lman2

Here is the adwcleaner log AdwCleanerC2.txt

Thanks for the speedy reply. Attached are the Farbar logs. Addition.txt FRST.txt

Good evening, Thank you for taking the time to help. I was browsing the internet the other day and got a popup that kept flashing with audio saying my laptop was suddenly infected with malware and to have it fixed before putting in any personal information to prevent fraud. My laptop has been running slow ever since and was hoping someone could help. Here is the log. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015 Ran by Louis (administrator) on LOUIS-HP (23-09-2015 20:54:29) Running from C:\Users\Louis\Downloads Loaded Profiles: Louis & (Available Profiles: Louis & Mcx1-LOUIS-HP & Guest & DefaultAppPool) Platform: Windows 10 Home (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (The Eraser Project) C:\Program Files\Eraser\Eraser.exe (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Microsoft) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPResignFileLoader.exe (Farbar) C:\Users\Louis\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-03-03] (IDT, Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] () HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-06-08] (LogMeIn, Inc.) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.) HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.) HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation) HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe <==== ATTENTION HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Guest\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{026e2e1f-48f6-405b-8be5-2e5c648b768b}: [DhcpNameServer] 172.26.38.1 172.26.38.2 Tcpip\..\Interfaces\{7ae4314c-6078-45f5-8aff-72c7dd5f8bdf}: [DhcpNameServer] 209.18.47.61 209.18.47.62 Internet Explorer: ================== HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1 HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1 HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1 HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT/1 HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1 HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1 HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1 SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> DefaultScope {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {BB52DC5F-6AC7-4263-83CB-89F82A317019} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL = SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-20] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-20] (Oracle Corporation) Toolbar: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FireFox: ======== FF ProfilePath: C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p= FF Homepage: boxingnews24.com FF NetworkProxy: "no_proxies_on", "*.local" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-11-08] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll No File FF Plugin HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll No File FF user.js: detected! => C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\user.js [2014-08-05] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-11] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-11] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-11] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-11] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-11] (Apple Inc.) FF Extension: Youtube MP3 Podcaster - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-09-21] FF Extension: Adblock Plus - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-07] FF HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File CHR Profile: C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Magic Actions for YouTube™) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-09-20] CHR Extension: (PC Gizmos) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkolhbfkfffmhanhkpnhnphpfpgbgcp [2013-07-17] CHR Extension: (Adblock Plus) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-13] CHR Extension: (Adblock for Youtube™) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-09-20] CHR Extension: (Google Search) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06] CHR Extension: (AdBlock) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-13] CHR Extension: (YouTube To MP3!) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgdohmjplligggendhbmghhmpphabopi [2015-09-20] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02] CHR Extension: (Gmail) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-09-23] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507752 2015-09-23] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-06-08] (LogMeIn, Inc.) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-10] (Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-10] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-10] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc.) S4 LMIRfsClientNP; no ImagePath R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-23] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-10] (Microsoft Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) U3 idsvc; no ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-23 20:53 - 2015-09-23 20:54 - 02192384 _____ (Farbar) C:\Users\Louis\Downloads\FRST64(1).exe 2015-09-23 20:30 - 2015-09-23 20:30 - 00016148 _____ C:\WINDOWS\system32\LOUIS-HP_Louis_HistoryPrediction.bin 2015-09-23 19:46 - 2015-09-23 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-09-23 19:46 - 2015-09-23 19:46 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-09-23 19:46 - 2015-09-23 19:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2015-09-23 19:28 - 2015-09-23 19:45 - 02865192 _____ (Malwarebytes ) C:\Users\Louis\Downloads\mbae-setup-1.07.1.1015.exe 2015-09-23 18:10 - 2015-09-23 18:10 - 00469776 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin98ip.dll 2015-09-21 14:09 - 2015-09-21 14:09 - 00000000 ____D C:\Users\Louis\AppData\Local\Plex Media Server 2015-09-21 14:05 - 2015-09-21 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server 2015-09-21 14:04 - 2015-09-21 14:04 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-21 14:04 - 2015-09-21 14:04 - 00000000 ____D C:\Program Files (x86)\Plex 2015-09-21 13:38 - 2015-09-21 14:03 - 86981096 _____ (Plex, Inc.) C:\Users\Louis\Downloads\Plex-Media-Server-0.9.1211.1406-8403350-en-US.exe 2015-09-20 18:27 - 2015-09-20 18:27 - 00000000 ____D C:\Users\Louis\AppData\Roaming\Sun 2015-09-20 18:27 - 2015-09-20 18:27 - 00000000 ____D C:\Users\Louis\.oracle_jre_usage 2015-09-20 17:29 - 2015-09-20 17:29 - 04383777 _____ C:\Users\Louis\Downloads\tdsskiller.zip 2015-09-20 17:29 - 2015-09-20 17:29 - 00000000 ____D C:\Users\Louis\AppData\Local\MicrosoftEdge 2015-09-20 10:47 - 2015-09-20 10:47 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-09-20 10:47 - 2015-09-20 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-09-20 10:46 - 2015-09-20 10:47 - 00000000 ____D C:\Program Files\iTunes 2015-09-20 10:46 - 2015-09-20 10:46 - 00000000 ____D C:\Program Files\iPod 2015-09-20 10:46 - 2015-09-20 10:46 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-09-20 10:43 - 2015-09-20 10:43 - 00000000 ____D C:\Program Files\Bonjour 2015-09-20 10:43 - 2015-09-20 10:43 - 00000000 ____D C:\Program Files (x86)\Bonjour 2015-09-20 10:42 - 2015-09-20 10:42 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2015-09-20 10:42 - 2015-09-20 10:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2015-09-10 19:20 - 2015-09-23 19:15 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForLouis.job 2015-09-10 19:20 - 2015-09-23 17:58 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLouis 2015-09-10 19:20 - 2015-09-01 21:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-09-10 19:20 - 2015-09-01 20:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-09-10 19:20 - 2015-09-01 20:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-09-10 19:20 - 2015-08-27 02:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-09-10 19:20 - 2015-08-27 02:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-09-10 19:20 - 2015-08-27 02:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-09-10 19:20 - 2015-08-27 01:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-09-10 19:20 - 2015-08-27 01:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-09-10 19:20 - 2015-08-27 01:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-09-10 19:20 - 2015-08-27 01:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-09-10 19:20 - 2015-08-27 01:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-09-10 19:20 - 2015-08-27 01:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-09-10 19:20 - 2015-08-27 01:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-09-10 19:20 - 2015-08-27 01:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-09-10 19:20 - 2015-08-27 01:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-09-10 19:20 - 2015-08-27 01:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-09-10 19:20 - 2015-08-27 01:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-09-10 19:20 - 2015-08-27 01:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-09-10 19:20 - 2015-08-27 01:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll 2015-09-10 19:20 - 2015-08-27 01:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-09-10 19:20 - 2015-08-27 01:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-09-10 19:20 - 2015-08-27 01:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-09-10 19:20 - 2015-08-27 01:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-09-10 19:20 - 2015-08-27 01:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-09-10 19:20 - 2015-08-27 01:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-09-10 19:20 - 2015-08-27 01:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2015-09-10 19:20 - 2015-08-27 01:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-09-10 19:20 - 2015-08-27 01:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-09-10 19:20 - 2015-08-27 01:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2015-09-10 19:20 - 2015-08-27 01:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2015-09-10 19:20 - 2015-08-27 01:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-09-10 19:20 - 2015-08-27 01:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-09-07 14:18 - 2015-08-20 02:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-09-07 14:18 - 2015-08-20 01:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-09-07 14:17 - 2015-08-20 02:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-09-07 14:17 - 2015-08-20 02:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-09-07 14:17 - 2015-08-20 01:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2015-09-07 14:17 - 2015-08-20 01:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll 2015-09-07 14:17 - 2015-08-20 01:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-09-07 14:17 - 2015-08-18 03:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-09-07 14:17 - 2015-08-18 03:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2015-09-07 14:17 - 2015-08-18 03:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-09-07 14:17 - 2015-08-18 03:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-09-07 14:17 - 2015-08-18 03:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-09-07 14:17 - 2015-08-18 03:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-09-07 14:17 - 2015-08-18 03:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2015-09-07 14:17 - 2015-08-18 03:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-09-07 14:17 - 2015-08-18 03:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2015-09-07 14:17 - 2015-08-18 03:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2015-09-07 14:17 - 2015-08-18 03:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-09-07 14:17 - 2015-08-18 02:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll 2015-09-07 14:17 - 2015-08-18 02:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll 2015-09-07 14:17 - 2015-08-18 02:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2015-09-07 14:17 - 2015-08-18 02:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll 2015-09-07 14:17 - 2015-08-18 02:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll 2015-09-07 14:17 - 2015-08-18 02:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll 2015-09-07 14:17 - 2015-08-18 02:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2015-09-07 14:17 - 2015-08-18 02:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll 2015-09-07 14:17 - 2015-08-18 02:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-09-07 14:17 - 2015-08-18 02:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll 2015-09-07 14:17 - 2015-08-18 02:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll 2015-09-07 14:17 - 2015-08-18 02:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-09-07 14:17 - 2015-08-18 02:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-09-07 14:17 - 2015-08-18 02:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2015-09-07 14:17 - 2015-08-18 02:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2015-09-07 14:17 - 2015-08-18 02:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll 2015-09-07 14:17 - 2015-08-18 02:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll 2015-09-07 14:17 - 2015-08-18 02:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll 2015-09-07 14:17 - 2015-08-18 02:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll 2015-09-07 14:17 - 2015-08-18 02:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2015-09-07 14:17 - 2015-08-18 02:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-09-07 14:17 - 2015-08-18 02:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll 2015-09-07 14:17 - 2015-08-18 00:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList 2015-09-06 19:53 - 2015-09-06 19:55 - 00000000 ____D C:\Users\Louis\AppData\Local\Comms 2015-09-06 17:58 - 2015-09-20 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-06 17:32 - 2015-09-06 17:32 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-09-06 17:22 - 2015-08-11 05:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-09-06 17:21 - 2015-08-13 00:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2015-09-06 17:21 - 2015-08-13 00:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2015-09-06 17:21 - 2015-08-12 23:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2015-09-06 17:21 - 2015-08-11 06:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-09-06 17:21 - 2015-08-11 06:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-09-06 17:21 - 2015-08-11 06:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2015-09-06 17:21 - 2015-08-11 06:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2015-09-06 17:21 - 2015-08-11 06:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2015-09-06 17:21 - 2015-08-11 06:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2015-09-06 17:21 - 2015-08-11 06:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2015-09-06 17:21 - 2015-08-11 05:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2015-09-06 17:21 - 2015-08-11 05:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2015-09-06 17:21 - 2015-08-11 05:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-09-06 17:21 - 2015-08-11 05:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-09-06 17:21 - 2015-08-11 05:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2015-09-06 17:21 - 2015-08-11 05:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2015-09-06 17:21 - 2015-08-11 05:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2015-09-06 17:21 - 2015-08-11 05:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2015-09-06 17:21 - 2015-08-11 05:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-09-06 17:21 - 2015-08-11 05:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2015-09-06 17:21 - 2015-08-11 05:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2015-09-06 17:21 - 2015-08-11 05:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2015-09-06 17:21 - 2015-08-11 05:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2015-09-06 17:21 - 2015-08-11 05:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-09-06 17:21 - 2015-08-11 05:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll 2015-09-06 17:21 - 2015-08-11 05:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll 2015-09-06 17:21 - 2015-08-11 05:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll 2015-09-06 17:21 - 2015-08-11 05:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2015-09-06 17:21 - 2015-08-11 05:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-09-06 17:21 - 2015-08-11 05:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-09-06 17:21 - 2015-08-11 05:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll 2015-09-06 17:21 - 2015-08-11 05:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2015-09-06 17:21 - 2015-08-11 05:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2015-09-06 17:21 - 2015-08-11 05:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-09-06 17:21 - 2015-08-11 05:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-09-06 17:21 - 2015-08-11 05:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-09-06 17:21 - 2015-08-11 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe 2015-09-06 17:21 - 2015-08-11 05:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-09-06 17:21 - 2015-08-11 05:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2015-09-06 17:21 - 2015-08-11 05:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2015-09-06 17:21 - 2015-08-11 05:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-09-06 17:21 - 2015-08-11 05:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll 2015-09-06 17:21 - 2015-08-11 05:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2015-09-06 17:21 - 2015-08-11 05:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll 2015-09-06 17:21 - 2015-08-11 05:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll 2015-09-06 17:21 - 2015-08-11 05:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2015-09-06 17:21 - 2015-08-11 05:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-09-06 17:21 - 2015-08-11 05:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2015-09-06 17:21 - 2015-08-11 05:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-09-06 17:21 - 2015-08-11 05:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2015-09-06 17:21 - 2015-08-11 05:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll 2015-09-06 17:21 - 2015-08-11 04:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2015-09-06 17:21 - 2015-08-11 04:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll 2015-09-06 17:21 - 2015-08-11 04:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2015-09-06 17:21 - 2015-08-11 04:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll 2015-09-06 17:21 - 2015-08-11 04:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2015-09-06 17:21 - 2015-08-11 04:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-09-06 17:21 - 2015-08-11 04:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2015-09-06 17:21 - 2015-08-11 04:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-09-06 17:21 - 2015-08-11 04:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll 2015-09-06 17:21 - 2015-08-11 04:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2015-09-06 17:21 - 2015-08-11 04:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll 2015-09-06 17:21 - 2015-08-11 04:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2015-09-06 17:21 - 2015-08-11 04:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-09-06 17:21 - 2015-08-11 04:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-09-06 17:21 - 2015-08-11 04:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll 2015-09-06 17:21 - 2015-08-11 04:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-09-06 17:21 - 2015-08-11 04:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2015-09-06 17:21 - 2015-08-11 04:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2015-09-06 17:21 - 2015-08-11 04:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-09-06 17:21 - 2015-08-11 04:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2015-09-06 17:21 - 2015-08-11 04:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-09-06 17:21 - 2015-08-11 04:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2015-09-06 17:21 - 2015-08-11 04:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-23 20:54 - 2014-04-18 18:48 - 00027935 _____ C:\Users\Louis\Downloads\FRST.txt 2015-09-23 20:54 - 2014-04-18 18:47 - 00000000 ____D C:\FRST 2015-09-23 20:47 - 2012-11-08 22:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-09-23 20:21 - 2013-11-23 02:41 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-23 20:16 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-09-23 19:24 - 2014-01-22 03:26 - 00001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk 2015-09-23 19:24 - 2014-01-22 03:26 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2015-09-23 19:23 - 2012-10-06 16:32 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2015-09-23 19:21 - 2014-06-10 17:34 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-09-23 19:19 - 2013-11-23 02:41 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-23 19:18 - 2012-10-06 16:33 - 00122752 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll 2015-09-23 19:18 - 2012-10-06 16:33 - 00107368 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll 2015-09-23 19:18 - 2012-10-06 16:33 - 00035688 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll 2015-09-23 19:16 - 2015-08-10 00:35 - 00000000 ____D C:\Users\Louis 2015-09-23 19:16 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-23 19:15 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-09-23 19:15 - 2012-10-06 16:33 - 00000000 ____D C:\ProgramData\LogMeIn 2015-09-23 18:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-09-23 17:56 - 2010-12-27 15:12 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log 2015-09-21 19:25 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-21 15:01 - 2012-11-30 23:51 - 00000296 _____ C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job 2015-09-21 11:41 - 2015-08-10 01:33 - 00000000 ____D C:\Users\Louis\OneDrive 2015-09-21 06:03 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache 2015-09-20 21:43 - 2015-08-10 01:27 - 00000000 ____D C:\Users\Louis\AppData\Local\Packages 2015-09-20 19:10 - 2015-07-10 08:20 - 00026969 _____ C:\WINDOWS\setupact.log 2015-09-20 18:40 - 2015-04-19 19:26 - 00007611 _____ C:\Users\Louis\AppData\Local\Resmon.ResmonCfg 2015-09-20 18:29 - 2014-06-10 16:34 - 00000000 ____D C:\ProgramData\Oracle 2015-09-20 18:28 - 2014-10-16 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-20 18:27 - 2015-01-23 23:48 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-09-20 18:27 - 2010-09-03 02:39 - 00000000 ____D C:\Program Files (x86)\Java 2015-09-20 17:50 - 2015-07-10 08:20 - 04973136 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-20 17:49 - 2015-08-10 00:25 - 00009472 _____ C:\WINDOWS\PFRO.log 2015-09-20 17:48 - 2015-07-10 05:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI 2015-09-20 17:48 - 2012-05-11 00:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-20 17:47 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-20 17:47 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-09-20 17:28 - 2012-10-31 22:49 - 02213976 _____ (Kaspersky Lab ZAO) C:\Users\Louis\Desktop\TDSSKiller.exe 2015-09-20 11:23 - 2015-08-10 01:08 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-09-20 11:16 - 2013-11-23 02:41 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-20 11:16 - 2013-11-23 02:41 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-20 10:51 - 2010-11-21 04:30 - 00000000 ____D C:\ProgramData\WildTangent 2015-09-20 10:51 - 2010-11-21 04:30 - 00000000 ____D C:\Program Files (x86)\HP Games 2015-09-20 10:51 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-09-20 10:46 - 2010-12-25 15:51 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-09-20 10:42 - 2010-12-25 15:52 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-09-20 10:39 - 2011-08-26 03:26 - 00000000 ____D C:\Users\Louis\AppData\Local\Google 2015-09-20 10:28 - 2015-08-10 01:33 - 00002338 _____ C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-09-15 12:12 - 2015-07-10 07:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-09-15 12:12 - 2015-07-10 07:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-10 20:05 - 2011-03-24 11:08 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-10 19:59 - 2013-07-16 15:05 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-08 00:14 - 2015-08-10 00:33 - 01009666 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-09-08 00:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-09-07 12:14 - 2010-12-25 14:13 - 00003502 _____ C:\WINDOWS\System32\Tasks\ServicePlan 2015-09-07 12:10 - 2012-05-23 17:43 - 00000258 __RSH C:\ProgramData\ntuser.pol 2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning 2015-09-07 11:57 - 2012-05-12 01:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-09-07 11:57 - 2012-05-12 01:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-26 18:37 - 2010-12-26 06:32 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2011-07-02 02:07 - 2010-11-04 21:57 - 0055632 _____ (Microsoft Corporation) C:\Users\Louis\AppData\Roaming\C4Y44N69RH.exe 2011-03-29 01:18 - 2011-07-04 02:47 - 0001854 _____ () C:\Users\Louis\AppData\Roaming\GhostObjGAFix.xml 2013-05-17 00:55 - 2013-05-17 02:10 - 0001452 _____ () C:\Users\Louis\AppData\Roaming\Keys 2012-11-03 23:50 - 2013-03-26 00:42 - 0000029 _____ () C:\Users\Louis\AppData\Roaming\mbam.context.scan 2012-09-21 15:49 - 2012-11-08 20:50 - 0213187 _____ () C:\Users\Louis\AppData\Roaming\MMUpgrade.jpg 2011-07-20 20:43 - 2014-06-17 17:09 - 0044963 _____ () C:\Users\Louis\AppData\Roaming\UserTile.png 2010-12-29 21:24 - 2013-10-19 18:28 - 0008192 _____ () C:\Users\Louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-04-19 19:26 - 2015-09-20 18:40 - 0007611 _____ () C:\Users\Louis\AppData\Local\Resmon.ResmonCfg 2011-07-17 07:33 - 2011-07-21 00:51 - 0001940 _____ () C:\Users\Louis\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini 2015-02-04 00:01 - 2015-02-04 00:18 - 0000444 _____ () C:\ProgramData\hpzinstall.log 2012-04-17 22:29 - 2014-12-18 15:01 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2010-11-21 04:25 - 2010-11-21 04:25 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-09-03 02:06 - 2010-09-03 02:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-11-21 04:25 - 2010-11-21 04:25 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-09-03 01:59 - 2010-09-03 02:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-11-21 04:24 - 2010-11-21 04:24 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-11-21 04:25 - 2010-11-21 04:25 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-09-03 01:58 - 2010-09-03 01:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-09-03 02:00 - 2010-09-03 02:06 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-11-21 04:26 - 2010-11-21 04:26 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Files to move or delete: ==================== C:\Users\Guest\InDesignServer_8_LS18.exe Some files in TEMP: ==================== C:\Users\Louis\AppData\Local\Temp\jre-8u60-windows-au.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-21 04:57 ==================== End of FRST.txt ============================

