T8r

Forum Deity: Fantastic...I rebooted the computer to make sure it re-started fine = okay. No hangups and I have ran Malwarebytes several times, both quick scan and full scan without any reports of PUP or other such garbage. I thank you for your time and MrCharlie as well for his time, both of your expertise and guidance. Very much appreciated. One question remains is every so often I get a Google Installer error that wants me to report to Microsoft and I hit send or report or whatever. Is this a whole nother animal to deal with or is it an ignore it situation? thanks again...T8r

MiniToolBox by Farbar Version: 13-07-2013 Ran by T8r Salad (administrator) on 11-08-2013 at 21:26:31 Running from "C:\Users\T8r Salad\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ Intel® Centrino® Wireless-N 1000 = Wireless Network Connection (Connected) Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 = Local Area Connection 3 (Hardware not present) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Hardware not present) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled set interface interface="Local Area Connection 3" forwarding=enabled advertise=enabled metric=1 nud=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : T8rSalad-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ph.cox.net Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : ph.cox.net Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1000 Physical Address. . . . . . . . . : 00-26-C7-84-A8-5E DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::593d:4cb8:1c53:3611%12(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.122(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, August 11, 2013 1:27:11 PM Lease Expires . . . . . . . . . . : Monday, August 12, 2013 3:00:07 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 318777031 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-38-36-0C-60-EB-69-1E-AC-F5 DNS Servers . . . . . . . . . . . : 68.105.28.11 68.105.29.11 68.105.28.12 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.ph.cox.net: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ph.cox.net Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8f6:149e:3f57:fe85(Preferred) Link-local IPv6 Address . . . . . : fe80::8f6:149e:3f57:fe85%22(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Server: cdns1.cox.net Address: 68.105.28.11 Name: google.com Addresses: 2607:f8b0:4007:800::1002 74.125.239.9 74.125.239.14 74.125.239.0 74.125.239.1 74.125.239.2 74.125.239.3 74.125.239.4 74.125.239.5 74.125.239.6 74.125.239.7 74.125.239.8 Pinging google.com [74.125.224.163] with 32 bytes of data: Reply from 74.125.224.163: bytes=32 time=23ms TTL=54 Reply from 74.125.224.163: bytes=32 time=24ms TTL=54 Ping statistics for 74.125.224.163: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 23ms, Maximum = 24ms, Average = 23ms Server: cdns1.cox.net Address: 68.105.28.11 Name: yahoo.com Addresses: 206.190.36.45 98.138.253.109 98.139.183.24 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=138ms TTL=53 Reply from 98.139.183.24: bytes=32 time=103ms TTL=53 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 103ms, Maximum = 138ms, Average = 120ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 12...00 26 c7 84 a8 5e ......Intel® Centrino® Wireless-N 1000 1...........................Software Loopback Interface 1 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.122 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.122 281 192.168.1.122 255.255.255.255 On-link 192.168.1.122 281 192.168.1.255 255.255.255.255 On-link 192.168.1.122 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.122 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.122 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 22 58 ::/0 On-link 1 306 ::1/128 On-link 22 58 2001::/32 On-link 22 306 2001:0:4137:9e76:8f6:149e:3f57:fe85/128 On-link 12 281 fe80::/64 On-link 22 306 fe80::/64 On-link 22 306 fe80::8f6:149e:3f57:fe85/128 On-link 12 281 fe80::593d:4cb8:1c53:3611/128 On-link 1 306 ff00::/8 On-link 22 306 ff00::/8 On-link 12 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (08/11/2013 09:41:54 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (08/10/2013 03:01:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (08/11/2013 01:25:56 PM) (Source: DCOM) (User: ) Description: {53362C64-A296-4F2D-A2F8-FD984D08340B} Error: (08/10/2013 07:42:50 PM) (Source: bowser) (User: ) Description: The master browser has received a server announcement from the computer CINDYJO-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B84199AD-FAA2-44B7-8D6D-875D85D025A3}. The master browser is stopping or an election is being forced. Microsoft Office Sessions: ========================= Error: (08/11/2013 09:41:54 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (08/10/2013 03:01:43 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\T8r Salad\Downloads\esetsmartinstaller_enu.exe CodeIntegrity Errors: =================================== Date: 2013-07-29 16:09:43.210 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-29 16:09:43.054 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-24 12:05:51.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-24 12:05:51.590 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-30 15:00:21.158 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-30 15:00:21.002 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-19 09:25:25.317 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-19 09:25:25.177 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-18 10:36:30.512 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-18 10:36:30.356 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ Acrobat.com (Version: 1.6.65) Adobe Acrobat 6.0 Professional (Version: 006.000.000) Adobe AIR (Version: 1.5.0.7220) Adobe Flash Player 11 ActiveX (Version: 11.8.800.94) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Illustrator 10.0.3 (Version: 10.0.3) Adobe Photoshop CS (Version: CS) Adobe Reader X (10.1.7) (Version: 10.1.7) Adobe Shockwave Player (Version: 11.5.1.601) Adobe Shockwave Player 11.5 (Version: 11.5.9.615) Adobe SVG Viewer 3.0 (Version: 3.0) Akamai NetSession Interface Apple Application Support (Version: 2.3.4) Apple Software Update (Version: 2.1.3.127) ATI Catalyst Install Manager (Version: 3.0.758.0) Bejeweled 2 Deluxe (Version: 2.2.0.82) Blackhawk Striker 2 (Version: 2.2.0.82) Blasterball 3 (Version: 2.2.0.82) Build-a-lot 2 (Version: 2.2.0.82) Cake Mania (Version: 2.2.0.82) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Core Implementation (Version: 2010.0122.858.16002) Catalyst Control Center Graphics Full Existing (Version: 2010.0122.858.16002) Catalyst Control Center Graphics Full New (Version: 2010.0122.858.16002) Catalyst Control Center Graphics Light (Version: 2010.0122.858.16002) Catalyst Control Center Graphics Previews Common (Version: 2010.0122.858.16002) Catalyst Control Center Graphics Previews