () C:\Users\Sally\Desktop\dds.txt
2014-11-16 13:39 - 2014-11-16 13:35 - 00688992 ____R (Swearware) C:\Users\Sally\Desktop\dds (1).com
2014-11-16 12:33 - 2014-11-21 05:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 12:29 - 2014-11-19 20:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-16 12:29 - 2014-11-17 06:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-16 12:29 - 2014-11-16 12:29 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-16 12:29 - 2014-11-16 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-16 12:29 - 2014-11-16 12:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-16 12:29 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-16 12:29 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-16 10:48 - 2014-11-16 10:48 - 00000872 _____ () C:\Users\Sally\Desktop\mbam-setup-2.0.3.1025 - Shortcut.lnk
2014-11-16 09:58 - 2014-11-16 09:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Sally\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-16 09:25 - 2014-11-16 09:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Sally\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-14 07:13 - 2014-11-14 07:14 - 00143512 _____ () C:\Windows\Minidump\Mini111414-01.dmp
2014-11-13 21:45 - 2014-11-13 21:45 - 00015360 _____ () C:\Users\Sally\Documents\Book1.xls
2014-11-13 04:03 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 04:03 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 04:03 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 04:03 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 04:01 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 04:01 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 03:58 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 03:57 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 03:55 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 03:49 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 03:49 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 03:49 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 03:49 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 03:47 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 03:04 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 20:20 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 20:20 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 20:20 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 20:20 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 20:20 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 20:20 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 20:20 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 20:20 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 20:20 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 20:20 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 20:20 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 20:20 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 20:20 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 20:20 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 20:20 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 20:20 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 20:20 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 20:20 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 20:20 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 20:20 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 20:20 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-09 09:29 - 2014-11-09 09:29 - 00002103 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk
2014-11-09 09:29 - 2014-03-06 11:48 - 00597512 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM7112.dll
2014-11-08 23:06 - 2014-11-08 23:06 - 00139336 _____ () C:\Windows\Minidump\Mini110814-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 05:49 - 2011-08-09 18:13 - 01287380 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 05:43 - 2013-08-25 16:50 - 00000000 ____D () C:\Users\Sally\AppData\Local\HTC MediaHub
2014-11-21 05:43 - 2012-07-25 20:10 - 00258926 _____ () C:\Windows\PFRO.log
2014-11-21 05:43 - 2011-08-09 18:41 - 00000284 _____ () C:\ProgramData\hpqp.ini
2014-11-21 05:43 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 05:43 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 05:43 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 05:41 - 2009-04-09 04:51 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-21 05:41 - 2006-11-02 08:01 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-21 05:28 - 2012-03-29 17:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 05:28 - 2011-08-09 15:57 - 00000322 _____ () C:\Windows\Tasks\HPCeeScheduleForSally.job
2014-11-20 00:50 - 2014-04-22 16:46 - 00000000 ____D () C:\Users\dub_cm_auto
2014-11-20 00:50 - 2009-04-09 04:55 - 00000000 ____D () C:\Users\Administrator
2014-11-20 00:50 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-11-20 00:50 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-11-20 00:46 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-11-19 22:31 - 2011-09-22 17:33 - 00000000 ____D () C:\Users\Sally\AppData\Local\CrashDumps
2014-11-19 20:23 - 2011-08-09 18:41 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2014-11-16 20:25 - 2006-11-02 05:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 13:38 - 2013-08-25 16:31 - 00014094 _____ () C:\Windows\setupact.log
2014-11-16 13:12 - 2014-10-20 19:54 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
2014-11-16 11:12 - 2011-08-10 07:37 - 00006648 _____ () C:\Users\Sally\AppData\Local\d3d9caps.dat
2014-11-16 08:12 - 2011-09-18 19:51 - 00000000 ____D () C:\Users\Sally\AppData\Local\QuickPlay
2014-11-16 08:12 - 2011-08-10 09:56 - 00000000 ____D () C:\ProgramData\HP
2014-11-16 08:12 - 2009-04-09 06:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-16 08:12 - 2006-11-02 06:18 - 00000000 __RSD () C:\Windows\Media
2014-11-16 08:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-11-16 08:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-11-16 08:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-11-14 19:42 - 2011-09-16 19:14 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-11-14 07:13 - 2012-01-15 19:14 - 490294541 _____ () C:\Windows\MEMORY.DMP
2014-11-14 07:13 - 2012-01-15 19:14 - 00000000 ____D () C:\Windows\Minidump
2014-11-13 21:44 - 2011-08-09 18:37 - 00025088 _____ () C:\Users\Sally\Documents\ADDRESS LIST FOR CHRISTMAS CARDS.xls
2014-11-13 05:09 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 04:32 - 2006-11-02 07:47 - 00391608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 03:42 - 2013-08-14 17:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:08 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-11 20:12 - 2012-03-29 17:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-11 20:12 - 2011-08-09 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-09 09:31 - 2013-09-01 08:56 - 00000000 ____D () C:\Users\Sally\AppData\Local\HP
2014-11-09 09:30 - 2011-08-16 18:35 - 00000000 ____D () C:\Users\Sally\AppData\Roaming\HpUpdate
2014-11-09 09:29 - 2011-08-09 15:48 - 00000000 ____D () C:\Users\Sally
2014-11-09 09:27 - 2009-04-09 06:30 - 00000000 ____D () C:\Program Files\HP
2014-11-09 09:27 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\twain_32
2014-11-08 19:19 - 2013-02-02 17:23 - 00006144 _____ () C:\Users\Sally\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\Sally\AppData\Local\Temp\Quarantine.exe
C:\Users\Sally\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-21 05:51
==================== End Of Log ============================

 

[blairman]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2014
Ran by Sally at 2014-11-21 05:54:38
Running from C:\Users\Sally\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
American Greetings® CreataCard® Platinum 5 (HKLM\...\American Greetings CreataCard 5.0) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2328 - CyberLink Corp.)