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/10/2014 Scan Time: 5:24:31 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.10.08 Rootkit Database: v2014.06.02.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Margo Scan Type: Threat Scan Result: Completed Objects Scanned: 265774 Time Elapsed: 33 min, 32 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Rkill 2.6.6 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/10/2014 04:58:56 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 06/10/2014 05:00:22 PM Execution time: 0 hours(s), 1 minute(s), and 25 seconds(s)

can someone help me please? A couple days after posting these logs I got the blue screen. Then when it rebooted it was on a black screen that basically said to insert harddrive or something. I couldnt get it to start up past that screen so I left it alone for like a week. I just turned it on and it went to windows fix or w.e its called and did a system restore and now all of a sudden its working again.

Users shortcut scan result (x64) Version: 11-05-2014 01 Ran by Margo at 2014-05-12 18:47:10 Running from C:\Users\Margo\Downloads Boot Mode: Normal ==================== Shortcuts ============================= Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk -> C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Call.lnk -> C:\Program Files (x86)\Windows Live\Messenger\wlcstart.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Messenger .lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter\Roxio Burn Options.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter\Roxio Creator Starter.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Getting Started.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\gtngstrtd.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Calendar.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Database.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Portfolio.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Word Processor.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam\Dell Webcam Central.lnk -> C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\CyberLink PowerDVD 9.5.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\PowerDVD 9.5 Help file.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\PowerDVD9.CHM () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\Links\Desktop.lnk -> C:\Users\Margo\Desktop () Shortcut: C:\Users\Margo\Links\Downloads.lnk -> C:\Users\Margo\Downloads () Shortcut: C:\Users\Margo\Desktop\Google Chrome.lnk -> C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 012 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 012.wmv () Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 013 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 013.wmv () Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 014 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 014.wmv () Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 015 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 015.wmv () Shortcut: C:\Users\Public\Desktop\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) Shortcut: C:\Users\Public\Desktop\Microsoft Works.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation) Shortcut: C:\Users\Public\Desktop\Roxio Creator Starter.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe () ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter\Roxio Burn.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () -> /STARTMENU ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 InternetURL: C:\Users\Margo\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice ==================== End of log =============================

here are the three farbar logs Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01Ran by Margo (administrator) on MININT-4LVINM5 on 12-05-2014 18:39:42Running from C:\Users\Margo\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\System32\dfrgui.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe(Farbar) C:\Users\Margo\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1862952 2009-10-13] (Synaptics Incorporated)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-03] (Realtek Semiconductor)HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3995906719-3827859630-497814531-1003\...\Run: [Google Update] => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-17] (Google Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox:========FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Margo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Margo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No FileCHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll No FileCHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll No FileCHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Users\Margo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No FileCHR Extension: (YouTube) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]CHR Extension: (Adblock Plus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-12]CHR Extension: (Google Search) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]CHR Extension: (AdBlock) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-12]CHR Extension: (Google Wallet) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28] ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\Acceler.sys C49C56B35BFC6CDA8D1FDCAD2885568FC:\Windows\System32\drivers\ACPI.sys ==> MD5 is legitC:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legitC:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legitC:\Windows\system32\drivers\adpahci.sys ==> MD5 is legitC:\Windows\system32\drivers\adpu320.sys ==> MD5 is legitC:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228C:\Windows\system32\drivers\agp440.sys ==> MD5 is legitC:\Windows\system32\drivers\aliide.sys ==> MD5 is legitC:\Windows\system32\drivers\amdide.sys ==> MD5 is legitC:\Windows\system32\drivers\amdk8.sys ==> MD5 is legitC:\Windows\system32\drivers\amdppm.sys ==> MD5 is legitC:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legitC:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048C:\Windows\system32\drivers\appid.sys ==> MD5 is legitC:\Windows\system32\drivers\arc.sys ==> MD5 is legitC:\Windows\system32\drivers\arcsas.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legitC:\Windows\System32\drivers\atapi.sys ==> MD5 is legitC:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bcmwl664.sys 6F1BBCC35E33AD4404E0CD782D47CAF3C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legitC:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legitC:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legitC:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legitC:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legitC:\Windows\system32\drivers\circlass.sys ==> MD5 is legitC:\Windows\System32\CLFS.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legitC:\Windows\system32\drivers\cmdide.sys ==> MD5 is legitC:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legitC:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legitC:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legitC:\Windows\System32\drivers\discache.sys ==> MD5 is legitC:\Windows\System32\drivers\disk.sys ==> MD5 is legitC:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legitC:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52C:\Windows\system32\drivers\evbda.sys ==> MD5 is legitC:\Windows\system32\drivers\elxstor.sys ==> MD5 is legitC:\Windows\system32\drivers\errdev.sys ==> MD5 is legitC:\Windows\System32\Drivers\exfat.sys ==> MD5 is legitC:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legitC:\Windows\system32\drivers\fdc.sys ==> MD5 is legitC:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legitC:\Windows\System32\drivers\filetrace.sys ==> MD5 is legitC:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitC:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legitC:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7BC:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legitC:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AFC:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legitC:\Windows\system32\drivers\hidbth.sys ==> MD5 is legitC:\Windows\system32\drivers\hidir.sys ==> MD5 is legitC:\Windows\system32\drivers\hidusb.sys ==> MD5 is legitC:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legitC:\Windows\System32\drivers\HTTP.sys ==> MD5 is legitC:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legitC:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366C:\Windows\System32\DRIVERS\igdkmd64.sys 0372C154226F7074CD150F475A4870A6C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\Impcd.sys 4B6363CD4610BB848531BB260B15DFCCC:\Windows\System32\drivers\RTKVHD64.sys DCF6AFBA140AF3F880A427C2656BE44DC:\Windows\System32\DRIVERS\IntcDAud.sys DA24C1F66EE1B5A92E045376D7A44B58C:\Windows\system32\drivers\intelide.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legitC:\Windows\System32\drivers\ipnat.sys ==> MD5 is legitC:\Windows\System32\drivers\irenum.sys ==> MD5 is legitC:\Windows\system32\drivers\isapnp.sys ==> MD5 is legitC:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legitC:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legitC:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54CC:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legitC:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legitC:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legitC:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legitC:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legitC:\Windows\system32\drivers\luafv.sys ==> MD5 is legitC:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910C:\Windows\system32\drivers\megasas.sys ==> MD5 is legitC:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legitC:\Windows\System32\drivers\modem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legitC:\Windows\system32\drivers\mouhid.sys ==> MD5 is legitC:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9C:\Windows\system32\drivers\mpio.sys ==> MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68ACC:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30CC:\Windows\System32\drivers\msahci.sys ==> MD5 is legitC:\Windows\system32\drivers\msdsm.sys ==> MD5 is legitC:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legitC:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legitC:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legitC:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legitC:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legitC:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legitC:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legitC:\Windows\System32\Drivers\mup.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legitC:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legitC:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legitC:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692BC:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legitC:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0C:\Windows\System32\Drivers\Null.sys ==> MD5 is legitC:\Windows\system32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7DC:\Windows\system32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66ADC:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4AC:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legitC:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legitC:\Windows\system32\drivers\parport.sys ==> MD5 is legitC:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9CC:\Windows\System32\drivers\pci.sys ==> MD5 is legitC:\Windows\system32\drivers\pciide.sys ==> MD5 is legitC:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legitC:\Windows\System32\drivers\pcw.sys ==> MD5 is legitC:\Windows\System32\drivers\peauth.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legitC:\Windows\system32\drivers\processr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legitC:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legitC:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legitC:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legitC:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legitC:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legitC:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0AC:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legitC:\Windows\System32\Drivers\RtsUStor.sys 502B316947EA887CDDD325D4745EB7D0C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legitC:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\serenum.sys ==> MD5 is legitC:\Windows\system32\drivers\serial.sys ==> MD5 is legitC:\Windows\system32\drivers\sermouse.sys ==> MD5 is legitC:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legitC:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legitC:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legitC:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legitC:\Windows\System32\Drivers\spldr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0BC:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\SynTP.sys 5BAC1DF7DBB5E3AADA8AB0AE3C2DCA40C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABCC:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legitC:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legitC:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legitC:\Windows\system32\drivers\uagp35.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legitC:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legitC:\Windows\system32\drivers\umpass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83AC:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BAC:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DCC:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitC:\Windows\System32\drivers\vga.sys ==> MD5 is legitC:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legitC:\Windows\system32\drivers\viaide.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legitC:\Windows\System32\drivers\volsnap.sys ==> MD5 is legitC:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legitC:\Windows\system32\drivers\wacompen.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\system32\drivers\wd.sys ==> MD5 is legitC:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legitC:\Windows\System32\drivers\wimmount.sys ==> MD5 is legitC:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906DC:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legitC:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legitC:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869FC:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-12 18:43 - 2014-05-12 18:44 - 00000000 ____D () C:\b064bb6d8916d257122014-05-12 18:40 - 2014-05-12 18:44 - 00000000 ____D () C:\323f7c22c1137afd6ef8742014-05-12 18:39 - 2014-05-12 18:44 - 00026196 _____ () C:\Users\Margo\Downloads\FRST.txt2014-05-12 18:39 - 2014-05-12 18:39 - 00000000 ____D () C:\FRST2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64.exe2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64 (1).exe2014-05-12 18:37 - 2014-05-12 18:37 - 00001945 _____ () C:\Windows\epplauncher.mif2014-05-12 18:36 - 2014-05-12 18:36 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client2014-05-12 18:35 - 2014-05-12 18:35 - 00000000 ____D () C:\Windows\LastGood2014-05-12 18:33 - 2014-05-12 18:33 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Oracle2014-05-12 18:32 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-05-12 18:32 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-05-12 18:32 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-05-12 18:32 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-05-12 18:31 - 2014-05-12 18:32 - 00005428 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log ==================== One Month Modified Files and Folders ======= 2014-05-12 18:44 - 2014-05-12 18:43 - 00000000 ____D () C:\b064bb6d8916d257122014-05-12 18:44 - 2014-05-12 18:40 - 00000000 ____D () C:\323f7c22c1137afd6ef8742014-05-12 18:44 - 2014-05-12 18:39 - 00026196 _____ () C:\Users\Margo\Downloads\FRST.txt2014-05-12 18:44 - 2011-10-31 19:55 - 01302774 _____ () C:\Windows\WindowsUpdate.log2014-05-12 18:39 - 2014-05-12 18:39 - 00000000 ____D () C:\FRST2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64.exe2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64 (1).exe2014-05-12 18:37 - 2014-05-12 18:37 - 00001945 _____ () C:\Windows\epplauncher.mif2014-05-12 18:37 - 2011-11-17 12:01 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA.job2014-05-12 18:37 - 2011-11-17 12:01 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core.job2014-05-12 18:36 - 2014-05-12 18:36 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client2014-05-12 18:35 - 2014-05-12 18:35 - 00000000 ____D () C:\Windows\LastGood2014-05-12 18:33 - 2014-05-12 18:33 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Oracle2014-05-12 18:33 - 2013-09-20 02:35 - 00000000 ____D () C:\ProgramData\Oracle2014-05-12 18:32 - 2014-05-12 18:31 - 00005428 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log2014-05-12 18:32 - 2013-09-20 02:35 - 00000000 ____D () C:\Program Files (x86)\Java2014-05-12 18:32 - 2011-11-17 12:01 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA2014-05-12 18:32 - 2011-11-17 12:01 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core2014-05-12 18:30 - 2011-11-11 04:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2014-05-12 18:28 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-12 18:28 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-12 18:26 - 2009-07-14 00:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-12 18:20 - 2013-07-08 22:36 - 00004212 _____ () C:\Windows\setupact.log2014-05-12 18:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-14 20:13 - 2014-05-12 18:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-04-14 20:05 - 2014-05-12 18:32 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-04-14 20:05 - 2014-05-12 18:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-04-14 20:04 - 2014-05-12 18:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe Some content of TEMP:====================C:\Users\Margo\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Margo\AppData\Local\Temp\mpam-76108790.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows Boot Manager--------------------identifier {bootmgr}device partition=C:description Windows Boot Managerlocale en-USinherit {globalsettings}default {current}resumeobject {cae1eb6e-042b-11e1-aadf-f04da24b68ec}displayorder {current}toolsdisplayorder {memdiag}timeout 30 Windows Boot Loader-------------------identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}device ramdisk=[D:]\Recovery\WindowsRE\winpe.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}path \windows\system32\boot\winload.exedescription Capture bootlocale en-USosdevice ramdisk=[D:]\Recovery\WindowsRE\winpe.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}systemroot \windowsnx OptIndetecthal Yeswinpe Yesems Yes Windows Boot Loader-------------------identifier {current}device partition=C:path \Windows\system32\winload.exedescription Windows 7locale en-USinherit {bootloadersettings}recoverysequence {cae1eb72-042b-11e1-aadf-f04da24b68ec}recoveryenabled Yesosdevice partition=C:systemroot \Windowsresumeobject {cae1eb6e-042b-11e1-aadf-f04da24b68ec}nx OptIn Windows Boot Loader-------------------identifier {cae1eb72-042b-11e1-aadf-f04da24b68ec}device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{cae1eb73-042b-11e1-aadf-f04da24b68ec}path \windows\system32\winload.exedescription Windows Recovery Environmentinherit {bootloadersettings}osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{cae1eb73-042b-11e1-aadf-f04da24b68ec}systemroot \windowsnx OptInwinpe Yes Resume from Hibernate---------------------identifier {cae1eb6e-042b-11e1-aadf-f04da24b68ec}device partition=C:path \Windows\system32\winresume.exedescription Windows Resume Applicationlocale en-USinherit {resumeloadersettings}filedevice partition=C:filepath \hiberfil.sysdebugoptionenabled No Windows Memory Tester---------------------identifier {memdiag}device partition=C:path \boot\memtest.exedescription Windows Memory Diagnosticlocale en-USinherit {globalsettings}badmemoryaccess Yes EMS Settings------------identifier {emssettings}bootems Yes Debugger Settings-----------------identifier {dbgsettings}debugtype Serialdebugport 1baudrate 115200 RAM Defects-----------identifier {badmemory} Global Settings---------------identifier {globalsettings}inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings--------------------identifier {bootloadersettings}inherit {globalsettings} {hypervisorsettings} Hypervisor Settings-------------------identifier {hypervisorsettings}hypervisordebugtype Serialhypervisordebugport 1hypervisorbaudrate 115200 Resume Loader Settings----------------------identifier {resumeloadersettings}inherit {globalsettings} Device options--------------identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}description Ramdisk loaderramdisksdidevice partition=C:ramdisksdipath \windows\boot\dvd\pcat\boot.sdi Device options--------------identifier {cae1eb73-042b-11e1-aadf-f04da24b68ec}description Ramdisk Optionsramdisksdidevice partition=D:ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2014-03-10 23:04 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01Ran by Margo at 2014-05-12 18:44:59Running from C:\Users\Margo\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) HiddenDell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.9.5 - Synaptics Incorporated)Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) HiddenGoogle Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJunk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) HiddenQuickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)Roxio Activation Module (x32 Version: 1.0 - Roxio) HiddenRoxio BackOnTrack (x32 Version: 1.3.3 - Roxio) HiddenRoxio Burn (x32 Version: 1.8 - Roxio) HiddenRoxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) HiddenRoxio Creator Starter (x32 Version: 5.0.0 - Roxio) HiddenRoxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) HiddenRoxio File Backup (Version: 1.3.2 - Roxio) HiddenSonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) HiddenUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) HiddenWindows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) HiddenWindows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0C6EF0AC-6534-4614-8771-D836AAB14D02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17] (Google Inc.)Task: {E7C83269-6176-4011-AC46-58256F4ADC60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17] (Google Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core.job => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA.job => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-29 22:40 - 2013-04-15 11:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL2013-08-29 22:40 - 2013-04-15 11:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll2014-05-12 18:41 - 2014-04-24 12:07 - 08676056 _____ () C:\Users\Margo\AppData\Local\Google\Update\Install\{F8D92CC1-7D3E-4320-B459-5368A1A60F94}\34.0.1847.131_33.0.1750.154_chrome_updater.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/12/2014 06:31:22 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one. Error: (05/12/2014 06:31:02 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one. Error: (05/12/2014 06:30:55 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one. Error: (05/12/2014 06:30:54 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one. Error: (05/12/2014 06:22:04 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/25/2014 10:32:19 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/25/2014 02:11:55 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/21/2014 01:15:36 AM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/12/2014 03:41:54 AM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/24/2014 06:18:33 PM) (Source: SideBySide) (User: ) (EventID: 35)Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. System errors:=============Error: (05/12/2014 06:46:22 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1957.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:46:22 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1957.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:46:22 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1957.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:45:21 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)Description: %MININT-4LVINM560 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 111.13.0.0 Update Source: %MININT-4LVINM551 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %MININT-4LVINM5602 Update Type: %MININT-4LVINM5604 User: MININT-4LVINM5\Margo Current Engine Version: %MININT-4LVINM5605 Previous Engine Version: %MININT-4LVINM5606 Error code: %MININT-4LVINM5607 Error description: %MININT-4LVINM5608 Error: (05/12/2014 06:44:30 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)Description: %MININT-4LVINM560 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1957.0 Update Source: %MININT-4LVINM551 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %MININT-4LVINM5602 Update Type: %MININT-4LVINM5604 User: MININT-4LVINM5\Margo Current Engine Version: %MININT-4LVINM5605 Previous Engine Version: %MININT-4LVINM5606 Error code: %MININT-4LVINM5607 Error description: %MININT-4LVINM5608 Error: (05/12/2014 06:44:30 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)Description: %MININT-4LVINM560 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1957.0 Update Source: %MININT-4LVINM551 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %MININT-4LVINM5602 Update Type: %MININT-4LVINM5604 User: MININT-4LVINM5\Margo Current Engine Version: %MININT-4LVINM5605 Previous Engine Version: %MININT-4LVINM5606 Error code: %MININT-4LVINM5607 Error description: %MININT-4LVINM5608 Error: (05/12/2014 06:40:29 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:40:29 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:40:29 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:39:44 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Microsoft Office Sessions:=========================Error: (05/12/2014 06:31:22 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/12/2014 06:31:02 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/12/2014 06:30:55 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/12/2014 06:30:54 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/12/2014 06:22:04 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/25/2014 10:32:19 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/25/2014 02:11:55 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/21/2014 01:15:36 AM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/12/2014 03:41:54 AM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/24/2014 06:18:33 PM) (Source: SideBySide) (User: ) (EventID: 35)Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8 ==================== Memory info =========================== Percentage of memory in use: 44%Total physical RAM: 3892.54 MBAvailable physical RAM: 2151.73 MBTotal Pagefile: 7783.27 MBAvailable Pagefile: 5769.41 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:284.42 GB) (Free:248.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.1 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 44B27972)Partition 1: (Active) - (Size=284 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS) ==================== End Of Log ============================