Vista (Version: 2010.0122.858.16002) Catalyst Control Center InstallProxy (Version: 2010.0122.858.16002) Catalyst Control Center Localization All (Version: 2010.0122.858.16002) CCC Help Chinese Standard (Version: 2010.0122.0857.16002) CCC Help Chinese Traditional (Version: 2010.0122.0857.16002) CCC Help Czech (Version: 2010.0122.0857.16002) CCC Help Danish (Version: 2010.0122.0857.16002) CCC Help Dutch (Version: 2010.0122.0857.16002) CCC Help English (Version: 2010.0122.0857.16002) CCC Help Finnish (Version: 2010.0122.0857.16002) CCC Help French (Version: 2010.0122.0857.16002) CCC Help German (Version: 2010.0122.0857.16002) CCC Help Greek (Version: 2010.0122.0857.16002) CCC Help Hungarian (Version: 2010.0122.0857.16002) CCC Help Italian (Version: 2010.0122.0857.16002) CCC Help Japanese (Version: 2010.0122.0857.16002) CCC Help Korean (Version: 2010.0122.0857.16002) CCC Help Norwegian (Version: 2010.0122.0857.16002) CCC Help Polish (Version: 2010.0122.0857.16002) CCC Help Portuguese (Version: 2010.0122.0857.16002) CCC Help Russian (Version: 2010.0122.0857.16002) CCC Help Spanish (Version: 2010.0122.0857.16002) CCC Help Swedish (Version: 2010.0122.0857.16002) CCC Help Thai (Version: 2010.0122.0857.16002) CCC Help Turkish (Version: 2010.0122.0857.16002) ccc-core-static (Version: 2010.0122.858.16002) ccc-utility64 (Version: 2010.0122.858.16002) CCleaner (Version: 4.03) Chuzzle Deluxe (Version: 2.2.0.82) CinemaNow Media Manager (Version: 1.9.1.102) Cisco AnyConnect VPN Client (Version: 2.4.0202) Cisco Connect (Version: 1.4.11299.0) Cisco WebEx Meetings Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) CyberLink DVD Suite (Version: 7.0.2527) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82) DIRECTV Player (Version: 8.0) Dora's Carnival Adventure (Version: 2.2.0.82) Dropbox (Version: 2.0.22) DVD Menu Pack for HP MediaSmart Video (Version: 4.0.3715) Escape Rosecliff Island (Version: 2.2.0.82) ESU for Microsoft Windows 7 (Version: 1.0.0) Faerie Solitaire (Version: 2.2.0.82) Fairy Tale Mysteries - The Puppet Thief FATE (Version: 2.2.0.82) ffdshow [rev 2527] [2008-12-19] (Version: 1.0) Foxit Reader (Version: 6.0.6.722) Garmin Communicator Plugin (Version: 4.0.3) Garmin Communicator Plugin x64 (Version: 4.0.3) Google Chrome (Version: 28.0.1500.95) Google Drive (Version: 1.11.4865.2530) Google Earth Plug-in (Version: 7.1.1.1888) Google Talk (remove only) Google Talk Plugin (Version: 4.4.2.14502) Google Update Helper (Version: 1.3.21.153) Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000) HP 3D DriveGuard (Version: 4.1.16.1) HP Advisor (Version: 3.4.10144.3282) HP Customer Experience Enhancements (Version: 6.0.1.7) HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0) HP Deskjet 1000 J110 series Help (Version: 140.0.65.65) HP Games (Version: 1.0.0.80) HP MediaSmart CinemaNow 2.0 (Version: 2.0) HP MediaSmart DVD (Version: 4.0.3727) HP MediaSmart Internet TV (Version: 3.2.2513) HP MediaSmart Movies and TV (Version: 1.0.0.10) HP MediaSmart Music (Version: 4.0.3722) HP MediaSmart Photo (Version: 4.0.3722) HP MediaSmart SmartMenu (Version: 3.1.1.12) HP MediaSmart Video (Version: 4.0.3722) HP MediaSmart Webcam (Version: 4.0.2511) HP MediaSmart/TouchSmart Netflix (Version: 1.0.9.0) HP Quick Launch (Version: 2.7.2) HP QuickWeb Installer (Version: 1.2.9.1) HP Setup (Version: 1.2.3988.3281) HP SimplePass Identity Protection (Version: 5.20.205) HP Software Framework (Version: 4.5.10.1) HP Support Assistant (Version: 7.0.39.15) HP Update (Version: 5.005.000.002) HP User Guides 0177 (Version: 1.01.0000) HP Wireless Assistant (Version: 4.0.3.2) HPDiagnosticAlert (Version: 1.00.0000) IDT Audio (Version: 1.0.6292.0) Intel PROSet Wireless Intel® Management Engine Components (Version: 6.0.0.1179) Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.1.0.0096) Intel® Rapid Storage Technology (Version: 9.6.2.1001) Intel® Turbo Boost Technology Driver (Version: 01.00.01.1002) Intel® PROSet/Wireless WiFi Software (Version: 15.01.0500.0903) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Jewel Quest 3 (Version: 2.2.0.82) Jewel Quest Solitaire 2 (Version: 2.2.0.82) Junk Mail filter update (Version: 15.4.3502.0922) LabelPrint (Version: 2.5.2515) LightScribe System Software (Version: 1.18.20.1) magicJack (Version: 2.0.6073.4413) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Map CONHI Drives V14 (Version: 1.4.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Mouse and Keyboard Center (Version: 2.1.177.0) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Suite Activation Assistant (Version: 2.9) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Works (Version: 9.7.0621) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Motorola Device Manager (Version: 2.2.17) Motorola Device Software Update (Version: 1.0.30) Motorola Mobile Drivers Installation 5.6.0 (Version: 5.6.0) Movie Theme Pack for HP MediaSmart Video (Version: 4.0.3715) Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Mystery P.I. - The New York Fortune (Version: 2.2.0.82) Penguins! (Version: 2.2.0.82) PhotoNow! (Version: 1.1.6904) Plants vs. Zombies (Version: 2.2.0.82) Poker Superstars III (Version: 2.2.0.82) Polar Bowler (Version: 2.2.0.82) Polar Golfer (Version: 2.2.0.82) Power2Go (Version: 6.1.3715) PowerDirector (Version: 8.0.2514) PX Profile Update (Version: 1.00.1.) Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010) Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111) Recovery Manager (Version: 5.5.2512) Roxio CinemaNow 2.0 (Version: 1.0.254) Skype™ 6.6 (Version: 6.6.106) Startup Delayer v3.0 (build 333) (Version: 3.0 (build 333)) Synaptics Pointing Device Driver (Version: 15.3.29.0) TextTwist 2 (Version: 2.2.0.82) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Validity Sensors DDK (Version: 4.1.129.0) Virtual Families (Version: 2.2.0.82) Virtual Villagers - The Secret City (Version: 2.2.0.82) Vision Machine Tools Suite 4 Vision Pro LT7 (C:\Vision Pro LT7) (Version: 7) Webroot SecureAnywhere (Version: 8.0.2.167) Wheel of Fortune 2 (Version: 2.2.0.82) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3502.0922) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Messenger (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3502.0922) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live Sync (Version: 14.0.8089.726) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3502.0922) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows Media Encoder 9 Series Windows Media Encoder 9 Series (Version: 9.00.2980) Windows Media Player Firefox Plugin (Version: 1.0.0.8) Yahoo! Detect Zuma's Revenge (Version: 2.2.0.82) ZumoCast ========================= Devices: ================================ Name: Microsoft Virtual WiFi Miniport Adapter #2 Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport Adapter Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ========================= Memory info: =================================== Percentage of memory in use: 44% Total physical RAM: 3893.86 MB Available physical RAM: 2149.98 MB Total Pagefile: 7785.9 MB Available Pagefile: 5837.79 MB Total Virtual: 4095.88 MB Available Virtual: 3958.74 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:442.69 GB) (Free:346.72 GB) NTFS 2 Drive d: (RECOVERY) (Fixed) (Total:22.78 GB) (Free:3.31 GB) NTFS 3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT ========================= Users: ======================================== User accounts for \\T8RSALAD-PC Administrator Guest T8r Salad ========================= Minidump Files ================================== No minidump file found **** End of log ****