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{982EC692-AF53-4B66-B56C-5199DFC207E5}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.54.0 - HTC)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.600 - Oracle)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
LightScribe System Software 1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30716.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31119 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Norton 360 (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
Photo Organizer (HKLM\...\Photo Organizer 1.8) (Version: - )
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{159FEB97-8A7B-446E-AEBF-DDC026561F1D}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20133 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-999287110-3378381917-3572788942-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-999287110-3378381917-3572788942-1000_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32 -> C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\spwizimg.dll No File
==================== Restore Points =========================
23-08-2014 12:40:25 Scheduled Checkpoint
24-08-2014 12:41:49 Device Driver Package Install: HTC, Corporation Android USB Devices
24-08-2014 12:49:49 Device Driver Package Install: HTC Corporation Ports (COM & LPT)
28-08-2014 07:00:23 Windows Update
02-09-2014 16:50:25 Scheduled Checkpoint
10-09-2014 04:06:07 Scheduled Checkpoint
10-09-2014 07:00:20 Windows Update
14-09-2014 15:11:33 Scheduled Checkpoint
22-09-2014 07:00:41 Windows Update
24-09-2014 07:00:17 Windows Update
27-09-2014 17:30:16 Scheduled Checkpoint
15-10-2014 13:00:25 Scheduled Checkpoint
16-10-2014 07:00:21 Windows Update
16-10-2014 07:00:56 Scheduled Checkpoint
16-10-2014 07:03:46 Windows Modules Installer
09-11-2014 14:21:04 Removed HP Officejet Pro 8600 Basic Device Software
09-11-2014 14:27:53 Device Driver Package Install: HP Printers
09-11-2014 14:28:11 Device Driver Package Install: Hewlett-Packard Imaging devices
09-11-2014 14:28:43 Device Driver Package Install: HP Printers
09-11-2014 14:29:17 Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
13-11-2014 08:01:43 Windows Update
14-11-2014 03:01:36 Restore Operation
16-11-2014 12:43:08 Restore Operation
17-11-2014 08:35:29 Scheduled Checkpoint
17-11-2014 11:37:13 malwarebytesrootkit
19-11-2014 01:59:51 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {162518B0-8ECD-44D5-9332-C56193584F40} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {1CE434C7-1AF5-4C64-BD06-8EEB935D1878} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {250B0B85-1A1B-4AA7-979F-DFFE1104F555} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3BBAA8CA-0AFA-4F0A-BD34-87B233599068} - System32\Tasks\HPCeeScheduleForSally => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {6AEE5A07-45BE-44F0-8AD4-14C9BF98C84A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {76DCC44E-70B7-4CB1-9906-4A5E8C47ACAF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {77605A8D-4FFA-4E52-9C12-5251E5754377} - \VisualBeeRecovery No Task File <==== ATTENTION
Task: {903D29E5-D460-4093-ACFD-819237D49366} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {9056F1F4-17CD-403B-943B-3A185F76702D} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {B311C0A1-57A7-4C46-87F4-7BD1FBFFA67D} - \FF Watcher {B91FE0E0-3F9E-415B-AE8C-2F54975034F2} No Task File <==== ATTENTION
Task: {F114D7FA-ECCD-46CA-A94A-2311A9AE67D5} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {F8AEAE50-B5B0-4D71-A196-2A548EF4BB30} - System32\Tasks\Microsoft\Windows\RestartManager\{EBF703A6-0F5D-458f-B51D-FAED3B3C97F7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSally.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 15:59 - 2007-08-14 15:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-09-30 18:52 - 2008-09-30 18:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-09-30 18:56 - 2008-09-30 18:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-09-30 18:51 - 2008-09-30 18:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-09-30 18:51 - 2008-09-30 18:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-09-30 18:51 - 2008-09-30 18:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-09-30 18:51 - 2008-09-30 18:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2011-08-20 13:01 - 2009-04-11 01:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-09-30 18:51 - 2008-09-30 18:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-09-30 18:52 - 2008-09-30 18:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2013-08-15 15:40 - 2013-08-15 15:40 - 00030056 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2013-08-15 15:41 - 2013-08-15 15:41 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2013-08-15 15:41 - 2013-08-15 15:41 - 00044392 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-15 15:41 - 2013-08-15 15:41 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-15 15:42 - 2013-08-15 15:42 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-15 15:49 - 2013-08-15 15:49 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2009-04-09 06:31 - 2008-10-06 11:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-09 06:31 - 2008-10-06 11:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2009-04-09 06:24 - 2008-09-15 09:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2013-08-15 15:43 - 2013-08-15 15:43 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2009-04-09 05:28 - 2008-04-11 11:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================
Administrator (S-1-5-21-999287110-3378381917-3572788942-500 - Administrator - Disabled)
Guest (S-1-5-21-999287110-3378381917-3572788942-501 - Limited - Disabled)
Sally (S-1-5-21-999287110-3378381917-3572788942-1000 - Administrator - Enabled) => C:\Users\Sally
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-11-21 05:54:33.272
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-21 05:54:32.835
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-21 05:54:32.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-21 05:54:31.946
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-21 05:54:14.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-11-21 05:54:14.067
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-11-21 05:54:13.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-11-21 05:54:13.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
Date: 2014-11-21 05:54:00.900
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20141118.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-21 05:54:00.463
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20141118.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 40%
Total physical RAM: 3002.45 MB
Available physical RAM: 1791.27 MB
Total Pagefile: 6223.15 MB
Available Pagefile: 4757.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:454.84 GB) (Free:329.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (AGCCARDCD2) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F9C66BD5)
Partition 1: (Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================