and heres the malware bytes can results log Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.05.12.09 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16521Margo :: MININT-4LVINM5 [administrator] 5/12/2014 6:32:01 PMmbam-log-2014-05-12 (18-32-01).txt Scan type: Full scan (C:\|D:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 344402Time elapsed: 1 hour(s), 32 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)

Users shortcut scan result (x64) Version: 11-05-2014 01 Ran by Margo at 2014-05-12 18:47:10 Running from C:\Users\Margo\Downloads Boot Mode: Normal ==================== Shortcuts ============================= Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk -> C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Call.lnk -> C:\Program Files (x86)\Windows Live\Messenger\wlcstart.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Messenger .lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter\Roxio Burn Options.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter\Roxio Creator Starter.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Getting Started.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\gtngstrtd.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Calendar.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Database.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Portfolio.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Word Processor.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe (Microsoft® Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam\Dell Webcam Central.lnk -> C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\CyberLink PowerDVD 9.5.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\PowerDVD 9.5 Help file.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\PowerDVD9.CHM () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\Links\Desktop.lnk -> C:\Users\Margo\Desktop () Shortcut: C:\Users\Margo\Links\Downloads.lnk -> C:\Users\Margo\Downloads () Shortcut: C:\Users\Margo\Desktop\Google Chrome.lnk -> C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 012 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 012.wmv () Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 013 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 013.wmv () Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 014 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 014.wmv () Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 015 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 015.wmv () Shortcut: C:\Users\Public\Desktop\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) Shortcut: C:\Users\Public\Desktop\Microsoft Works.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation) Shortcut: C:\Users\Public\Desktop\Roxio Creator Starter.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe () ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter\Roxio Burn.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () -> /STARTMENU ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 InternetURL: C:\Users\Margo\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice ==================== End of log =============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01 Ran by Margo at 2014-05-12 18:44:59 Running from C:\Users\Margo\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.) CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) Hidden Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.9.5 - Synaptics Incorporated) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.) Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden Roxio Burn (x32 Version: 1.8 - Roxio) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation) Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0C6EF0AC-6534-4614-8771-D836AAB14D02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17] (Google Inc.) Task: {E7C83269-6176-4011-AC46-58256F4ADC60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core.job => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA.job => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-29 22:40 - 2013-04-15 11:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL 2013-08-29 22:40 - 2013-04-15 11:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll 2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe 2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll 2014-05-12 18:41 - 2014-04-24 12:07 - 08676056 _____ () C:\Users\Margo\AppData\Local\Google\Update\Install\{F8D92CC1-7D3E-4320-B459-5368A1A60F94}\34.0.1847.131_33.0.1750.154_chrome_updater.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/12/2014 06:31:22 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500) Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one. Error: (05/12/2014 06:31:02 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500) Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one. Error: (05/12/2014 06:30:55 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500) Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one. Error: (05/12/2014 06:30:54 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500) Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one. Error: (05/12/2014 06:22:04 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/25/2014 10:32:19 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/25/2014 02:11:55 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/21/2014 01:15:36 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/12/2014 03:41:54 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/24/2014 06:18:33 PM) (Source: SideBySide) (User: ) (EventID: 35) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (05/12/2014 06:46:22 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1957.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:46:22 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1957.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:46:22 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1957.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:45:21 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001) Description: %MININT-4LVINM560 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 111.13.0.0 Update Source: %MININT-4LVINM551 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %MININT-4LVINM5602 Update Type: %MININT-4LVINM5604 User: MININT-4LVINM5\Margo Current Engine Version: %MININT-4LVINM5605 Previous Engine Version: %MININT-4LVINM5606 Error code: %MININT-4LVINM5607 Error description: %MININT-4LVINM5608 Error: (05/12/2014 06:44:30 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001) Description: %MININT-4LVINM560 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1957.0 Update Source: %MININT-4LVINM551 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %MININT-4LVINM5602 Update Type: %MININT-4LVINM5604 User: MININT-4LVINM5\Margo Current Engine Version: %MININT-4LVINM5605 Previous Engine Version: %MININT-4LVINM5606 Error code: %MININT-4LVINM5607 Error description: %MININT-4LVINM5608 Error: (05/12/2014 06:44:30 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001) Description: %MININT-4LVINM560 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.1957.0 Update Source: %MININT-4LVINM551 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %MININT-4LVINM5602 Update Type: %MININT-4LVINM5604 User: MININT-4LVINM5\Margo Current Engine Version: %MININT-4LVINM5605 Previous Engine Version: %MININT-4LVINM5606 Error code: %MININT-4LVINM5607 Error description: %MININT-4LVINM5608 Error: (05/12/2014 06:40:29 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:40:29 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:40:29 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (05/12/2014 06:39:44 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Microsoft Office Sessions: ========================= Error: (05/12/2014 06:31:22 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500) Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/12/2014 06:31:02 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500) Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/12/2014 06:30:55 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500) Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/12/2014 06:30:54 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500) Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/12/2014 06:22:04 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/25/2014 10:32:19 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/25/2014 02:11:55 PM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/21/2014 01:15:36 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/12/2014 03:41:54 AM) (Source: WinMgmt) (User: ) (EventID: 10) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/24/2014 06:18:33 PM) (Source: SideBySide) (User: ) (EventID: 35) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8 ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 3892.54 MB Available physical RAM: 2151.73 MB Total Pagefile: 7783.27 MB Available Pagefile: 5769.41 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:284.42 GB) (Free:248.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 44B27972) Partition 1: (Active) - (Size=284 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Here are the three logs from farbar tool Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Margo (administrator) on MININT-4LVINM5 on 12-05-2014 18:39:42 Running from C:\Users\Margo\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dfrgui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Google Inc.) C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Google Inc.) C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe (Farbar) C:\Users\Margo\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1862952 2009-10-13] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-03] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3995906719-3827859630-497814531-1003\...\Run: [Google Update] => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-17] (Google Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50 SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Margo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Margo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Margo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28] CHR Extension: (Adblock Plus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-12] CHR Extension: (Google Search) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28] CHR Extension: (AdBlock) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-12] CHR Extension: (Google Wallet) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28] ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Acceler.sys C49C56B35BFC6CDA8D1FDCAD2885568F C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bcmwl664.sys 6F1BBCC35E33AD4404E0CD782D47CAF3 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys 0372C154226F7074CD150F475A4870A6 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Impcd.sys 4B6363CD4610BB848531BB260B15DFCC C:\Windows\System32\drivers\RTKVHD64.sys DCF6AFBA140AF3F880A427C2656BE44D C:\Windows\System32\DRIVERS\IntcDAud.sys DA24C1F66EE1B5A92E045376D7A44B58 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64 C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D C:\Windows\system32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1 C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RtsUStor.sys 502B316947EA887CDDD325D4745EB7D0 C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys 5BAC1DF7DBB5E3AADA8AB0AE3C2DCA40 C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-12 18:43 - 2014-05-12 18:44 - 00000000 ____D () C:\b064bb6d8916d25712 2014-05-12 18:40 - 2014-05-12 18:44 - 00000000 ____D () C:\323f7c22c1137afd6ef874 2014-05-12 18:39 - 2014-05-12 18:44 - 00026196 _____ () C:\Users\Margo\Downloads\FRST.txt 2014-05-12 18:39 - 2014-05-12 18:39 - 00000000 ____D () C:\FRST 2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64.exe 2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64 (1).exe 2014-05-12 18:37 - 2014-05-12 18:37 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-05-12 18:36 - 2014-05-12 18:36 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-05-12 18:35 - 2014-05-12 18:35 - 00000000 ____D () C:\Windows\LastGood 2014-05-12 18:33 - 2014-05-12 18:33 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Oracle 2014-05-12 18:32 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-05-12 18:32 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-05-12 18:32 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-05-12 18:32 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-05-12 18:31 - 2014-05-12 18:32 - 00005428 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log ==================== One Month Modified Files and Folders ======= 2014-05-12 18:44 - 2014-05-12 18:43 - 00000000 ____D () C:\b064bb6d8916d25712 2014-05-12 18:44 - 2014-05-12 18:40 - 00000000 ____D () C:\323f7c22c1137afd6ef874 2014-05-12 18:44 - 2014-05-12 18:39 - 00026196 _____ () C:\Users\Margo\Downloads\FRST.txt 2014-05-12 18:44 - 2011-10-31 19:55 - 01302774 _____ () C:\Windows\WindowsUpdate.log 2014-05-12 18:39 - 2014-05-12 18:39 - 00000000 ____D () C:\FRST 2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64.exe 2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64 (1).exe 2014-05-12 18:37 - 2014-05-12 18:37 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-05-12 18:37 - 2011-11-17 12:01 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA.job 2014-05-12 18:37 - 2011-11-17 12:01 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core.job 2014-05-12 18:36 - 2014-05-12 18:36 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-05-12 18:35 - 2014-05-12 18:35 - 00000000 ____D () C:\Windows\LastGood 2014-05-12 18:33 - 2014-05-12 18:33 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Oracle 2014-05-12 18:33 - 2013-09-20 02:35 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-12 18:32 - 2014-05-12 18:31 - 00005428 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-12 18:32 - 2013-09-20 02:35 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-12 18:32 - 2011-11-17 12:01 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA 2014-05-12 18:32 - 2011-11-17 12:01 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core 2014-05-12 18:30 - 2011-11-11 04:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-05-12 18:28 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-12 18:28 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-12 18:26 - 2009-07-14 00:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-12 18:20 - 2013-07-08 22:36 - 00004212 _____ () C:\Windows\setupact.log 2014-05-12 18:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-14 20:13 - 2014-05-12 18:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-05-12 18:32 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-05-12 18:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-05-12 18:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe Some content of TEMP: ==================== C:\Users\Margo\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Margo\AppData\Local\Temp\mpam-76108790.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {cae1eb6e-042b-11e1-aadf-f04da24b68ec} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {572bcd55-ffa7-11d9-aae0-0007e994107d} device ramdisk=[D:]\Recovery\WindowsRE\winpe.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8} path \windows\system32\boot\winload.exe description Capture boot locale en-US osdevice ramdisk=[D:]\Recovery\WindowsRE\winpe.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8} systemroot \windows nx OptIn detecthal Yes winpe Yes ems Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {cae1eb72-042b-11e1-aadf-f04da24b68ec} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {cae1eb6e-042b-11e1-aadf-f04da24b68ec} nx OptIn Windows Boot Loader ------------------- identifier {cae1eb72-042b-11e1-aadf-f04da24b68ec} device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{cae1eb73-042b-11e1-aadf-f04da24b68ec} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{cae1eb73-042b-11e1-aadf-f04da24b68ec} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {cae1eb6e-042b-11e1-aadf-f04da24b68ec} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8} description Ramdisk loader ramdisksdidevice partition=C: ramdisksdipath \windows\boot\dvd\pcat\boot.sdi Device options -------------- identifier {cae1eb73-042b-11e1-aadf-f04da24b68ec} description Ramdisk Options ramdisksdidevice partition=D: ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2014-03-10 23:04 ==================== End Of Log ============================