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2013 Ran by T8r Salad at 2013-08-10 15:06:03 Run:2 Running from C:\Users\T8r Salad\Desktop Boot Mode: Normal ============================================== HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f7388f8-2673-11e2-adf9-60eb691eacf5} => Key not found. HKCR\CLSID\{1f7388f8-2673-11e2-adf9-60eb691eacf5} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71871200-cab8-11e1-b3c0-a8e8b222045a} => Key not found. HKCR\CLSID\{71871200-cab8-11e1-b3c0-a8e8b222045a} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7562b0d7-938e-11e0-bc6d-a4606b09fe4c} => Key not found. HKCR\CLSID\{7562b0d7-938e-11e0-bc6d-a4606b09fe4c} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a53ad97d-397e-11e2-9a04-0026c784a85e} => Key not found. HKCR\CLSID\{a53ad97d-397e-11e2-9a04-0026c784a85e} => Key not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C6E1B9-707A-442E-9AB3-71E285D6370F} => Key not found. HKCR\CLSID\{C0C6E1B9-707A-442E-9AB3-71E285D6370F} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4} => Key not found. HKCR\Wow6432Node\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4} => Key not found. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2 => Key not found. C:\Windows\SysWOW64\npDeployJava1.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key not found. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found. C:\Windows\SysWOW64\npDeployJava1.dll not found. ==== End of Fixlog ====

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.10.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 T8r Salad :: T8RSALAD-PC [administrator] 8/10/2013 2:49:46 PM mbam-log-2013-08-10 (14-49-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229484 Time elapsed: 5 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

# AdwCleaner v2.306 - Logfile created 08/10/2013 at 10:29:52 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : T8r Salad - T8RSALAD-PC # Boot Mode : Normal # Running from : C:\Users\T8r Salad\Downloads\AdwCleaner (2).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} Deleted on reboot : C:\ProgramData\Browser Manager Deleted on reboot : C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433} Folder Deleted : C:\Users\T8r Salad\AppData\Local\PackageAware Folder Deleted : C:\Users\T8RSAL~1\AppData\Local\Temp\Smartbar ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v8.0 (en-US) File : C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\T8r Salad\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [3144 octets] - [09/08/2013 19:18:40] AdwCleaner[s1].txt - [1429 octets] - [10/08/2013 10:29:52] ########## EOF - C:\AdwCleaner[s1].txt - [1489 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.1 (08.10.2013:1) OS: Windows 7 Home Premium x64 Ran by T8r Salad on Sat 08/10/2013 at 9:52:58.68 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C0C6E1B9-707A-442E-9AB3-71E285D6370F} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\big fish games" Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\Users\T8r Salad\AppData\Roaming\strongvault" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\local\downloadterms" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\local\smartbar" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\locallow\ilividtoolbarguid" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\locallow\smartbar" Successfully deleted: [Folder] "C:\Program Files (x86)\delta" Successfully deleted: [Folder] "C:\Program Files (x86)\search results toolbar" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml" Successfully deleted: [File] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\searchplugins\delta.xml Successfully deleted: [File] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\searchplugins\search_results.xml Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net" Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\ilividtoolbarguid Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\ffxtlbr@babylon.com Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\cxfnl@nxazbwxrbgsgfqqp.net Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\staged Failed to delete: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\{3EC9C995-8072-4FC0-953E-4F30620D17F3} Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\{F34C9277-6577-4DFF-B2D7-7D58092F272F} Successfully deleted the following from C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\prefs.js # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the appl Emptied folder: C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 08/10/2013 at 9:59:46.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.1 (08.10.2013:1) OS: Windows 7 Home Premium x64 Ran by T8r Salad on Sat 08/10/2013 at 9:52:58.68 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C0C6E1B9-707A-442E-9AB3-71E285D6370F} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\big fish games" Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\Users\T8r Salad\AppData\Roaming\strongvault" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\local\downloadterms" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\local\smartbar" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\locallow\ilividtoolbarguid" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\locallow\smartbar" Successfully deleted: [Folder] "C:\Program Files (x86)\delta" Successfully deleted: [Folder] "C:\Program Files (x86)\search results toolbar" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml" Successfully deleted: [File] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\searchplugins\delta.xml Successfully deleted: [File] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\searchplugins\search_results.xml Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net" Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\ilividtoolbarguid Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\ffxtlbr@babylon.com Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\cxfnl@nxazbwxrbgsgfqqp.net Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\staged Failed to delete: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\{3EC9C995-8072-4FC0-953E-4F30620D17F3} Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\{F34C9277-6577-4DFF-B2D7-7D58092F272F} Successfully deleted the following from C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\prefs.js # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the appl Emptied folder: C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 08/10/2013 at 9:59:46.