Ok so I ran the scans and i guess its to soon to tell if anything has changed but here are the logs # AdwCleaner v2.305 - Logfile created 07/16/2013 at 00:22:29 # Updated 11/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Louis - LOUIS-HP # Boot Mode : Normal # Running from : C:\Users\Louis\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Deleted on reboot : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Deleted on reboot : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Deleted on reboot : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda File Deleted : C:\END File Deleted : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\bProtector_extensions.rdf File Deleted : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\searchplugins\Askcom.xml File Deleted : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\searchplugins\Babylon.xml File Deleted : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\searchplugins\delta.xml Folder Deleted : C:\Program Files (x86)\Common Files\spigot Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Gophoto.it Folder Deleted : C:\Program Files (x86)\TornTV.com Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer Folder Deleted : C:\Users\Louis\AppData\Local\Bundled software uninstaller Folder Deleted : C:\Users\Louis\AppData\Local\Conduit Folder Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Folder Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Folder Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk Folder Deleted : C:\Users\Louis\AppData\Local\PackageAware Folder Deleted : C:\Users\Louis\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Louis\AppData\Roaming\Babylon Folder Deleted : C:\Users\Louis\AppData\Roaming\DealPly Folder Deleted : C:\Users\Louis\AppData\Roaming\dvdvideosoftiehelpers Folder Deleted : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\jetpack Folder Deleted : C:\Users\Louis\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\BI Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\delta LTD Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\PrivitizeVPNInstallDates Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\59edcdcb03eb942 Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3299568 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\59edcdcb03eb942 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}] Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\prefs.js C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\user.js ... Deleted ! Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("CT3299568_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("Smartbar.ConduitSearchEngineList", ""); Deleted : user_pref("Smartbar.ConduitSearchUrlList", ""); Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3299568"); Deleted : user_pref("extensions.delta.admin", false); Deleted : user_pref("extensions.delta.aflt", "babsst"); Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Deleted : user_pref("extensions.delta.autoRvrt", "false"); Deleted : user_pref("extensions.delta.dfltLng", "en"); Deleted : user_pref("extensions.delta.excTlbr", false); Deleted : user_pref("extensions.delta.ffxUnstlRst", true); Deleted : user_pref("extensions.delta.id", "282542e30000000000006e0f6e402ee9"); Deleted : user_pref("extensions.delta.instlDay", "15849"); Deleted : user_pref("extensions.delta.instlRef", "sst"); Deleted : user_pref("extensions.delta.newTab", false); Deleted : user_pref("extensions.delta.prdct", "delta"); Deleted : user_pref("extensions.delta.prtnrId", "delta"); Deleted : user_pref("extensions.delta.rvrt", "false"); Deleted : user_pref("extensions.delta.smplGrp", "none"); Deleted : user_pref("extensions.delta.tlbrId", "base"); Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5"); Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.514:39:42"); Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5"); Deleted : user_pref("extensions.delta_i.babExt", ""); Deleted : user_pref("extensions.delta_i.babTrack", "affID=119816&tt=gc_"); Deleted : user_pref("extensions.delta_i.srcExt", "ss"); Deleted : user_pref("extensions.funmoods.aflt", "vsl"); Deleted : user_pref("extensions.funmoods.autoRvrt", false); Deleted : user_pref("extensions.funmoods.cntry", "US"); Deleted : user_pref("extensions.funmoods.cv", "cv5"); Deleted : user_pref("extensions.funmoods.dfltLng", ""); Deleted : user_pref("extensions.funmoods.dfltSrch", false); Deleted : user_pref("extensions.funmoods.dnsErr", true); Deleted : user_pref("extensions.funmoods.envrmnt", "production"); Deleted : user_pref("extensions.funmoods.excTlbr", false); Deleted : user_pref("extensions.funmoods.hdrMd5", "87B42658FBCD5F133DDDB9EE5114AE05"); Deleted : user_pref("extensions.funmoods.hmpg", false); Deleted : user_pref("extensions.funmoods.id", "6E0F6E402EE942E3"); Deleted : user_pref("extensions.funmoods.instlDay", "15674"); Deleted : user_pref("extensions.funmoods.instlRef", "vsl"); Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true); Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2223:50:29"); Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Deleted : user_pref("extensions.funmoods.newTab", false); Deleted : user_pref("extensions.funmoods.prdct", "funmoods"); Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods"); Deleted : user_pref("extensions.funmoods.sg", "none"); Deleted : user_pref("extensions.funmoods.smplGrp", "none"); Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search"); Deleted : user_pref("extensions.funmoods.tlbrId", "base"); Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2223:50:29"); Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Deleted : user_pref("extensions.funmoods.xpestat\\xpereportdata", "1-11-2012"); Deleted : user_pref("extensions.funmoods_i.newTab", false); Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:50:29"); Deleted : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)"); Deleted : user_pref("smartbar.machineId", "PBSJ8DEC2MB5YCSDIODWOQTVQP21O42UDITH7CD4UFAPHEWFDKCBBDTEVWPVZNAACSS[...] -\\ Google Chrome v [unable to get version] File : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5797 octets] - [08/11/2012 19:50:06] AdwCleaner[s1].txt - [5805 octets] - [08/11/2012 21:29:59] AdwCleaner[s2].txt - [14015 octets] - [16/07/2013 00:22:29] ########## EOF - C:\AdwCleaner[s2].txt - [14076 octets] ########## Junkware Removal Tool (JRT) by Thisisu Version: 5.1.1 (07.15.2013:2) OS: Windows 7 Home Premium x64 Ran by Louis on Tue 07/16/2013 at 1:11:34.37 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_1_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_1_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_rasmancs Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{023BEF91-46DF-49F5-B4D5-A624219D7BA0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4F946218-1E21-4F46-ACE6-A82E982C9111} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56106F26-5297-4659-848E-931AE68C8FE3} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CE313EBE-595F-4CF8-95D0-F3935695F6F7} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D944933B-B93F-4DDB-AAD7-E62C7EB3D666} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D9D004E7-F2EA-4148-A33B-DF486864816A} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{023BEF91-46DF-49F5-B4D5-A624219D7BA0} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CE313EBE-595F-4CF8-95D0-F3935695F6F7} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader" Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{0003E030-64AF-4AB8-AA65-1918D09B4675} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{00C722EA-5878-4CFC-9969-D17D60980F0E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{00DB9F03-BAEA-45F8-A36A-2D41F3A68590} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{028DC14D-7228-429E-8750-D904D62F6A1B} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{055745FD-1C3A-48CA-950D-4CA75CCBD909} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{055FDF6B-5726-4838-9216-87614F354CA4} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{0642A945-8011-4379-AA6A-17EA425FD263} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{074C92FD-92A7-4298-96AF-93224E0CC159} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{08CEB80C-81B4-4D55-9446-83ABFED53FF1} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{0941E773-C659-4B6E-A80E-F40EAB688B25} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{0AECFCA1-4643-44D9-980C-DC33CA436CFE} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{0BB68636-3945-4F89-A2A6-B311EB8A896F} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{0C73A046-5612-40E7-9CC1-7C74DD8E2F2D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{0CDB36DA-16FF-4390-AC14-857C70F47BC4} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{0DF9B063-C00C-46CE-BCAC-099695F08E79} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{0F0F7B5E-5A77-4BF1-9B15-2803076F6D92} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{0FC85162-A5A0-4FF8-8375-6A29BBA90F00} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1086557E-F249-4F0E-AC4B-4A63B8A39309} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1094073E-DFD7-40EA-8081-8E77E0863632} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{118BDF78-93D5-4A5B-B3EE-3FE929DC9A62} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{11A4D998-D64B-4A1A-9235-ACB1A7391CC7} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{13857639-A72A-4C55-BB28-62D84AFA4C6B} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1386E0D5-F349-47D4-8F56-C9D6D72B06BE} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{14DFA3AD-783A-4336-93A1-29E67E268B66} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1643330C-6C07-45B1-83F2-0F22B56419A0} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{17630575-5376-4BFD-809F-B7A0087D7D9B} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{190F3851-6CBC-4A6D-AF03-B8F3D8093B1E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{19BBA591-C60A-4D5C-A43F-CFFB8E65EE09} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1A0E5531-643B-45A3-8BF1-539EFC7A3084} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1A637EAC-462C-437E-8400-EE0F889C22E5} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1B5A63D1-85A1-4746-9182-0CD9FB6A9B36} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1B5B5B9A-5952-4A3B-B048-C3B65F132C7D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1BBFADB8-25EE-40D7-B024-65869C83853C} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1BF2FDD6-15D4-4207-BCE2-8DA05DA11E6E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1D513488-82C3-4668-9F71-93D792CDBE5B} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1DAFF902-FEEC-44D8-B75F-3553E20BE97D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{1DD58412-6E62-4702-A890-E874D8603306} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{209CCF04-16E7-4B21-8212-2C8C7D98FCE2} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{2185A452-98DA-42E3-80D1-696FA1B4D45B} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{2229E19C-C29A-4F31-BA8E-42BECD628702} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{2249D09A-D0A4-467C-99FF-88D53218EC68} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{2411766C-41EF-43E6-A1D5-BE108C8A4450} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{252BB32E-9D91-499D-97F3-AD918E8BA5A5} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{25343019-E311-4840-8329-976BD91536B8} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{25AE3B13-8CBC-4124-B2A2-2AA0AB4E7169} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{27182975-E8EF-4BE0-88B6-C818648A3243} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{2739D2C8-7BBE-4C8E-A604-2D9675A88685} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{27EDD090-7904-4A3B-A73A-B3309DB78C89} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{286FA152-BB6E-476E-9BD8-FD76C1B39C8B} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{2B446DC9-C24D-4433-906E-73B8B6986262} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{2ED796CE-9FCD-4125-9ECD-4ED51EA12210} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{2F3CE9F6-76CC-4E1E-8B20-26C6E614F88D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{30AA2E3D-4AD8-4492-B6BF-F28204BF0A24} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{31805DB1-98FC-4C9F-9381-0AA193F0964E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{31CC0921-25B1-4D9B-BDD6-E153A4928E1D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{324E7547-DCAE-4B49-B91B-1F4CF50A69AA} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{327F63F1-9FE0-424C-B794-46DF8F3E951A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{328801D4-4494-4804-8543-892DC2E3FCA4} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{32D66017-C9FC-431A-8D39-AA7D1BDECB30} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{34F81C92-3D98-4121-8450-EF22432844EF} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{350F32A5-07F8-4F62-BD90-C8F75F0DAFFA} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{3617BC0C-953C-48AE-9BF6-A216F2294038} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{36833355-2F32-413C-9B78-55C505D25BDB} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{36932288-CBCD-453B-AD49-9628FFD81F8B} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{36E4AC76-A2FE-4EF0-A022-82187A44E248} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{3703FAAE-8CD5-4808-8244-1B6D63DA5831} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{372A3369-25E8-4072-8090-080DD7878988} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{376DF0A9-C071-4C3A-91E3-F3A02CD673DD} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{383B847F-92CC-462F-BD7F-A4042BEFF71E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{3A4A04A3-82F3-4347-AB0D-E7E1213686B7} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{3C58F48B-762F-425F-9AD5-0CC11F7C73D7} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{3C84667D-A9D3-48BD-BA77-89D14AD20608} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{3DB42FF5-2F8E-4733-86E5-7F7A71227AD0} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{3FDD144D-5DC3-4B99-A8F0-C66DD29ABE32} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4129E0AA-8309-4E44-9440-D20A732DE78D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{41D7951E-3819-46AD-A572-E1AF5FCD6DCA} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4231DDD5-D2A1-4FDF-8ECC-AC5B4924410B} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{42CC90B7-2CE8-42B6-8DA0-D30248D69A66} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{42EE033C-327E-4F3C-9DCF-D27602DE151F} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{438C53B9-6928-4374-A277-8D560A792522} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{443B59F7-64BC-496F-989B-62FEFA8D1501} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{45851494-4336-4D33-AC01-51AD954FB183} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4589A9C0-B9A8-4C71-9DD5-C086D6949C39} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{475F1306-50D7-446F-9600-DBB736947B72} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4A6C3DBF-8D11-4AB3-A819-66C66C892BDE} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4AD7E65E-46FA-4718-AE54-C760FA860802} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4B1C64AD-61B3-4576-BD12-9C789F9A16CC} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4D5CA968-D34B-4FB6-BCCD-7DA6448AA25E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4DD112C7-9A73-4711-A91F-FEFB7679116A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4DD69564-974E-440E-957F-CD41B98106BD} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4EA0E466-8140-452B-BB2B-ECA4375415FE} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4EDEF8E7-38E2-4FC8-8591-1E562C03BFF5} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{4FCB98FB-F5D3-46AD-A9E5-F522ADD867D3} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{501FFFE2-4783-4BC5-97C7-E843CC58E885} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5094E4A5-876F-4692-929D-48C52EDE2744} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{50C24EAB-11F8-4AD7-87BD-5FB050642A67} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{50C2F844-8D97-4A61-944A-80371A998512} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5143EEE3-F0EF-4B7D-9293-5E3CDDD92E3D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{52640645-2555-40C1-84F5-5CDAB9E554F4} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{538D856A-5EB6-4568-B63D-FE6B2F0D0919} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{53AFA52D-E6D7-414B-8B58-172792755489} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{542FC011-C6B2-4E4C-94C6-C3B9092246E6} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{55C1624B-7CB3-4B96-9C3D-90F753F536A1} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{55DF223B-FFDF-46E2-A938-1E29CBDF1465} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5739ECFE-2318-40D3-B50E-75006192C792} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{58D48BD4-9078-4A60-B945-6B1B367355B5} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{591B36AB-39A4-4CFA-A8AC-0E374C8549D7} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5998500F-D305-4A7F-AA15-51BCF7E54AD8} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5A0F3328-6579-4E19-A50D-9D7E3E1718A7} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5A9C42BD-79C9-48B0-89C9-7607FA6A8114} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5B6AB104-83F2-44F7-96C5-4BB73D8D435D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5C142E4A-87FF-4F78-8103-97CECE0D0D73} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5C2CEF7E-5DE0-462F-A6B8-4A8E11025247} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5C97FDAF-257B-4B9F-B104-836F0665F0CB} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5D2AF023-B698-4019-B6C5-C2B47F9BFB26} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5D8DC774-EFAC-4F9A-9DC2-F152B51B45B3} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5D961906-23E2-4515-9DB5-1DFAD6E54A63} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5DC4998A-907B-43CC-A806-0236CB64D983} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5EEE29F4-6012-495F-A149-EE71F999D489} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5EF3C88E-0501-4FDF-B540-18FED50C6E5C} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{5F4A7B10-BACE-41B6-A7C5-2B7002C50C7A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{60A120D6-ADB3-40B9-9BAB-E760CF8B0D63} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{6308FF93-CCA8-4F78-8340-E303BAC7C434} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{63C065E6-F315-4C04-B30C-C7D8A5F86508} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{64DBDB8D-F4B6-450E-95D9-3DD4EF5A8E4C} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{663B6EF5-A2BD-4244-92E1-053A8837BB48} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{664E14C2-1341-4E8E-90EC-5B6B5C106C23} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{664E46A2-4E4E-43F0-989B-0BEEAFFC7DB8} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{6755E098-A1F6-4D32-82D7-56D8E3B4980F} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{68991334-36CD-4986-AC60-68875E94EE13} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{68E5AC98-9E24-4A36-AB67-03CE5697BE69} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{6AC46E9A-DF03-4338-B101-8209A7FC103C} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{6BADE054-78B5-44C8-8A52-E09F60F3785A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{6CFE3477-80C5-421E-B570-8729B2B745A9} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{6D19511A-FBB5-4112-8DC8-1C6E645636F5} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{6D1CA88D-9106-4ECE-8F02-616FB3AC3CB3} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{6D8FCECB-B779-4DB2-A4B0-B4F629C6C5FB} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{6F66B5CC-89CA-41F8-88A7-FED5E44CCA52} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{71CFF388-2F81-4FA3-BD0E-531272EA3456} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{71E91D5E-011F-4BAC-A382-A23A31D7A3BE} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{721CFCC1-3D58-41A7-ADEB-07454FD70B71} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{72E92F79-16BB-486E-8031-2E51F6F12DFE} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{73760C19-D2AF-4959-AB21-88CA3D1D75F6} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{75605246-8E7D-4D76-856C-99968F14C6CC} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{761E1B7D-338B-4F73-AFBA-32D54470A26F} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{765582A4-72E5-4DED-84EC-33A0C80E6926} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{77DBD35F-8D1E-4CF6-9B64-A1026A322F21} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7838272A-1F9B-4CEF-96D4-CCE387724D16} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7A2E7159-4EEA-49EA-91E8-EF136D89124A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7A5946C0-9DE9-4842-B33C-EEAC3BB2C4F0} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7BD961C9-64A0-461E-9D24-A352F41513B2} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7C5A78F8-2A55-48AE-A770-6C1D4DB8F8D9} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7D87030D-990B-4FAA-87FB-6DAF6D1F2187} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7DFB0ECC-9B84-4042-A379-1329D264A804} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7EF4F576-3B9A-47EF-95BF-A3E8218C0064} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7F79AB7A-165B-4936-A50E-C917C4BF6D80} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7FC1C80F-4414-42B5-BAF8-FB203A74B493} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7FD137DA-15F7-4ADD-97DA-AA9310969E84} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{7FEA5DCB-8F8E-48C8-B14C-F9CDA8CBA68B} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{8071E232-1340-490C-85C1-60F405905056} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{813DBCF3-AB32-4259-8B5E-5ADCD08F07C4} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{81521B80-19AF-4864-B92E-1149BC2CA0C7} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{816A9F6A-D135-48DA-8B30-ABC65861A64C} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{82A66174-DD9E-49E6-848D-BA0F36DF2940} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{85567288-132C-4F76-86DB-152D8BDDB982} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{86A94167-6E19-4DA8-A345-8B2CE3962AC6} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{86B6DB4A-CCCD-4F69-A86B-749379403BCF} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{873DD24B-A2AE-45E6-B7C1-39186E2B3E6E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{87B03262-D60B-4629-B75E-EFDE73BE221C} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{89B42779-7465-44E8-9BBE-602E7D883D9A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{89EE6F45-3A4E-4215-AE87-92A23E98CB1E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{8A17E81C-39ED-4F3B-A96A-BC7D4ABA1EB6} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{8A7AEAB0-55A9-48E4-88FE-3C1675E1035A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{8D3C1F37-0BA3-4769-A222-7F1E85233F16} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{8D61A098-4DC8-4F27-A3D4-138E308115BF} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{8E28BDE4-E16F-46FF-B60D-B9470915CA87} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{8E847091-A8A7-4FDB-8676-BED1C6DF8DBD} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{908CE805-D9C9-4465-86EC-BA14D57F3A0D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{913C61CE-582A-44DD-9506-B21425A2C98E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{917CCE29-A6E1-4D4C-825F-D36EE7700CF6} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{95B89737-7C73-4754-8AA6-4FA6B722E6FD} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{964A4700-99E0-45C6-A774-3026001B2513} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{97215ECF-802E-4EBE-A796-31F624692BE8} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{979E9FEA-0C63-4D95-8B05-0DC88C4C36DE} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{99DF4122-7465-4709-859B-FD64302774F0} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{9A265824-B8EA-44F2-9D29-65E6DC825CB8} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{9B3E8140-6F36-4378-A44A-022E526EC415} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{9C29F27A-2051-416E-A2EF-8BE0C3A88D84} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{9D6B19EC-ABDC-4CFD-B381-4EA7730E8024} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{9F59E869-5252-475F-A1CC-A9B76CFF5D3B} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{A3772A21-924F-419F-A3E4-BD8ADA021D92} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{A4570792-7A41-4E46-9ACD-D0CEAB21F65E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{A7D0C98E-8088-48CB-AE29-B5CF4F1C4645} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{AA603F52-3C96-48DB-8C44-2BD314CB12A6} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{AC55C798-D4F4-4CAF-927C-8CFF3FA06108} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{AD0AF630-E639-4EEB-97F0-660B5DD76B29} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{AD1AD8E1-AD7E-4DB3-B6D6-E7039990B4BE} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{AF3D36D1-4E71-49CD-8F41-AD6495F136CD} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{AF6980F5-FA27-4A66-B2DA-DD6971CD0132} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{B0500112-09E9-4D51-B1F4-6AC33C3D184A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{B064906B-A8B6-452E-A26E-C12B41CEA346} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{B0E7EDFA-8D25-4F01-82D2-8CFD8C48A11C} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{B22589B6-270B-4497-9AE6-372B192DB64D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{B2E00FFF-1A7C-41BC-A3F1-E0C0DF16764E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{B467134E-A740-4F8B-8240-B5BA9A3A2C5A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{B7271FD7-226F-4547-A5FA-8924B188431F} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{B9B7790F-B6F7-4448-B16C-9A167C9CC8E0} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BB7C7600-7EB0-484A-AAEC-24EED6CBA1D0} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BBE75B3D-841E-4047-B396-5887B8840E5E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BC4A0BD5-7931-4084-AA9B-8504E21D61D0} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BC61581C-6396-4B10-AEC5-602FBEC91ED0} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BCF9CB7D-4D28-4A3C-8B52-5AF5B91F1FB0} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BDB901E2-2AAF-44FB-83C8-4EFCCDBAED3E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BE3A5B13-8875-4B21-A197-7C93B8A88E2D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BE435277-CB80-4A72-9A91-56D622FD899A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BEC606C9-0B85-4ECE-BE7E-1239733B9BAB} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BEDCABE9-70EE-4D01-B52F-D8669DCCE9AC} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{BEF14B28-1C63-4321-B5D0-C63747814A85} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C0824B59-6B2F-4861-9A68-C002B49ECDBC} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C0843E09-C3DC-46D0-9570-E5702B61E8F4} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C095CC11-E371-4095-82CF-FA175733BBEE} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C11B9B8F-364B-4066-9089-14B4126D0011} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C17F82EC-EF36-45F3-8EE9-94DC1AFC9833} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C2DA886B-6F11-41FE-84FD-87D5C31F7620} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C4338DE7-2751-4088-80A8-C536BA61D753} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C48F33E4-8117-4B0A-B6CF-30F9A468162A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C6C8493E-0429-401E-BA3C-38C85A88FFF3} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C7673FE7-95A7-4E60-985B-3374EFE0AB14} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C808EE19-9FDC-44A2-9152-E4BCBF6E1F59} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C8C22B8D-A1BD-41AC-8D64-031A343570B7} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C946C2D4-F68D-4245-BA72-2C7B9D92DECA} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{C9F2044A-5215-40D7-B8EA-45047CDAEF9E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{CA7BA989-70E3-40B9-8876-0E1F8A8B8880} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{CB387CEA-138B-419B-97D4-611273B29B58} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{CB799C55-26E3-44CB-B16B-DD4E7E1C0A94} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{CD7E3760-B083-4E08-96D8-AC1E810E33A5} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{CF372D67-3551-4E77-BB60-308F5DA37E86} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{CFDB6C11-E0D0-43F5-A83D-397433DEEC53} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{D04E21FE-E329-4910-AEE1-75D7DB38B9C6} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{D24EF80D-28C5-4797-8F78-2BDA614A805D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{D4632E5A-B4E9-40C2-890E-5E588E5142DD} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{D598A0C0-229E-41A0-BA8B-41CE0751FEFF} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{D665F84E-08C6-4862-82FE-61ABD20CD259} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{DA402C40-8CC0-4427-8034-7414D94C17C5} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{DB5AF503-24DA-4511-855C-66F86E5E4A34} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{DD7AD7D7-3915-47EE-BF5E-D06A68B6C98E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{DE49EF7F-C965-4B40-A895-8D739F65AA44} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{DEAA66EF-49C0-45AD-8D0E-E996DC62B3D3} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{DFAC7AAC-F62E-4418-83FF-FD319AD82070} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{E033C1A6-3677-409E-95AF-2319CCA06DBD} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{E3008F0A-7A6C-41DC-89E2-62F308602BF1} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{E50C5982-83C8-4A57-98A2-8E60F80E2244} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{E57E8BED-5306-4950-BDBA-C6B760A38587} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{E9CAA362-F16B-45CB-9B4F-B7509B5A7AA2} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{EA34EB9D-F54A-4C17-AB97-E428A92A258D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{EC23E71E-1040-4109-9C5A-95BC7E900ABD} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{ED52EA58-FBB1-40E8-A07E-0463BD89FB57} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{EE03759B-6861-4251-A468-D2C4CB0B16BA} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F0FDADDA-25A1-4FC2-94BE-8D0342BA8738} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F15FE590-7104-4963-8B31-FFE2BE39E1EC} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F45EBD38-AF78-4D0D-B00A-B45CDDB4304F} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F4A351E7-5480-4DCC-B4A3-4FD40471BF7E} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F59DA1C6-7E05-4C74-A993-A63CB3A39381} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F6C2881A-472C-4315-934B-BFC7CFD5E37D} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F81326B5-401F-4775-ACBB-EE7B6C885DB8} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F8677504-60EA-437C-8A5B-7176CB0EEE84} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F8CE173D-30B2-4960-B0CA-BE133626CB81} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F8FCF633-B807-4D78-9484-A24F300C9F80} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F9108CA9-3DB8-4398-A79C-904D9C1A7907} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F941EE12-2A0D-4C5A-92D8-8669FB2CE0BA} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{F9C4AF18-8A1A-4C0F-B360-FA1F80945B5F} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{FA3736BA-7841-4ED8-956A-9D407172CBB9} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{FBA18797-440A-457D-8DC3-4F3200FD5E79} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{FBDD3F22-9881-4A8B-8B7E-48D9D38FE33A} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{FBE68F27-A996-472A-842B-1701C485ED6F} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{FD5E354A-C2F1-4DB0-BB6A-A8ABCCB719A5} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{FDD89E97-DECD-4B59-870A-28DD864075CC} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{FE28F6AD-D89C-470C-8850-CB3EF4A60AB1} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{FE9EAC5C-0A30-4712-B2A6-459A679758B0} Successfully deleted: [Empty Folder] C:\Users\Louis\appdata\local\{FEC38D12-71BE-4C4B-97F1-DC00B797AB6D} ~~~ FireFox Successfully deleted: [File] C:\Users\Louis\AppData\Roaming\mozilla\firefox\profiles\cbmgyega.default\invalidprefs.js Successfully deleted: [File] C:\Users\Louis\AppData\Roaming\mozilla\firefox\profiles\cbmgyega.default\searchplugins\privitize.xml Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c7ae725d-fa5c-4027-bb4c-787ef9f8248a} Successfully deleted the following from C:\Users\Louis\AppData\Roaming\mozilla\firefox\profiles\cbmgyega.default\prefs.js user_pref("extensions.privitize.admin", false); user_pref("extensions.privitize.aflt", "orgnl"); user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}"); user_pref("extensions.privitize.autoRvrt", "false"); user_pref("extensions.privitize.dfltLng", ""); user_pref("extensions.privitize.dfltSrch", true); user_pref("extensions.privitize.dnsErr", true); user_pref("extensions.privitize.excTlbr", true); user_pref("extensions.privitize.ffxUnstlRst", false); user_pref("extensions.privitize.hmpg", true); user_pref("extensions.privitize.hpOld0", "boxingnews24.com"); user_pref("extensions.privitize.id", "282542e30000000000006e0f6e402ee9"); user_pref("extensions.privitize.instlDay", "15839"); user_pref("extensions.privitize.instlRef", ""); user_pref("extensions.privitize.newTab", true); user_pref("extensions.privitize.prdct", "privitize"); user_pref("extensions.privitize.prtnrId", "privitize"); user_pref("extensions.privitize.rvrt", "false"); user_pref("extensions.privitize.smplGrp", "none"); user_pref("extensions.privitize.tlbrId", "base"); user_pref("extensions.privitize.vrsn", "1.8.16.22"); user_pref("extensions.privitize.vrsnTs", "1.8.16.2221:18:51"); user_pref("extensions.privitize.vrsni", "1.8.16.22"); Emptied folder: C:\Users\Louis\AppData\Roaming\mozilla\firefox\profiles\cbmgyega.default\minidumps [103 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 07/16/2013 at 1:19:45.25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