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.306 - Logfile created 08/10/2013 at 10:29:52 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : T8r Salad - T8RSALAD-PC # Boot Mode : Normal # Running from : C:\Users\T8r Salad\Downloads\AdwCleaner (2).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} Deleted on reboot : C:\ProgramData\Browser Manager Deleted on reboot : C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433} Folder Deleted : C:\Users\T8r Salad\AppData\Local\PackageAware Folder Deleted : C:\Users\T8RSAL~1\AppData\Local\Temp\Smartbar ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v8.0 (en-US) File : C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\T8r Salad\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [3144 octets] - [09/08/2013 19:18:40] AdwCleaner[s1].txt - [1429 octets] - [10/08/2013 10:29:52] ########## EOF - C:\AdwCleaner[s1].txt - [1489 octets] ##########

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2013 Ran by T8r Salad at 2013-08-10 12:08:09 Running from C:\Users\T8r Salad\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acrobat.com (x32 Version: 1.6.65) Adobe Acrobat 6.0 Professional (x32 Version: 006.000.000) Adobe AIR (x32 Version: 1.5.0.7220) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Illustrator 10.0.3 (x32 Version: 10.0.3) Adobe Photoshop CS (x32 Version: CS) Adobe Reader X (10.1.7) (x32 Version: 10.1.7) Adobe Shockwave Player (x32 Version: 11.5.1.601) Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.615) Adobe SVG Viewer 3.0 (x32 Version: 3.0) Akamai NetSession Interface (HKCU) Apple Application Support (x32 Version: 2.3.4) Apple Software Update (x32 Version: 2.1.3.127) ATI Catalyst Install Manager (Version: 3.0.758.0) Bejeweled 2 Deluxe (x32 Version: 2.2.0.82) Blackhawk Striker 2 (x32 Version: 2.2.0.82) Blasterball 3 (x32 Version: 2.2.0.82) Build-a-lot 2 (x32 Version: 2.2.0.82) Cake Mania (x32 Version: 2.2.0.82) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002) Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002) Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0122.858.16002) Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002) Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002) Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002) CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002) CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002) CCC Help Czech (x32 Version: 2010.0122.0857.16002) CCC Help Danish (x32 Version: 2010.0122.0857.16002) CCC Help Dutch (x32 Version: 2010.0122.0857.16002) CCC Help English (x32 Version: 2010.0122.0857.16002) CCC Help Finnish (x32 Version: 2010.0122.0857.16002) CCC Help French (x32 Version: 2010.0122.0857.16002) CCC Help German (x32 Version: 2010.0122.0857.16002) CCC Help Greek (x32 Version: 2010.0122.0857.16002) CCC Help Hungarian (x32 Version: 2010.0122.0857.16002) CCC Help Italian (x32 Version: 2010.0122.0857.16002) CCC Help Japanese (x32 Version: 2010.0122.0857.16002) CCC Help Korean (x32 Version: 2010.0122.0857.16002) CCC Help Norwegian (x32 Version: 2010.0122.0857.16002) CCC Help Polish (x32 Version: 2010.0122.0857.16002) CCC Help Portuguese (x32 Version: 2010.0122.0857.16002) CCC Help Russian (x32 Version: 2010.0122.0857.16002) CCC Help Spanish (x32 Version: 2010.0122.0857.16002) CCC Help Swedish (x32 Version: 2010.0122.0857.16002) CCC Help Thai (x32 Version: 2010.0122.0857.16002) CCC Help Turkish (x32 Version: 2010.0122.0857.16002) ccc-core-static (x32 Version: 2010.0122.858.16002) ccc-utility64 (Version: 2010.0122.858.16002) Chuzzle Deluxe (x32 Version: 2.2.0.82) CinemaNow Media Manager (x32 Version: 1.9.1.102) Cisco AnyConnect VPN Client (x32 Version: 2.4.0202) Cisco Connect (x32 Version: 1.4.11299.0) Cisco WebEx Meetings (x32) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000) CyberLink DVD Suite (x32 Version: 7.0.2527) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82) DIRECTV Player (x32 Version: 8.0) Dora's Carnival Adventure (x32 Version: 2.2.0.82) Dropbox (HKCU Version: 2.0.22) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715) eaner (Version: 4.03) ERUNT 1.1j (x32) Escape Rosecliff Island (x32 Version: 2.2.0.82) ESET Online Scanner v3 (x32) ESU for Microsoft Windows 7 (x32 Version: 1.0.0) Faerie Solitaire (x32 Version: 2.2.0.82) Fairy Tale Mysteries - The Puppet Thief (x32) FATE (x32 Version: 2.2.0.82) ffdshow [rev 2527] [2008-12-19] (x32 Version: 1.0) Foxit Reader (x32 Version: 6.0.6.722) Garmin Communicator Plugin (x32 Version: 4.0.3) Garmin Communicator Plugin x64 (Version: 4.0.3) Google Chrome (HKCU Version: 28.0.1500.95) Google Drive (x32 Version: 1.11.4865.2530) Google Earth Plug-in (x32 Version: 7.1.1.1888) Google Talk (remove only) (HKCU) Google Talk Plugin (x32 Version: 4.4.2.14502) Google Update Helper (x32 Version: 1.3.21.153) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) HP 3D DriveGuard (Version: 4.1.16.1) HP Advisor (x32 Version: 3.4.10144.3282) HP Customer Experience Enhancements (x32 Version: 6.0.1.7) HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0) HP Deskjet 1000 J110 series Help (x32 Version: 140.0.65.65) HP Games (x32 Version: 1.0.0.80) HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0) HP MediaSmart DVD (x32 Version: 4.0.3727) HP MediaSmart Internet TV (x32 Version: 3.2.2513) HP MediaSmart Movies and TV (Version: 1.0.0.10) HP MediaSmart Music (x32 Version: 4.0.3722) HP MediaSmart Photo (x32 Version: 4.0.3722) HP MediaSmart SmartMenu (Version: 3.1.1.12) HP MediaSmart Video (x32 Version: 4.0.3722) HP MediaSmart Webcam (x32 Version: 4.0.2511) HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.9.0) HP Quick Launch (x32 Version: 2.7.2) HP QuickWeb Installer (x32 Version: 1.2.9.1) HP Setup (x32 Version: 1.2.3988.3281) HP SimplePass Identity Protection (Version: 5.20.205) HP Software Framework (x32 Version: 4.5.10.1) HP Support Assistant (x32 Version: 7.0.39.15) HP Update (x32 Version: 5.005.000.002) HP User Guides 0177 (x32 Version: 1.01.0000) HP Wireless Assistant (Version: 4.0.3.2) HPDiagnosticAlert (x32 Version: 1.00.0000) IDT Audio (x32 Version: 1.0.6292.0) Intel PROSet Wireless Intel® Management Engine Components (x32 Version: 6.0.0.1179) Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.1.0.0096) Intel® Rapid Storage Technology (x32 Version: 9.6.2.1001) Intel® Turbo Boost Technology Driver (x32 Version: 01.00.01.1002) Intel® PROSet/Wireless WiFi Software (Version: 15.01.0500.0903) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Jewel Quest 3 (x32 Version: 2.2.0.82) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82) Junk Mail filter update (x32 Version: 15.4.3502.0922) LabelPrint (x32 Version: 2.5.2515) LightScribe System Software (x32 Version: 1.18.20.1) magicJack (HKCU Version: 2.0.6073.4413) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Map CONHI Drives V14 (x32 Version: 1.4.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Mouse and Keyboard Center (Version: 2.1.177.0) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Works (x32 Version: 9.7.0621) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Motorola Device Manager (x32 Version: 2.2.17) Motorola Device Software Update (x32 Version: 1.0.30) Motorola Mobile Drivers Installation 5.6.0 (Version: 5.6.0) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715) Mozilla Firefox 8.0 (x86 en-US) (x32 Version: 8.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82) Penguins! (x32 Version: 2.2.0.82) PhotoNow! (x32 Version: 1.1.6904) Plants vs. Zombies (x32 Version: 2.2.0.82) Poker Superstars III (x32 Version: 2.2.0.82) Polar Bowler (x32 Version: 2.2.0.82) Polar Golfer (x32 Version: 2.2.0.82) Power2Go (x32 Version: 6.1.3715) PowerDirector (x32 Version: 8.0.2514) PX Profile Update (x32 Version: 1.00.1.) Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111) Recovery Manager (x32 Version: 5.5.2512) Roxio CinemaNow 2.0 (x32 Version: 1.0.254) Skype™ 6.6 (x32 Version: 6.6.106) Startup Delayer v3.0 (build 333) (x32 Version: 3.0 (build 333)) Synaptics Pointing Device Driver (Version: 15.3.29.0) TextTwist 2 (x32 Version: 2.2.0.82) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553092) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Validity Sensors DDK (Version: 4.1.129.0) Virtual Families (x32 Version: 2.2.0.82) Virtual Villagers - The Secret City (x32 Version: 2.2.0.82) Vision Machine Tools Suite 4 (x32) Vision Pro LT7 (C:\Vision Pro LT7) (x32 Version: 7) Webroot SecureAnywhere (x32 Version: 8.0.2.167) Wheel of Fortune 2 (x32 Version: 2.2.0.82) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3502.0922) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3502.0922) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Media Encoder 9 Series (x32 Version: 9.00.2980) Windows Media Encoder 9 Series (x32) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) Yahoo! Detect (x32) Zuma's Revenge (x32 Version: 2.2.0.82) ZumoCast (x32) ==================== Restore Points ========================= 16-07-2013 11:55:09 Windows Update 19-07-2013 13:51:16 Windows Update 22-07-2013 19:54:02 Windows Update 22-07-2013 19:59:49 Windows Update 26-07-2013 19:02:53 Windows Update 30-07-2013 11:50:28 Windows Update 06-08-2013 14:42:53 Windows Update ==================== Hosts content: ========================== 2009-07-13 19:34 - 2011-10-30 08:37 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0BDD6850-B254-479A-9441-2F6C730A007E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {12B33554-B9F9-4952-991B-AE0CE04E3B46} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {1CD3F08B-764D-4223-B5E8-B979C3E12DD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {21E38367-02A4-4233-AC64-191F639E8D76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {2E7F4D53-A841-4AC7-953E-B48C68497E81} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {32774068-3385-4DF4-9104-1A294B5EAE62} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe No File Task: {3ABF4D36-0F1F-4207-96A1-8BDF96954E04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-01] (Google Inc.) Task: {4D815BB3-5D7E-4889-BD62-8AC439A2F200} - System32\Tasks\{304EEF1E-A6EF-4AD8-BE4E-480D96A64920} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.) Task: {4E7B4664-7B23-459B-8831-C88FE292D146} - System32\Tasks\HPCeeScheduleForT8RSALAD-PC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {5A0F58A7-9C2F-436F-B888-C06FC0E77C80} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001UA => C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12] (Google Inc.) Task: {62AD6AAA-89DA-4B12-A138-D98DD3127424} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {63894C29-3D03-4240-A14C-4D051EE825B0} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] () Task: {66506090-E3FE-40E2-BD77-14A6DF23CC63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company) Task: {799AF727-3B22-42C7-B6A8-60978DADC462} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001Core => C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12] (Google Inc.) Task: {7CB558A6-DB29-4F9B-9CE3-236A78C282FF} - System32\Tasks\HPCeeScheduleForT8r Salad => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {8616A2F5-343C-484C-83BA-4DD4CD2140A5} - System32\Tasks\{9F887320-24FD-4F24-A5AA-0435B7279B3E} => C:\Program Files (x86)\Zecter\ZumoCast\zumolauncher.exe [2011-10-18] () Task: {8D0956DF-D870-47D1-8A92-CD07A9CBBAD4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {92C49C4C-380D-47D0-91DF-9532EFDDC8A4} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe No File Task: {951C4F48-8D88-4B33-8172-FF532A4E8917} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-29] (Hewlett-Packard) Task: {B359341F-7CD8-4216-B35F-CFBD63ADE053} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-01] (Google Inc.) Task: {B44D1098-4C35-4664-A720-98326954EB14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {BE83CC89-3A45-4D5D-80D0-ACDEE30D6479} - System32\Tasks\{92CC979A-87A6-4B2C-8601-F7D521373110} => C:\Program Files (x86)\Zecter\ZumoCast\zumolauncher.exe [2011-10-18] () Task: {C1A56535-806A-429C-AF15-7925A3090C89} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {C2425DBB-4C23-4D52-906B-78615F30F4FD} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation) Task: {D0AACBED-ED31-4093-9943-0B047C83024F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated) Task: {E0205F84-82AB-477E-BBF7-7DCDA4072AB8} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] () Task: {E2F1A708-9BDB-4F1A-9DCE-82BD6A00559E} - System32\Tasks\{E3082EE9-D424-44CA-872F-0779BC1B5264} => c:\users\t8r salad\appdata\local\google\chrome\application\chrome.exe [2013-07-24] (Google Inc.) Task: {FCE03AD5-1112-4A4F-AFFE-59CF74FB9812} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft) Task: {FE084DCA-4E9E-4A21-82C2-37497BBC42D8} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001Core.job => C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001UA.job => C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForT8r Salad.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForT8RSALAD-PC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft Virtual WiFi Miniport Adapter #2 Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport Adapter Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/10/2013 10:40:19 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/10/2013 10:13:00 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. System errors: ============= Microsoft Office Sessions: ========================= Error: (08/10/2013 10:40:19 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\T8r Salad\Downloads\esetsmartinstaller_enu.exe Error: (08/10/2013 10:13:00 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 CodeIntegrity Errors: =================================== Date: 2013-07-29 16:09:43.210 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-29 16:09:43.054 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-24 12:05:51.