So I did the first two steps of the process "im infected - what do i do now" here are the logs from the malwayre bytes Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.07.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Louis :: LOUIS-HP [administrator] 7/7/2013 9:35:43 PM mbam-log-2013-07-07 (21-35-43).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 526677 Time elapsed: 1 hour(s), 35 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) and here are the attach logs from dds . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2010 12:57:53 PM System Uptime: 7/7/2013 7:57:24 PM (4 hours ago) . Motherboard: Hewlett-Packard | | 143F Processor: AMD Turion™ II P540 Dual-Core Processor | Socket S1G4 | 2400/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 446 GiB total, 272.485 GiB free. D: is FIXED (NTFS) - 20 GiB total, 2.855 GiB free. E: is CDROM (CDFS) F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free. G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP725: 6/21/2013 2:17:42 AM - Scheduled Checkpoint RP726: 6/21/2013 3:03:02 AM - Windows Update RP727: 6/25/2013 3:49:48 PM - Windows Update RP728: 6/26/2013 4:21:20 AM - HPSF Restore Point RP729: 7/1/2013 11:52:48 PM - Windows Update RP730: 7/7/2013 4:39:10 PM - Windows Update RP731: 7/7/2013 9:15:01 PM - Removed TortoiseSVN 1.7.10.23359 (64 bit) . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program ATI Catalyst Install Manager AviSynth 2.5 Bejeweled 2 Deluxe Blackhawk Striker 2 Block Youtube Ads Bonjour Build-a-lot 2 Canon MX870 series MP Drivers Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe CinemaNow Media Manager Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CyberLink DVD Suite D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diner Dash 2 Restaurant Rescue Dora's Carnival Adventure Dropbox DVD Menu Pack for HP MediaSmart Video Energy Star Digital Logo Escape Rosecliff Island ESU for Microsoft Windows 7 FATE Final Drive Nitro Free YouTube to MP3 Converter version 3.12.2.430 Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.1.2.0 HP 3D DriveGuard HP Advisor HP Customer Experience Enhancements HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP Game Console HP Games HP MediaSmart CinemaNow 2.0 HP MediaSmart DVD HP MediaSmart Movies and TV HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP MediaSmart Webcam HP MediaSmart/TouchSmart Netflix HP Photo Creations HP Power Manager HP Quick Launch HP Setup HP Software Framework HP Support Assistant HP Wireless Assistant iCloud IDT Audio iPhoneBrowser iTunes Java 7 Update 13 Java 7 Update 9 (64-bit) Java Auto Updater Jewel Quest 3 Jewel Quest Solitaire 2 Junk Mail filter update K-Lite Codec Pack 7.1.0 (Full) LabelPrint LogMeIn Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 MobileMe Control Panel Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) Penguins! PhotoNow! Plants vs. Zombies Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek USB 2.0 Card Reader Recovery Manager Redist Roxio CinemaNow 2.0 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Synaptics Pointing Device Driver TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wnciper TurboTax 2011 wnyiper TurboTax 2011 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Verizon Media Manager Virtual Families Virtual Villagers - The Secret City Wheel of Fortune 2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Windows Movie Maker 2.6 WinRAR 4.20 (64-bit) YTD Video Downloader 4.0 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 7/7/2013 9:13:31 PM, Error: Service Control Manager [7034] - The FastFreeConverterUpdt service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File =========================== and heres the other dds log DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.13.2 Run by Louis at 23:13:52 on 2013-07-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1868 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Users\Louis\AppData\Roaming\PC-Gizmos\PC_136519.en_77.exe C:\Users\Louis\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: PC Gizmos BHO: {A817C286-3D6B-4ECD-A99C-E44E50DBC523} - C:\Users\Louis\AppData\Roaming\PC-Gizmos\PCGizmosBHO.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe uRun: [intel Drives] "C:\Users\Louis\AppData\Local\Temp\Systweaker\Sys.exe" uRun: [AdobeBridge] <no file> mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Louis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Louis\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.1 TCP: Interfaces\{7AE4314C-6078-45F5-8AFF-72C7DD5F8BDF} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{7AE4314C-6078-45F5-8AFF-72C7DD5F8BDF}\2516E646F6C60786 : DHCPNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{7AE4314C-6078-45F5-8AFF-72C7DD5F8BDF}\6616D60756163656 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{7AE4314C-6078-45F5-8AFF-72C7DD5F8BDF}\F4C6464596D656245746 : DHCPNameServer = 208.77.2.11 207.200.7.21 207.69.188.185 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\ FF - prefs.js: browser.startup.homepage - boxingnews24.com FF - prefs.js: network.proxy.type - 0 FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-05 20:05; {2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca}; C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions\{2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca}.xpi . ---- FIREFOX POLICIES ---- FF - user.js: extensions.funmoods.hmpg - false FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods.id - 6E0F6E402EE942E3 FF - user.js: extensions.funmoods.instlDay - 15674 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2223:50:29 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - vsl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - vsl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.privitize.hpOld0 - boxingnews24.com FF - user.js: extensions.privitize.id - 282542e30000000000006e0f6e402ee9 FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4} FF - user.js: extensions.privitize.instlDay - 15839 FF - user.js: extensions.privitize.vrsn - 1.8.16.22 FF - user.js: extensions.privitize.vrsni - 1.8.16.22 FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2221:18:51 FF - user.js: extensions.privitize.prtnrId - privitize FF - user.js: extensions.privitize.prdct - privitize FF - user.js: extensions.privitize.aflt - orgnl FF - user.js: extensions.privitize.smplGrp - none FF - user.js: extensions.privitize.tlbrId - base FF - user.js: extensions.privitize.instlRef - FF - user.js: extensions.privitize.dfltLng - FF - user.js: extensions.privitize.excTlbr - true FF - user.js: extensions.privitize.ffxUnstlRst - false FF - user.js: extensions.privitize.admin - false FF - user.js: extensions.privitize.autoRvrt - false FF - user.js: extensions.privitize.rvrt - false FF - user.js: extensions.privitize.hmpg - true FF - user.js: extensions.privitize.dfltSrch - true FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize) FF - user.js: extensions.privitize.dnsErr - true FF - user.js: extensions.privitize.newTab - true FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 282542e30000000000006e0f6e402ee9 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15849 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:39:42 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119816&tt=gc_ FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . ============= SERVICES / DRIVERS =============== . R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-3 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-3 203264] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 376144] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 16056] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-10-6 72216] R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-25 32880] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-21 239136] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-21 38528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-21 295424] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368] . =============== Created Last 30 ================ . 2013-07-08 01:18:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-07-08 01:18:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-07 20:40:22 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CCEDEEBD-16FD-435F-B055-8494B0249C2C}\mpengine.dll 2013-06-23 19:46:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-23 19:46:42 -------- d-----w- C:\Program Files\iTunes 2013-06-23 19:46:42 -------- d-----w- C:\Program Files\iPod 2013-06-23 19:46:42 -------- d-----w- C:\Program Files (x86)\iTunes 2013-06-21 02:32:21 -------- d-----w- C:\8a5640af6feee689a6f332 2013-06-13 09:37:37 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll 2013-06-13 08:13:53 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-13 08:13:28 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-06-13 08:13:26 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-06-13 08:13:15 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-06-13 08:13:15 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-06-13 08:12:58 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-06-13 08:12:58 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-06-13 08:12:01 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-06-13 08:12:01 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-06-13 08:12:01 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-06-13 08:12:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-06-13 08:12:01 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-06-13 08:12:01 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-06-13 08:12:01 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-06-13 08:12:01 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-06-13 08:12:01 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-06-13 08:12:01 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-06-13 08:11:44 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-06-13 08:11:44 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll . ==================== Find3M ==================== . 2013-06-13 08:47:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-13 08:47:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-13 08:03:55 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2013-06-13 08:03:51 35656 ----a-w- C:\Windows\System32\LMIport.dll 2013-06-13 08:03:51 100680 ----a-w- C:\Windows\System32\LMIinit.dll 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-02 15:23:44 149 ----a-w- C:\Users\Louis\AppData\Roaming\uninstall.bat 2013-05-27 19:11:33 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 23:14:59.25 ===============