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-24 12:05:51.590 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-30 15:00:21.158 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-30 15:00:21.002 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-19 09:25:25.317 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-19 09:25:25.177 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-18 10:36:30.512 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-18 10:36:30.356 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Vision Pro LT7\CADlink.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 3893.86 MB Available physical RAM: 1938.16 MB Total Pagefile: 7785.9 MB Available Pagefile: 5774.34 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:442.69 GB) (Free:346.64 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:22.78 GB) (Free:3.31 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 41EA23B6) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=23 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0E) ==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013 Ran by T8r Salad (administrator) on 10-08-2013 12:06:31 Running from C:\Users\T8r Salad\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Webroot) C:\Program Files\Webroot\WRSA.exe (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AMD) C:\Windows\system32\atieclxx.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe (Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (SafeNet Inc.) C:\Windows\system32\hasplms.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Acresso Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (NDS Technologies) C:\Users\T8r Salad\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe () C:\Users\T8r Salad\AppData\Local\DIRECTV Player\NDSPCShowServer.exe (Akamai Technologies, Inc.) C:\Users\T8r Salad\AppData\Local\Akamai\netsession_win.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Google Inc.) C:\Users\T8r Salad\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.) C:\Users\T8r Salad\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (Akamai Technologies, Inc.) C:\Users\T8r Salad\AppData\Local\Akamai\netsession_win.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe (Google Inc.) C:\Users\T8r Salad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\T8r Salad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\T8r Salad\AppData\Local\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] () HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-12-16] (Hewlett-Packard) HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-11-16] (IDT, Inc.) HKLM\...\Run: [startupDelayer] - C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1080832 2013-06-01] (r2 Studios) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, HKCU\...\Run: [Google Update] - C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-12] (Google Inc.) HKCU\...\Run: [googletalk] - C:\Users\T8r Salad\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKCU\...\Run: [iSUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [210208 2008-10-20] (Acresso Corporation) HKCU\...\Run: [cdloader] - C:\Users\T8r Salad\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) HKCU\...\Run: [PCShowServer] - C:\Users\T8r Salad\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [525240 2012-10-15] (NDS Technologies) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\T8r Salad\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google) MountPoints2: G - G:\setup.exe -a MountPoints2: {1f7388f8-2673-11e2-adf9-60eb691eacf5} - H:\setup.exe -a MountPoints2: {71871200-cab8-11e1-b3c0-a8e8b222045a} - G:\setup.exe -a MountPoints2: {7562b0d7-938e-11e0-bc6d-a4606b09fe4c} - G:\TL_Bootstrap.exe MountPoints2: {a53ad97d-397e-11e2-9a04-0026c784a85e} - G:\setup.exe -a HKLM-x32\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [749112 2013-08-02] (Webroot) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] () Lsa: [Notification Packages] DPPassFilter scecli ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {C0C6E1B9-707A-442E-9AB3-71E285D6370F} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 FireFox: ======== FF ProfilePath: C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\T8r Salad\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\T8r Salad\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\T8r Salad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\T8r Salad\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\T8r Salad\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\T8r Salad\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\T8r Salad\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\T8r Salad\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\bingober28785585.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml FF Extension: No Name - C:\Users\T8r Salad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: No Name - C:\Users\T8r Salad\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF Extension: Oberon GamesBar - C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default\Extensions\gamesbar@oberon-media.com FF Extension: Garmin Communicator - C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: No Name - C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default\Extensions\{787e8757-f4d4-4ffc-be04-c267bf82d846} FF Extension: No Name - C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\T8r Salad\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\T8r Salad\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\T8r Salad\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\T8r Salad\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC) CHR Plugin: (Google Talk Plugin) - C:\Users\T8r Salad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\T8r Salad\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\T8r Salad\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (PCShow Player Plugin) - C:\Users\T8r Salad\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Extension: () - C:\Users\T8RSAL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR StartMenuInternet: Google Chrome - C:\Users\T8r Salad\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2012-11-28] (Fork Ltd.) R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] () R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [749112 2013-08-02] (Webroot) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S3 CADlink; C:\Vision Pro LT7\CADlink.sys [11264 2008-04-08] (CADlink Technology) S3 CADlink; C:\Vision Pro LT7\CADlink.sys [11264 2008-04-08] (CADlink Technology) R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-02-20] (Intel Corporation) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114184 2013-08-02] (Webroot) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-01-27] (CyberLink Corp.) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-01-27] (CyberLink Corp.) S3 Andbus; system32\DRIVERS\lgandbus64.sys [x] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x] S3 AndGps; system32\DRIVERS\lgandgps64.sys [x] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x] S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [x] S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [x] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [x] S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [x] S3 usbbus; system32\DRIVERS\lgx64bus.sys [x] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x] S3 USBModem; system32\DRIVERS\lgx64modem.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-10 12:05 - 2013-08-10 12:05 - 01790633 _____ (Farbar) C:\Users\T8r Salad\Downloads\FRST64.exe 2013-08-10 12:04 - 2013-08-10 12:04 - 00000094 _____ C:\Users\T8r Salad\Desktop\ESET.txt 2013-08-10 10:40 - 2013-08-10 10:40 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-10 10:39 - 2013-08-10 10:39 - 02347384 _____ (ESET) C:\Users\T8r Salad\Downloads\esetsmartinstaller_enu.exe 2013-08-10 10:34 - 2013-08-10 10:34 - 00001558 _____ C:\Users\T8r Salad\Desktop\AdwCleaner[s1].txt 2013-08-10 10:34 - 2013-08-10 10:34 - 00001448 _____ C:\AdwCleaner[s2].txt 2013-08-10 10:34 - 2013-08-10 10:34 - 00001373 _____ C:\Users\T8r Salad\Desktop\AdwCleaner[R2].txt 2013-08-10 10:33 - 2013-08-10 10:33 - 00001373 _____ C:\AdwCleaner[R2].txt 2013-08-10 10:29 - 2013-08-10 10:30 - 00001558 _____ C:\AdwCleaner[s1].txt 2013-08-10 10:28 - 2013-08-10 10:28 - 00666633 _____ C:\Users\T8r Salad\Downloads\AdwCleaner (2).exe 2013-08-10 09:59 - 2013-08-10 09:59 - 00004768 _____ C:\Users\T8r Salad\Desktop\JRT.txt 2013-08-10 09:52 - 2013-08-10 09:52 - 00000000 ____D C:\Windows\ERUNT 2013-08-10 09:51 - 2013-08-10 09:51 - 00958418 _____ (Oleg N. Scherbakov) C:\Users\T8r Salad\Downloads\JRT.exe 2013-08-10 09:51 - 2013-08-10 09:51 - 00958418 _____ (Oleg N. Scherbakov) C:\Users\T8r Salad\Downloads\JRT (1).exe 2013-08-10 08:37 - 2013-08-10 09:46 - 00000000 ____D C:\Users\T8r Salad\Desktop\mbar 2013-08-10 08:37 - 2013-08-10 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-10 08:36 - 2013-08-10 08:36 - 12081912 _____ (Malwarebytes Corp.) C:\Users\T8r Salad\Downloads\mbar-1.06.1.1005.exe 2013-08-10 08:31 - 2013-08-10 08:31 - 00003583 _____ C:\Users\T8r Salad\Desktop\RKreport[0]_S_08102013_083127.txt 2013-08-10 08:28 - 2013-08-10 08:28 - 03800064 _____ C:\Users\T8r Salad\Downloads\RogueKillerX64 (2).exe 2013-08-10 08:28 - 2013-08-10 08:28 - 00000000 ____D C:\Windows\ERDNT 2013-08-10 08:26 - 2013-08-10 08:27 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-08-10 08:26 - 2013-08-10 08:26 - 00000888 _____ C:\Users\T8r Salad\Desktop\NTREGOPT.lnk 2013-08-10 08:26 - 2013-08-10 08:26 - 00000869 _____ C:\Users\T8r Salad\Desktop\ERUNT.lnk 2013-08-10 08:25 - 2013-08-10 08:25 - 00791393 _____ (Lars Hederer ) C:\Users\T8r Salad\Downloads\erunt-setup.exe 2013-08-09 19:51 - 2013-08-09 19:51 - 00666633 _____ C:\Users\T8r Salad\Downloads\adwcleaner (1).exe 2013-08-09 19:18 - 2013-08-09 19:18 - 00003144 _____ C:\AdwCleaner[R1].txt 2013-08-09 19:13 - 2013-08-09 19:14 - 00666633 _____ C:\Users\T8r Salad\Downloads\adwcleaner.exe 2013-08-09 18:59 - 2013-08-09 18:59 - 00000000 ____D C:\Users\T8r Salad\Desktop\Malware 8-09-2013 2013-08-09 18:52 - 2013-08-09 18:53 - 03800064 _____ C:\Users\T8r Salad\Downloads\RogueKillerX64 (1).exe 2013-08-09 17:11 - 2013-08-10 08:29 - 00000000 ____D C:\Users\T8r Salad\Desktop\RK_Quarantine 2013-08-09 17:09 - 2013-08-09 17:10 - 03800064 _____ C:\Users\T8r Salad\Downloads\RogueKillerX64.exe 2013-08-09 16:19 - 2013-08-09 16:19 - 00688992 ____R (Swearware) C:\Users\T8r Salad\Downloads\dds.com 2013-08-08 16:54 - 2013-08-08 16:54 - 00001495 _____ C:\Users\T8r Salad\Downloads\webinar.ics 2013-08-07 13:53 - 2013-08-07 13:53 - 00000000 ____D C:\Users\T8r Salad\Desktop\Zacks Reports 2013-08-06 16:07 - 2013-08-06 16:07 - 00002014 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2013-08-06 16:07 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\SysWOW64\gcapi_dll.dll 2013-08-04 14:03 - 2013-08-06 09:50 - 00000000 ____D C:\Users\T8r Salad\Desktop\Costco 8-5-2013 2013-08-03 20:58 - 2013-08-03 20:58 - 00013105 _____ C:\Users\T8r Salad\Desktop\Windows Defender.lnk 2013-08-01 09:13 - 2013-08-01 09:13 - 00000334 _____ C:\Users\T8r Salad\Downloads\UltimateWebinar.ics 2013-07-30 10:50 - 2013-07-30 10:50 - 00000000 ____D C:\Users\T8r Salad\AppData\Roaming\Oracle 2013-07-24 21:15 - 2013-07-24 21:15 - 00000000 ____D C:\Users\T8RSAL~1\AppData\Local\DIRECTV Player 2013-07-24 21:13 - 2013-07-24 21:14 - 13024568 _____ (DIRECTV) C:\Users\T8r Salad\Downloads\DIRECTV_Player_8.0.exe 2013-07-22 12:54 - 2013-07-22 12:58 - 00000000 ____D C:\Windows\system32\MRT 2013-07-21 14:55 - 2013-07-21 14:55 - 00005079 _____ C:\Users\T8r Salad\Downloads\thankyouforyouremail.zip 2013-07-19 20:26 - 2013-07-19 20:27 - 00000000 ____D C:\Users\T8r Salad\Desktop\Cindy 2013-07-19 20:26 - 2013-07-19 20:26 - 00000000 ____D C:\Users\T8r Salad\Desktop\CMI 2013-07-18 14:47 - 2013-07-18 14:47 - 00014228 _____ C:\Users\T8r Salad\Downloads\PAUL RHODES EVENT AUGUST 29, 2013.xlsx 2013-07-18 06:25 - 2013-07-18 06:25 - 00000000 ____D C:\ProgramData\r2 Studios 2013-07-18 06:25 - 2013-07-18 06:25 - 00000000 ____D C:\Program Files\r2 Studios 2013-07-16 15:03 - 2013-07-16 16:04 - 00000000 __SHD C:\Users\T8r Salad\Documents\cache 2013-07-16 14:59 - 2013-07-16 16:04 - 00000000 ____D C:\Users\T8r Salad\AppData\Roaming\webex 2013-07-16 14:58 - 2013-07-16 15:03 - 00000000 ____D C:\ProgramData\WebEx 2013-07-16 14:09 - 2013-07-16 14:09 - 00000000 ____D C:\ProgramData\LightScribe 2013-07-16 12:37 - 2013-07-16 12:37 - 00003086 _____ C:\Windows\System32\Tasks\{3F64657A-A4DD-44CE-931F-484F450A0772} 2013-07-16 06:01 - 2013-07-18 14:30 - 00000000 ____D C:\Users\T8r Salad\Desktop\Omega 2013-07-16 06:01 - 2013-07-18 09:43 - 00000000 ____D C:\Users\T8r Salad\Desktop\Oregon 2013 2013-07-11 19:22 - 2013-07-16 06:02 - 00000000 ____D C:\Users\T8r Salad\Desktop\Scarface script 2013-07-11 14:49 - 2013-06-11 16:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-11 14:49 - 2013-06-11 16:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-11 14:49 - 2013-06-11 16:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-11 14:49 - 2013-06-11 16:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-11 14:49 - 2013-06-11 16:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-11 14:49 - 2013-06-11 16:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 14:49 - 2013-06-11 16:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-11 14:49 - 2013-06-11 16:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-11 14:49 - 2013-06-11 16:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-11 