how do i check if i have the software from bios?

I was just on the infected computer, and a blue screen came up. After trying to turn it back on it wouldnt come back on. it kept saying to insert a boot disk or something like that. I waited a couple minutes and turned it back on and now it works. What should I do?

its still very slow. It keeps lagging and freezing. when it freezes if i press ctrl alt delt it brings up a popup that says logon options cannot be found, or something like that...

here are the logs for it Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-07-2013 02Ran by Margo at 2013-07-13 00:50:11Running from C:\Users\Margo\DownloadsBoot Mode: Normal========================================================== ==================== Installed Programs ======================= Adobe AIR (x32 Version: 3.0.0.4080)Adobe Flash Player 11 ActiveX (x32 Version: 11.4.402.287)Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.171)Adobe Reader X (10.1.7) (x32 Version: 10.1.7)Apple Application Support (x32 Version: 2.3.4)Apple Mobile Device Support (Version: 6.1.0.13)Apple Software Update (x32 Version: 2.1.3.127)Bonjour (Version: 3.0.0.10)Cisco EAP-FAST Module (x32 Version: 2.2.14)Cisco LEAP Module (x32 Version: 1.0.19)Cisco PEAP Module (x32 Version: 1.1.6)Dell Edoc Viewer (Version: 1.0.0)ERUNT 1.1j (x32)Fast Free Converter (x32 Version: 3.0)GetSavin (x32 Version: 1.1373690418)Google Chrome (HKCU Version: 28.0.1500.71)Google Drive (x32 Version: 1.10.4769.632)Google Update Helper (x32 Version: 1.3.21.153)Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2202)Intel® Management Engine Components (x32 Version: 6.0.0.1179)Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)iTunes (Version: 11.0.4.4)Java 7 Update 25 (x32 Version: 7.0.250)Java Auto Updater (x32 Version: 2.1.9.5)Java 6 Update 29 (64-bit) (Version: 6.0.290)Java 6 Update 29 (x32 Version: 6.0.290)JavaFX 2.1.0 (x32 Version: 2.1.0)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)Microsoft Security Client (Version: 4.3.0215.0)Microsoft Security Essentials (Version: 4.3.215.0)Microsoft Silverlight (Version: 5.1.20513.0)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Quickset64 (Version: 10.5.0)Synaptics Pointing Device Driver (Version: 15.0.0.1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)WIDCOMM Bluetooth Software (Version: 6.2.0.9600)WLAN Card Utility (Version: 5.60.48.18) ==================== Restore Points ========================= 12-07-2013 23:52:15 Scheduled Checkpoint ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {056BB978-1084-4E2F-B650-7517024E9639} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001UA => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30] (Google Inc.)Task: {08910DAB-01D9-4348-9EC5-FA3B381B1CD7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1728113885-2607243412-894683866-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No FileTask: {501E55C3-A33D-4761-B213-6BDAA67216B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {57121A2F-75E9-4DCC-B79E-245D1EE9F46E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11] (Google Inc.)Task: {642F30E0-97B6-4B8B-B23F-2BDAA318C04D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)Task: {919317C3-F231-4C1C-9BCA-1C5C4A95908B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)Task: {DB60599C-E731-47F6-B39D-D6510C332073} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)Task: {DDF0CE09-0879-44BC-A7D9-17E86BFCC190} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1728113885-2607243412-894683866-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No FileTask: {F2C5D038-9DD6-41DF-8352-744C60EDA46D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11] (Google Inc.)Task: {FFF18EC1-3DCC-43B2-A86E-3FD45406E686} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001Core => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30] (Google Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001Core.job => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001UA.job => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/13/2013 00:47:36 AM) (Source: Application Hang) (User: )Description: The program Setup.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10ac Start Time: 01ce7f83b586a688 Termination Time: 15 Application Path: C:\Users\Margo\Downloads\Setup.exe Report Id: Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1045 Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1045 Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 12043 Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 12043 Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6115 Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6115 Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (07/13/2013 00:46:32 AM) (Source: Service Control Manager) (User: )Description: The FastFreeConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/12/2013 07:51:07 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (07/12/2013 07:20:18 PM) (Source: BTHUSB) (User: )Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (07/12/2013 05:38:49 PM) (Source: Service Control Manager) (User: )Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: %%1053 Error: (07/12/2013 05:38:49 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. Error: (07/12/2013 05:38:08 PM) (Source: Service Control Manager) (User: )Description: The Intel® Management & Security Application User Notification Service service failed to start due to the following error: %%1053 Error: (07/12/2013 05:38:08 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management & Security Application User Notification Service service to connect. Error: (07/12/2013 05:37:35 PM) (Source: Service Control Manager) (User: )Description: The Software Protection service failed to start due to the following error: %%1053 Error: (07/12/2013 05:37:35 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. Error: (07/12/2013 05:36:38 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. Microsoft Office Sessions:=========================Error: (07/13/2013 00:47:36 AM) (Source: Application Hang)(User: )Description: Setup.exe0.0.0.010ac01ce7f83b586a68815C:\Users\Margo\Downloads\Setup.exe Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1045 Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 1045 Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 12043 Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 12043 Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6115 Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 6115 Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Percentage of memory in use: 52%Total physical RAM: 3894.68 MBAvailable physical RAM: 1868.25 MBTotal Pagefile: 7787.54 MBAvailable Pagefile: 5291.9 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:586.52 GB) (Free:537.97 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 4437F46F)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=587 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 02Ran by Margo (administrator) on 13-07-2013 00:49:18Running from C:\Users\Margo\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe() C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-17] (Dell Inc.)HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1356240 2013-06-20] (Microsoft Corporation)HKLM\...\Run: [igfxTray] - C:\Windows\system32\igfxtray.exe [167704 2012-01-10] (Intel Corporation)HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [392984 2012-01-10] (Intel Corporation)HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [417560 2012-01-10] (Intel Corporation)HKCU\...\Run: [Google Update] - "C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-30] (Google Inc.)HKCU\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)HKCU\...\Run: [GoogleChromeAutoLaunch_D7232562656B11FEB5775F28D8C0A45A] - "C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [846288 2013-07-03] (Google Inc.)HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodoHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodoBHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: Fast Free Converter 3.0 - {304E71B8-633E-4C36-996A-7D21D9D1518F} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL (Fast Free Converter)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: GetSavin 5.0 - {EC1B08CF-4CAB-4503-9CB2-57C4FCD8E2C5} - C:\Users\Margo\AppData\Local\getsavin\ie\getsavin_1373690401.dll ()Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\28.0.1500.71\gcswf32.dll No FileCHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No FileCHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No FileCHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No FileCHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No FileCHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No FileCHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll No FileCHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No FileCHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No FileCHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Extension: (Google Drive) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Amazing Coupons) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0CHR Extension: (Gmail) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR StartMenuInternet: Google Chrome - "C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe" ==================== Services (Whitelisted) ================= R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)R2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2009-12-17] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-13 00:49 - 2013-07-13 00:49 - 00000000 ____D C:\FRST2013-07-13 00:48 - 2013-07-13 00:48 - 01777811 _____ (Farbar) C:\Users\Margo\Downloads\FRST64.exe2013-07-13 00:46 - 2013-07-13 00:47 - 00000002 _____ C:\end2013-07-13 00:46 - 2013-07-13 00:47 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 ____D C:\Users\Margo\AppData\Local\getsavin2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 ____D C:\Program Files (x86)\File Type Helper2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 _____ C:\extensions.sqlite2013-07-13 00:44 - 2013-07-13 00:44 - 01065256 _____ C:\Users\Margo\Downloads\Setup.exe2013-07-12 15:58 - 2013-07-12 15:58 - 00000000 ____D C:\Windows\TempD302D74C-0FE3-26F3-E030-79690EB38962-Signatures2013-07-12 15:09 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll2013-07-12 15:09 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys2013-07-12 15:09 - 2012-08-23 10:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys2013-07-12 15:09 - 2012-08-23 09:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll2013-07-12 15:09 - 2012-08-23 09:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll2013-07-12 15:09 - 2012-08-23 09:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe2013-07-12 15:09 - 2012-08-23 09:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll2013-07-12 15:09 - 2012-08-23 09:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll2013-07-12 15:09 - 2012-08-23 09:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll2013-07-12 15:09 - 2012-08-23 09:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2013-07-12 15:09 - 2012-08-23 09:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll2013-07-12 15:09 - 2012-08-23 09:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll2013-07-12 15:09 - 2012-08-23 08:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2013-07-12 15:09 - 2012-08-23 07:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2013-07-12 15:09 - 2012-08-23 07:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2013-07-12 15:09 - 2012-08-23 07:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe2013-07-12 15:09 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll2013-07-12 15:09 - 2012-08-23 06:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll2013-07-12 15:09 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll2013-07-12 15:09 - 2012-08-23 06:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2013-07-12 15:09 - 2012-08-23 06:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2013-07-12 15:09 - 2012-08-23 05:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2013-07-12 15:09 - 2012-08-23 04:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2013-07-12 15:09 - 2012-08-23 04:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2013-07-12 15:08 - 2013-07-12 15:09 - 00000000 ____D C:\Windows\system32\MRT2013-07-12 15:00 - 2013-07-12 14:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-07-12 14:59 - 2013-07-12 15:59 - 00002155 _____ C:\Windows\epplauncher.mif2013-07-12 14:59 - 2013-07-12 15:58 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-07-12 14:59 - 2013-07-12 15:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client2013-07-12 14:45 - 2013-07-12 14:45 - 00000000 ____D C:\Users\All Users\APN2013-07-12 14:43 - 2013-07-12 14:44 - 00903080 _____ (Oracle Corporation) C:\Users\Margo\Downloads\chromeinstall-7u25.exe2013-07-12 14:37 - 2013-07-12 14:37 - 00000000 ____D C:\Users\All Users\McAfee2013-07-12 14:34 - 2012-08-24 14:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2013-07-12 14:34 - 2012-08-24 14:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2013-07-12 14:34 - 2012-08-24 14:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2013-07-12 14:34 - 2012-08-24 14:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2013-07-12 14:34 - 2012-08-24 12:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2013-07-12 14:34 - 2012-08-24 12:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2013-07-12 14:34 - 2012-08-24 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2013-07-12 14:34 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2013-07-12 14:34 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2013-07-12 02:45 - 2013-07-12 02:45 - 02347384 _____ (ESET) C:\Users\Margo\Downloads\esetsmartinstaller_enu.exe2013-07-12 02:40 - 2013-07-12 02:40 - 00000957 _____ C:\AdwCleaner[s1].txt2013-07-12 02:32 - 2013-07-12 02:32 - 00662345 _____ C:\Users\Margo\Downloads\AdwCleaner.exe2013-07-12 02:29 - 2013-07-12 02:29 - 00002185 _____ C:\Users\Margo\Desktop\JRT.txt2013-07-12 02:22 - 2013-07-12 02:22 - 00000000 ____D C:\Windows\ERUNT2013-07-10 22:33 - 2013-07-10 22:33 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk2013-07-10 22:33 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys2013-07-10 22:32 - 2013-07-10 22:33 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF692013-07-10 22:32 - 2013-07-10 22:33 - 00000000 ____D C:\Program Files\iTunes2013-07-10 22:32 - 2013-07-10 22:33 - 00000000 ____D C:\Program Files (x86)\iTunes2013-07-10 22:32 - 2013-07-10 22:32 - 00000000 ____D C:\Program Files\iPod2013-07-10 22:06 - 2013-07-12 02:32 - 00000000 ____D C:\Users\All Users\Malwarebytes' Anti-Malware (portable)2013-07-10 22:06 - 2013-05-29 02:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-07-10 22:06 - 2013-05-29 01:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-07-10 22:06 - 2013-05-29 01:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-07-10 22:06 - 2013-05-29 01:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-07-10 22:06 - 2013-05-29 01:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-07-10 22:06 - 2013-05-29 01:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-07-10 22:06 - 2013-05-29 01:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-07-10 22:06 - 2013-05-29 01:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-07-10 22:06 - 2013-05-29 01:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-07-10 22:06 - 2013-05-29 01:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2013-07-10 22:06 - 2013-05-29 01:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-07-10 22:06 - 2013-05-29 01:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-07-10 22:06 - 2013-05-29 01:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-07-10 22:06 - 2013-05-29 01:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-07-10 22:06 - 2013-05-29 01:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-07-10 22:06 - 2013-05-29 01:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-07-10 22:06 - 2013-05-28 21:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-07-10 22:06 - 2013-05-28 21:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-07-10 22:06 - 2013-05-28 21:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-07-10 22:06 - 2013-05-28 21:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-07-10 22:06 - 2013-05-28 21:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-07-10 22:06 - 2013-05-28 21:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-07-10 22:06 - 2013-05-28 21:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-07-10 22:06 - 2013-05-28 21:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-07-10 22:06 - 2013-05-28 21:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-07-10 22:06 - 2013-05-28 21:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-07-10 22:06 - 2013-05-28 21:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-07-10 22:06 - 2013-05-28 21:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-07-10 22:06 - 2013-05-28 21:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-07-10 22:06 - 2013-05-28 21:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-07-10 22:06 - 2013-05-28 21:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-07-10 22:06 - 2013-05-28 21:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-07-10 21:56 - 2013-07-10 21:56 - 00558783 _____ (Oleg N. Scherbakov) C:\Users\Margo\Downloads\JRT.exe2013-07-10 21:55 - 2013-07-10 21:59 - 13399154 _____ C:\Users\Margo\Downloads\mbar-1.06.0.1004.zip2013-07-10 21:55 - 2013-07-10 21:55 - 00000000 ____D C:\Windows\ERDNT2013-07-10 21:54 - 2013-07-10 21:54 - 00000926 _____ C:\Users\Margo\Desktop\NTREGOPT.lnk2013-07-10 21:54 - 2013-07-10 21:54 - 00000907 _____ C:\Users\Margo\Desktop\ERUNT.lnk2013-07-10 21:54 - 2013-07-10 21:54 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-07-10 21:51 - 2013-07-10 21:51 - 00791393 _____ (Lars Hederer ) C:\Users\Margo\Downloads\erunt-setup.exe2013-07-10 21:49 - 2013-07-12 17:32 - 00000448 _____ C:\Windows\setupact.log2013-07-10 21:49 - 2013-07-10 21:49 - 00000000 _____ C:\Windows\setuperr.log2013-07-10 02:12 - 2013-07-10 02:13 - 00000000 ____D C:\8ff5447790c41c1670322649fa4b93e32013-07-09 22:43 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-07-09 22:43 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2013-07-09 22:42 - 2013-07-12 02:45 - 00000000 ____D C:\Users\Margo\Desktop\cleanup2013-07-09 22:42 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2013-07-09 22:42 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2013-07-09 22:31 - 2013-07-09 22:38 - 00688992 ____R (Swearware) C:\Users\Margo\Downloads\dds (1).com2013-07-09 22:27 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2013-07-09 22:27 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-07-09 22:02 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-07-09 21:04 - 2013-07-09 21:05 - 00688992 _____ (Swearware) C:\Users\Margo\Downloads\dds.com2013-07-07 02:29 - 2013-07-07 02:29 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Users\Margo\AppData\Roaming\Malwarebytes2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Users\All Users\Malwarebytes2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-07 02:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-06-19 23:45 - 2013-04-17 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-06-19 23:45 - 2013-04-17 02:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2013-06-18 21:50 - 2013-06-18 21:50 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys2013-06-17 16:36 - 2013-06-17 16:36 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-17 16:34 - 2013-07-12 16:28 - 00037929 _____ C:\Windows\IE10_main.log ==================== One Month Modified Files and Folders ======= 2013-07-13 00:49 - 2013-07-13 00:49 - 00000000 ____D C:\FRST2013-07-13 00:48 - 2013-07-13 00:48 - 01777811 _____ (Farbar) C:\Users\Margo\Downloads\FRST64.exe2013-07-13 00:47 - 2013-07-13 00:46 - 00000002 _____ C:\end2013-07-13 00:47 - 2013-07-13 00:46 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 ____D C:\Users\Margo\AppData\Local\getsavin2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 ____D C:\Program Files (x86)\File Type Helper2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 _____ C:\extensions.sqlite2013-07-13 00:44 - 2013-07-13 00:44 - 01065256 _____ C:\Users\Margo\Downloads\Setup.exe2013-07-13 00:34 - 2011-09-30 14:21 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001UA.job2013-07-13 00:09 - 2012-04-11 17:34 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-07-12 22:26 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-07-12 22:26 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-07-12 22:23 - 2009-07-14 01:10 - 01148619 _____ C:\Windows\WindowsUpdate.log2013-07-12 19:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache2013-07-12 19:09 - 2012-04-11 17:34 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-07-12 19:04 - 2012-04-11 17:34 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-07-12 19:04 - 2012-04-11 17:34 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-07-12 18:34 - 2011-09-30 14:21 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001Core.job2013-07-12 18:29 - 2011-09-30 14:21 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001UA2013-07-12 18:29 - 2011-09-30 14:21 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001Core2013-07-12 17:33 - 2012-11-09 00:30 - 00000000 ___SD C:\Users\Margo\Google Drive2013-07-12 17:32 - 2013-07-10 21:49 - 00000448 _____ C:\Windows\setupact.log2013-07-12 17:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-07-12 16:28 - 2013-06-17 16:34 - 00037929 _____ C:\Windows\IE10_main.log2013-07-12 15:59 - 2013-07-12 14:59 - 00002155 _____ C:\Windows\epplauncher.mif2013-07-12 15:58 - 2013-07-12 15:58 - 00000000 ____D C:\Windows\TempD302D74C-0FE3-26F3-E030-79690EB38962-Signatures2013-07-12 15:58 - 2013-07-12 14:59 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-07-12 15:58 - 2013-07-12 14:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client2013-07-12 15:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions2013-07-12 15:11 - 2011-09-30 15:37 - 00000000 ____D C:\Program Files (x86)\Intel2013-07-12 15:09 - 2013-07-12 15:08 - 00000000 ____D C:\Windows\system32\MRT2013-07-12 14:59 - 2013-07-12 15:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-07-12 14:59 - 2012-06-07 01:48 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll2013-07-12 14:59 - 2012-06-07 01:48 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2013-07-12 14:59 - 2011-10-19 04:29 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2013-07-12 14:59 - 2011-10-19 04:29 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2013-07-12 14:59 - 2011-10-19 04:28 - 00000000 ____D C:\Program Files (x86)\Java2013-07-12 14:59 - 2011-09-30 14:00 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2013-07-12 14:47 - 2009-07-14 01:13 - 00740814 _____ C:\Windows\system32\PerfStringBackup.INI2013-07-12 14:45 - 2013-07-12 14:45 - 00000000 ____D C:\Users\All Users\APN2013-07-12 14:44 - 2013-07-12 14:43 - 00903080 _____ (Oracle Corporation) C:\Users\Margo\Downloads\chromeinstall-7u25.exe2013-07-12 14:37 - 2013-07-12 14:37 - 00000000 ____D C:\Users\All Users\McAfee2013-07-12 02:45 - 2013-07-12 02:45 - 02347384 _____ (ESET) C:\Users\Margo\Downloads\esetsmartinstaller_enu.exe2013-07-12 02:45 - 2013-07-09 22:42 - 00000000 ____D C:\Users\Margo\Desktop\cleanup2013-07-12 02:41 - 2009-07-14 01:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-07-12 02:40 - 2013-07-12 02:40 - 00000957 _____ C:\AdwCleaner[s1].txt2013-07-12 02:32 - 2013-07-12 02:32 - 00662345 _____ C:\Users\Margo\Downloads\AdwCleaner.exe2013-07-12 02:32 - 2013-07-10 22:06 - 00000000 ____D C:\Users\All Users\Malwarebytes' Anti-Malware (portable)2013-07-12 02:29 - 2013-07-12 02:29 - 00002185 _____ C:\Users\Margo\Desktop\JRT.txt2013-07-12 02:22 - 2013-07-12 02:22 - 00000000 ____D C:\Windows\ERUNT2013-07-12 02:19 - 2011-09-30 14:21 - 00002368 _____ C:\Users\Margo\Desktop\Google Chrome.lnk2013-07-11 02:32 - 2009-07-14 00:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT2013-07-11 02:31 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal2013-07-11 02:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender2013-07-11 02:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-07-10 22:33 - 2013-07-10 22:33 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk2013-07-10 22:33 - 2013-07-10 22:32 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF692013-07-10 22:33 - 2013-07-10 22:32 - 00000000 ____D C:\Program Files\iTunes2013-07-10 22:33 - 2013-07-10 22:32 - 00000000 ____D C:\Program Files (x86)\iTunes2013-07-10 22:32 - 2013-07-10 22:32 - 00000000 ____D C:\Program Files\iPod2013-07-10 21:59 - 2013-07-10 21:55 - 13399154 _____ C:\Users\Margo\Downloads\mbar-1.06.0.1004.zip2013-07-10 21:56 - 2013-07-10 21:56 - 00558783 _____ (Oleg N. Scherbakov) C:\Users\Margo\Downloads\JRT.exe2013-07-10 21:55 - 2013-07-10 21:55 - 00000000 ____D C:\Windows\ERDNT2013-07-10 21:54 - 2013-07-10 21:54 - 00000926 _____ C:\Users\Margo\Desktop\NTREGOPT.lnk2013-07-10 21:54 - 2013-07-10 21:54 - 00000907 _____ C:\Users\Margo\Desktop\ERUNT.lnk2013-07-10 21:54 - 2013-07-10 21:54 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-07-10 21:51 - 2013-07-10 21:51 - 00791393 _____ (Lars Hederer ) C:\Users\Margo\Downloads\erunt-setup.exe2013-07-10 21:49 - 2013-07-10 21:49 - 00000000 _____ C:\Windows\setuperr.log2013-07-10 21:49 - 2013-03-13 11:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-07-10 21:49 - 2013-03-13 11:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-07-10 21:49 - 2013-01-27 03:14 - 00000000 ____D C:\Users\All Users\COMODO2013-07-10 21:49 - 2011-09-30 15:36 - 00014260 _____ C:\Windows\PFRO.log2013-07-10 02:13 - 2013-07-10 02:12 - 00000000 ____D C:\8ff5447790c41c1670322649fa4b93e32013-07-09 22:38 - 2013-07-09 22:31 - 00688992 ____R (Swearware) C:\Users\Margo\Downloads\dds (1).com2013-07-09 22:32 - 2011-09-30 14:20 - 00058016 _____ C:\Users\Margo\AppData\Local\GDIPFONTCACHEV1.DAT2013-07-09 21:46 - 2011-11-29 07:50 - 00000000 ____D C:\Windows\Minidump2013-07-09 21:25 - 2013-01-27 03:17 - 00000000 ____D C:\Windows\System32\Tasks\COMODO2013-07-09 21:22 - 2012-02-17 01:59 - 00000000 ____D C:\Program Files\DivX2013-07-09 21:22 - 2012-02-17 01:57 - 00000000 ____D C:\Users\All Users\DivX2013-07-09 21:22 - 2012-02-17 01:57 - 00000000 ____D C:\Program Files (x86)\DivX2013-07-09 21:17 - 2012-02-17 02:25 - 00000000 ____D C:\Users\Margo\AppData\Roaming\Real2013-07-09 21:17 - 2012-02-17 02:25 - 00000000 ____D C:\Program Files (x86)\Real2013-07-09 21:16 - 2012-02-17 02:25 - 00000000 ____D C:\Users\All Users\Real2013-07-09 21:14 - 2012-04-11 17:34 - 00000000 ____D C:\Program Files (x86)\Google2013-07-09 21:05 - 2013-07-09 21:04 - 00688992 _____ (Swearware) C:\Users\Margo\Downloads\dds.com2013-07-09 15:59 - 2013-01-27 03:17 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat2013-07-07 02:48 - 2013-01-27 03:14 - 00000000 ____D C:\Program Files (x86)\Comodo2013-07-07 02:29 - 2013-07-07 02:29 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Users\Margo\AppData\Roaming\Malwarebytes2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Users\All Users\Malwarebytes2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-06-24 00:57 - 2011-10-06 02:24 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-06-19 23:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK2013-06-19 23:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR2013-06-19 23:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\zh-HK2013-06-19 23:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\tr-TR2013-06-18 21:50 - 2013-06-18 21:50 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys2013-06-18 21:50 - 2013-01-20 15:59 - 00139616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys2013-06-17 16:36 - 2013-06-17 16:36 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-09 11:15 ==================== End Of Log ============================

this is camarg0's other account. I'm having trouble logging into that account. so here are the logs. Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.org Database version: v2013.07.11.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Margo :: MARGO-PC [administrator] 7/11/2013 2:38:08 PMmbar-log-2013-07-11 (14-38-08).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 231329Time elapsed: 33 minute(s), 14 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4083867648, free: 1975746560 Downloaded database version: v2013.07.11.01Initializing...------------ Kernel report ------------ 07/10/2013 22:06:22------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\mouclass.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\system32\DRIVERS\portcls.sys\SystemRoot\system32\DRIVERS\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btwavdt.sys\SystemRoot\system32\drivers\btwaudio.sys\SystemRoot\system32\DRIVERS\btwl2cap.sys\SystemRoot\system32\DRIVERS\btwrchid.sys\SystemRoot\system32\drivers\BCM42RLY.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\comdlg32.dll\Windows\System32\advapi32.dll\Windows\System32\psapi.dll\Windows\System32\gdi32.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\imm32.dll\Windows\System32\nsi.dll\Windows\System32\ws2_32.dll\Windows\System32\wininet.dll\Windows\System32\shlwapi.dll\Windows\System32\rpcrt4.dll\Windows\System32\imagehlp.dll\Windows\System32\clbcatq.dll\Windows\System32\sechost.dll\Windows\System32\usp10.dll\Windows\System32\iertutil.dll\Windows\System32\oleaut32.dll\Windows\System32\ole32.dll\Windows\System32\msctf.dll\Windows\System32\kernel32.dll\Windows\System32\msvcrt.dll\Windows\System32\Wldap32.dll\Windows\System32\normaliz.dll\Windows\System32\setupapi.dll\Windows\System32\shell32.dll\Windows\System32\difxapi.dll\Windows\System32\lpk.dll\Windows\System32\crypt32.dll\Windows\System32\wintrust.dll\Windows\System32\cfgmgr32.dll\Windows\System32\comctl32.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004b85060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004963050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004b85060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004b85b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004b85060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004963050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4437F46F Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 20160512 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20242432 Numsec = 1230012416 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...Done!Scan finished======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_81920_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4083867648, free: 2446712832 Downloaded database version: v2013.07.11.02Downloaded database version: v2013.07.11.03Downloaded database version: v2013.07.11.04Downloaded database version: v2013.07.11.05Initializing...------------ Kernel report ------------ 07/11/2013 14:38:04------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\mouclass.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\system32\DRIVERS\portcls.sys\SystemRoot\system32\DRIVERS\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btwavdt.sys\SystemRoot\system32\drivers\btwaudio.sys\SystemRoot\system32\DRIVERS\btwl2cap.sys\SystemRoot\system32\DRIVERS\btwrchid.sys\SystemRoot\system32\drivers\BCM42RLY.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\nsi.dll\Windows\System32\oleaut32.dll\Windows\System32\advapi32.dll\Windows\System32\gdi32.dll\Windows\System32\comdlg32.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\Wldap32.dll\Windows\System32\imm32.dll\Windows\System32\setupapi.dll\Windows\System32\ws2_32.dll\Windows\System32\iertutil.dll\Windows\System32\sechost.dll\Windows\System32\shlwapi.dll\Windows\System32\normaliz.dll\Windows\System32\usp10.dll\Windows\System32\clbcatq.dll\Windows\System32\rpcrt4.dll\Windows\System32\ole32.dll\Windows\System32\psapi.dll\Windows\System32\msvcrt.dll\Windows\System32\kernel32.dll\Windows\System32\wininet.dll\Windows\System32\imagehlp.dll\Windows\System32\shell32.dll\Windows\System32\msctf.dll\Windows\System32\lpk.dll\Windows\System32\difxapi.dll\Windows\System32\comctl32.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\wintrust.dll\Windows\System32\devobj.dll\Windows\System32\cfgmgr32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004bc6790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004945050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004bc6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004bc62c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004bc6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004945050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4437F46F Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 20160512 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20242432 Numsec = 1230012416 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...Done!Scan finished======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_81920_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4083867648, free: 2550439936 ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4083867648, free: 2500644864 Downloaded database version: v2013.07.11.06Downloaded database version: v2013.07.11.07Downloaded database version: v2013.07.11.08Initializing...------------ Kernel report ------------ 07/12/2013 02:23:22------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\mouclass.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\system32\DRIVERS\portcls.sys\SystemRoot\system32\DRIVERS\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\BCM42RLY.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\System32\ATMFD.DLL\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btwavdt.sys\SystemRoot\system32\drivers\btwaudio.sys\SystemRoot\system32\DRIVERS\btwl2cap.sys\SystemRoot\system32\DRIVERS\btwrchid.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\nsi.dll\Windows\System32\oleaut32.dll\Windows\System32\advapi32.dll\Windows\System32\gdi32.dll\Windows\System32\comdlg32.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\Wldap32.dll\Windows\System32\imm32.dll\Windows\System32\setupapi.dll\Windows\System32\ws2_32.dll\Windows\System32\iertutil.dll\Windows\System32\sechost.dll\Windows\System32\shlwapi.dll\Windows\System32\normaliz.dll\Windows\System32\usp10.dll\Windows\System32\clbcatq.dll\Windows\System32\rpcrt4.dll\Windows\System32\ole32.dll\Windows\System32\psapi.dll\Windows\System32\msvcrt.dll\Windows\System32\kernel32.dll\Windows\System32\wininet.dll\Windows\System32\imagehlp.dll\Windows\System32\shell32.dll\Windows\System32\msctf.dll\Windows\System32\lpk.dll\Windows\System32\difxapi.dll\Windows\System32\comctl32.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\wintrust.dll\Windows\System32\devobj.dll\Windows\System32\cfgmgr32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004bc6790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004945050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004bc6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004bc62c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004bc6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004945050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4437F46F Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 20160512 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20242432 Numsec = 1230012416 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...Done!======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_81920_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.0.5 (07.10.2013:2)OS: Windows 7 Home Premium x64Ran by Margo on Fri 07/12/2013 at 2:22:31.60~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{94496571-6ac5-4836-82d5-d46260c44b17}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bc9fd17d-30f6-4464-9e53-596a90aff023}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{de9028d0-5ffa-4e69-94e3-89ee8741f468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{03e2a1f3-4402-4121-8b35-733216d61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{9e3b11f6-4179-4603-a71b-a55f4bcb0bec}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{13abd093-d46f-40df-a608-47e162ec799d}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{9c049ba6-ea47-4ac3-aed6-a66d8dc9e1d8}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\classes\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 07/12/2013 at 2:29:49.81End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.305 - Logfile created 07/12/2013 at 02:40:09# Updated 11/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Margo - MARGO-PC# Boot Mode : Normal# Running from : C:\Users\Margo\Downloads\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.71 File : C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [834 octets] - [12/07/2013 02:40:09] ########## EOF - C:\AdwCleaner[s1].txt - [893 octets] ########## as for the eset scan, it said it had found 1 threat but i hadnt unclicked the remove threats so it removed it and i closed it without getting a log... when I ran it again it said it found no threats and no logs came up...

So I did the first two steps of the process "im infected - what do i do now" here are the logs from the malwayre bytes Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.07.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Louis :: LOUIS-HP [administrator] 7/7/2013 9:35:43 PM mbam-log-2013-07-07 (21-35-43).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 526677 Time elapsed: 1 hour(s), 35 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) and here are the attach logs from dds . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2010 12:57:53 PM System Uptime: 7/7/2013 7:57:24 PM (4 hours ago) . Motherboard: Hewlett-Packard | | 143F Processor: AMD Turion II P540 Dual-Core Processor | Socket S1G4 | 2400/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 446 GiB total, 272.485 GiB free. D: is FIXED (NTFS) - 20 GiB total, 2.855 GiB free. E: is CDROM (CDFS) F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free. G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP725: 6/21/2013 2:17:42 AM - Scheduled Checkpoint RP726: 6/21/2013 3:03:02 AM - Windows Update RP727: 6/25/2013 3:49:48 PM - Windows Update RP728: 6/26/2013 4:21:20 AM - HPSF Restore Point RP729: 7/1/2013 11:52:48 PM - Windows Update RP730: 7/7/2013 4:39:10 PM - Windows Update RP731: 7/7/2013 9:15:01 PM - Removed TortoiseSVN 1.7.10.23359 (64 bit) . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program ATI Catalyst Install Manager AviSynth 2.5 Bejeweled 2 Deluxe Blackhawk Striker 2 Block Youtube Ads Bonjour Build-a-lot 2 Canon MX870 series MP Drivers Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe CinemaNow Media Manager Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CyberLink DVD Suite D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diner Dash 2 Restaurant Rescue Dora's Carnival Adventure Dropbox DVD Menu Pack for HP MediaSmart Video Energy Star Digital Logo Escape Rosecliff Island ESU for Microsoft Windows 7 FATE Final Drive Nitro Free YouTube to MP3 Converter version 3.12.2.430 Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.1.2.0 HP 3D DriveGuard HP Advisor HP Customer Experience Enhancements HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP Game Console HP Games HP MediaSmart CinemaNow 2.0 HP MediaSmart DVD HP MediaSmart Movies and TV HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP MediaSmart Webcam HP MediaSmart/TouchSmart Netflix HP Photo Creations HP Power Manager HP Quick Launch HP Setup HP Software Framework HP Support Assistant HP Wireless Assistant iCloud IDT Audio iPhoneBrowser iTunes Java 7 Update 13 Java 7 Update 9 (64-bit) Java Auto Updater Jewel Quest 3 Jewel Quest Solitaire 2 Junk Mail filter update K-Lite Codec Pack 7.1.0 (Full) LabelPrint LogMeIn Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 MobileMe Control Panel Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) Penguins! PhotoNow! Plants vs. Zombies Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek USB 2.0 Card Reader Recovery Manager Redist Roxio CinemaNow 2.0 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Synaptics Pointing Device Driver TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wnciper TurboTax 2011 wnyiper TurboTax 2011 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Verizon Media Manager Virtual Families Virtual Villagers - The Secret City Wheel of Fortune 2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Windows Movie Maker 2.6 WinRAR 4.20 (64-bit) YTD Video Downloader 4.0 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 7/7/2013 9:13:31 PM, Error: Service Control Manager [7034] - The FastFreeConverterUpdt service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File =========================== and heres the other dds log DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.13.2 Run by Louis at 23:13:52 on 2013-07-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1868 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Users\Louis\AppData\Roaming\PC-Gizmos\PC_136519.en_77.exe C:\Users\Louis\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: PC Gizmos BHO: {A817C286-3D6B-4ECD-A99C-E44E50DBC523} - C:\Users\Louis\AppData\Roaming\PC-Gizmos\PCGizmosBHO.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe uRun: [intel Drives] "C:\Users\Louis\AppData\Local\Temp\Systweaker\Sys.exe" uRun: [AdobeBridge] <no file> mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Louis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Louis\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.1 TCP: Interfaces\{7AE4314C-6078-45F5-8AFF-72C7DD5F8BDF} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{7AE4314C-6078-45F5-8AFF-72C7DD5F8BDF}\2516E646F6C60786 : DHCPNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{7AE4314C-6078-45F5-8AFF-72C7DD5F8BDF}\6616D60756163656 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{7AE4314C-6078-45F5-8AFF-72C7DD5F8BDF}\F4C6464596D656245746 : DHCPNameServer = 208.77.2.11 207.200.7.21 207.69.188.185 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\ FF - prefs.js: browser.startup.homepage - boxingnews24.com FF - prefs.js: network.proxy.type - 0 FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-05 20:05; {2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca}; C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions\{2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca}.xpi . ---- FIREFOX POLICIES ---- FF - user.js: extensions.funmoods.hmpg - false FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods.id - 6E0F6E402EE942E3 FF - user.js: extensions.funmoods.instlDay - 15674 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2223:50:29 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - vsl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - vsl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.privitize.hpOld0 - boxingnews24.com FF - user.js: extensions.privitize.id - 282542e30000000000006e0f6e402ee9 FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4} FF - user.js: extensions.privitize.instlDay - 15839 FF - user.js: extensions.privitize.vrsn - 1.8.16.22 FF - user.js: extensions.privitize.vrsni - 1.8.16.22 FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2221:18:51 FF - user.js: extensions.privitize.prtnrId - privitize FF - user.js: extensions.privitize.prdct - privitize FF - user.js: extensions.privitize.aflt - orgnl FF - user.js: extensions.privitize.smplGrp - none FF - user.js: extensions.privitize.tlbrId - base FF - user.js: extensions.privitize.instlRef - FF - user.js: extensions.privitize.dfltLng - FF - user.js: extensions.privitize.excTlbr - true FF - user.js: extensions.privitize.ffxUnstlRst - false FF - user.js: extensions.privitize.admin - false FF - user.js: extensions.privitize.autoRvrt - false FF - user.js: extensions.privitize.rvrt - false FF - user.js: extensions.privitize.hmpg - true FF - user.js: extensions.privitize.dfltSrch - true FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize) FF - user.js: extensions.privitize.dnsErr - true FF - user.js: extensions.privitize.newTab - true FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 282542e30000000000006e0f6e402ee9 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15849 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:39:42 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119816&tt=gc_ FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . ============= SERVICES / DRIVERS =============== . R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-3 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-3 203264] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 376144] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 16056] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-10-6 72216] R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-25 32880] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-21 239136] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-21 38528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-21 295424] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368] . =============== Created Last 30 ================ . 2013-07-08 01:18:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-07-08 01:18:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-07 20:40:22 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CCEDEEBD-16FD-435F-B055-8494B0249C2C}\mpengine.dll 2013-06-23 19:46:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-23 19:46:42 -------- d-----w- C:\Program Files\iTunes 2013-06-23 19:46:42 -------- d-----w- C:\Program Files\iPod 2013-06-23 19:46:42 -------- d-----w- C:\Program Files (x86)\iTunes 2013-06-21 02:32:21 -------- d-----w- C:\8a5640af6feee689a6f332 2013-06-13 09:37:37 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll 2013-06-13 08:13:53 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-13 08:13:28 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-06-13 08:13:26 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-06-13 08:13:15 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-06-13 08:13:15 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-06-13 08:12:58 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-06-13 08:12:58 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-06-13 08:12:01 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-06-13 08:12:01 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-06-13 08:12:01 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-06-13 08:12:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-06-13 08:12:01 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-06-13 08:12:01 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-06-13 08:12:01 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-06-13 08:12:01 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-06-13 08:12:01 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-06-13 08:12:01 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-06-13 08:11:44 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-06-13 08:11:44 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll . ==================== Find3M ==================== . 2013-06-13 08:47:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-13 08:47:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-13 08:03:55 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2013-06-13 08:03:51 35656 ----a-w- C:\Windows\System32\LMIport.dll 2013-06-13 08:03:51 100680 ----a-w- C:\Windows\System32\LMIinit.dll 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-02 15:23:44 149 ----a-w- C:\Users\Louis\AppData\Roaming\uninstall.bat 2013-05-27 19:11:33 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 23:14:59.25 ===============

the updates downloaded great, thanks so much for your help. Any suggestions on how to keep my laptop virus/malware free in the future? Any programs I should download? BTW all the programs I downloaded during this whole process, should I keep them and run them again for rutine scans, or should I delete them?

I believe he torrented a copy of windows 7. I'm guessing that's a bad thing... It has 2GB Ram and an Intel® Pentium® D CPU 3.00GHZ PROCESSOR

system check Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 37 Java version out of Date! Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 6% ````````````````````End of Log``````````````````````

adcleaner logs # AdwCleaner v2.007 - Logfile created 11/08/2012 at 20:29:59 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Louis - LOUIS-HP # Boot Mode : Normal # Running from : C:\Users\Louis\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\QuestScan Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Users\Louis\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Louis\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Louis\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Louis\AppData\LocalLow\ShoppingReport2 Folder Deleted : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions\toolbar@ask.com Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Mp3Tube Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2 Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\prefs.js C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_r[...] Deleted : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="); ************************* AdwCleaner[R1].txt - [5797 octets] - [08/11/2012 18:50:06] AdwCleaner[s1].txt - [5698 octets] - [08/11/2012 20:29:59] ########## EOF - C:\AdwCleaner[s1].txt - [5758 octets] ##########

Hello, thank you for your response. No this is a diffrent computer than the one thedarkknight is helping me with. This is an alienware desktop I recently bought from a friend. It was working horribly when I first got it, couldn't run any programs on it. After intalling windows 7 it seems a little bit better, but sometimes it does seem rather slow, and sometimes the screen will flash black for 1 second (although im not sure if that may just be something with the moniter) I ran Malwayrebytes and it said I had a few threats. I tried cleaning them, but im sure if their is a serious threat its not something I will be able to fix on my own with just Malwayre bytes. Could you help me figure out if there's something wrong?

these are the ad cleaner logs # AdwCleaner v2.007 - Logfile created 11/08/2012 at 18:50:06 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Louis - LOUIS-HP # Boot Mode : Normal # Running from : C:\Users\Louis\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Ask.com Folder Found : C:\Program Files (x86)\QuestScan Folder Found : C:\ProgramData\Ask Folder Found : C:\Users\Louis\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Louis\AppData\LocalLow\Conduit Folder Found : C:\Users\Louis\AppData\LocalLow\PriceGong Folder Found : C:\Users\Louis\AppData\LocalLow\ShoppingReport2 Folder Found : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\extensions\toolbar@ask.com Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\Mp3Tube Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2 Key Found : HKCU\Software\AppDataLow\Software\Toolbar Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Found : HKLM\Software\APN Key Found : HKLM\Software\AskToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} Key Found : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} Key Found : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} Key Found : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} Key Found : HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\prefs.js Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultenginename", "Ask.com"); Found : user_pref("browser.search.order.1", "Ask.com"); Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_r[...] Found : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="); ************************* AdwCleaner[R1].txt - [5690 octets] - [08/11/2012 18:50:06] ########## EOF - C:\AdwCleaner[R1].txt - [5750 octets] ##########