14:49 - 2013-06-11 16:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-11 14:49 - 2013-06-11 16:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-11 14:49 - 2013-06-11 16:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-11 14:49 - 2013-06-11 16:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-11 14:49 - 2013-06-11 16:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-11 14:49 - 2013-06-11 16:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-11 14:49 - 2013-06-11 16:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-11 14:49 - 2013-06-11 16:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-11 14:49 - 2013-06-11 16:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-11 14:49 - 2013-06-11 16:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-11 14:49 - 2013-06-11 16:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-11 14:49 - 2013-06-11 16:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-11 14:49 - 2013-06-11 16:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-11 14:49 - 2013-06-11 16:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-11 14:49 - 2013-06-11 16:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-11 14:49 - 2013-06-11 16:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-11 14:49 - 2013-06-11 16:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-11 14:49 - 2013-06-11 16:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-11 14:49 - 2013-06-11 15:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-11 14:49 - 2013-06-11 15:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-11 14:49 - 2013-06-06 20:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 14:49 - 2013-06-06 19:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 08:28 - 2013-06-04 20:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 08:28 - 2013-06-03 23:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 08:28 - 2013-06-03 21:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 08:28 - 2013-05-05 23:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 08:28 - 2013-05-05 21:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 08:27 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 08:27 - 2013-04-02 15:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2013-08-10 12:06 - 2013-08-10 12:06 - 00000000 ____D C:\FRST 2013-08-10 12:05 - 2013-08-10 12:05 - 01790633 _____ (Farbar) C:\Users\T8r Salad\Downloads\FRST64.exe 2013-08-10 12:04 - 2013-08-10 12:04 - 00000094 _____ C:\Users\T8r Salad\Desktop\ESET.txt 2013-08-10 12:03 - 2012-05-31 05:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-10 12:00 - 2011-03-15 16:03 - 04505600 ___SH C:\Users\T8r Salad\Desktop\Thumbs.db 2013-08-10 11:54 - 2012-10-01 13:11 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-10 11:36 - 2013-01-24 07:58 - 00000029 _____ C:\Windows\SysWOW64\TempWmicBatchFile.bat 2013-08-10 11:36 - 2011-04-12 20:00 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001UA.job 2013-08-10 10:43 - 2009-07-13 21:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-10 10:43 - 2009-07-13 21:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-10 10:40 - 2013-08-10 10:40 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-10 10:40 - 2010-08-19 02:44 - 01109060 _____ C:\Windows\WindowsUpdate.log 2013-08-10 10:40 - 2009-07-13 22:13 - 00730512 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-10 10:39 - 2013-08-10 10:39 - 02347384 _____ (ESET) C:\Users\T8r Salad\Downloads\esetsmartinstaller_enu.exe 2013-08-10 10:36 - 2013-01-22 08:01 - 00000000 ___RD C:\Users\T8r Salad\Google Drive 2013-08-10 10:36 - 2012-10-01 13:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-10 10:35 - 2013-05-04 10:20 - 00013272 _____ C:\Windows\setupact.log 2013-08-10 10:35 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-10 10:34 - 2013-08-10 10:34 - 00001558 _____ C:\Users\T8r Salad\Desktop\AdwCleaner[s1].txt 2013-08-10 10:34 - 2013-08-10 10:34 - 00001448 _____ C:\AdwCleaner[s2].txt 2013-08-10 10:34 - 2013-08-10 10:34 - 00001373 _____ C:\Users\T8r Salad\Desktop\AdwCleaner[R2].txt 2013-08-10 10:33 - 2013-08-10 10:33 - 00001373 _____ C:\AdwCleaner[R2].txt 2013-08-10 10:30 - 2013-08-10 10:29 - 00001558 _____ C:\AdwCleaner[s1].txt 2013-08-10 10:28 - 2013-08-10 10:28 - 00666633 _____ C:\Users\T8r Salad\Downloads\AdwCleaner (2).exe 2013-08-10 10:27 - 2011-10-24 10:38 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-08-10 10:27 - 2010-11-01 17:47 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-08-10 09:59 - 2013-08-10 09:59 - 00004768 _____ C:\Users\T8r Salad\Desktop\JRT.txt 2013-08-10 09:52 - 2013-08-10 09:52 - 00000000 ____D C:\Windows\ERUNT 2013-08-10 09:51 - 2013-08-10 09:51 - 00958418 _____ (Oleg N. Scherbakov) C:\Users\T8r Salad\Downloads\JRT.exe 2013-08-10 09:51 - 2013-08-10 09:51 - 00958418 _____ (Oleg N. Scherbakov) C:\Users\T8r Salad\Downloads\JRT (1).exe 2013-08-10 09:46 - 2013-08-10 08:37 - 00000000 ____D C:\Users\T8r Salad\Desktop\mbar 2013-08-10 09:46 - 2013-08-10 08:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-10 09:12 - 2011-11-03 10:41 - 00000000 ____D C:\ProgramData\WRData 2013-08-10 08:36 - 2013-08-10 08:36 - 12081912 _____ (Malwarebytes Corp.) C:\Users\T8r Salad\Downloads\mbar-1.06.1.1005.exe 2013-08-10 08:31 - 2013-08-10 08:31 - 00003583 _____ C:\Users\T8r Salad\Desktop\RKreport[0]_S_08102013_083127.txt 2013-08-10 08:29 - 2013-08-09 17:11 - 00000000 ____D C:\Users\T8r Salad\Desktop\RK_Quarantine 2013-08-10 08:28 - 2013-08-10 08:28 - 03800064 _____ C:\Users\T8r Salad\Downloads\RogueKillerX64 (2).exe 2013-08-10 08:28 - 2013-08-10 08:28 - 00000000 ____D C:\Windows\ERDNT 2013-08-10 08:27 - 2013-08-10 08:26 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-08-10 08:26 - 2013-08-10 08:26 - 00000888 _____ C:\Users\T8r Salad\Desktop\NTREGOPT.lnk 2013-08-10 08:26 - 2013-08-10 08:26 - 00000869 _____ C:\Users\T8r Salad\Desktop\ERUNT.lnk 2013-08-10 08:25 - 2013-08-10 08:25 - 00791393 _____ (Lars Hederer ) C:\Users\T8r Salad\Downloads\erunt-setup.exe 2013-08-09 19:51 - 2013-08-09 19:51 - 00666633 _____ C:\Users\T8r Salad\Downloads\adwcleaner (1).exe 2013-08-09 19:18 - 2013-08-09 19:18 - 00003144 _____ C:\AdwCleaner[R1].txt 2013-08-09 19:14 - 2013-08-09 19:13 - 00666633 _____ C:\Users\T8r Salad\Downloads\adwcleaner.exe 2013-08-09 18:59 - 2013-08-09 18:59 - 00000000 ____D C:\Users\T8r Salad\Desktop\Malware 8-09-2013 2013-08-09 18:53 - 2013-08-09 18:52 - 03800064 _____ C:\Users\T8r Salad\Downloads\RogueKillerX64 (1).exe 2013-08-09 17:36 - 2011-04-12 20:00 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001Core.job 2013-08-09 17:10 - 2013-08-09 17:09 - 03800064 _____ C:\Users\T8r Salad\Downloads\RogueKillerX64.exe 2013-08-09 16:19 - 2013-08-09 16:19 - 00688992 ____R (Swearware) C:\Users\T8r Salad\Downloads\dds.com 2013-08-08 17:06 - 2011-01-20 10:35 - 00000000 ____D C:\Users\T8r Salad\Documents\Outlook Files 2013-08-08 16:54 - 2013-08-08 16:54 - 00001495 _____ C:\Users\T8r Salad\Downloads\webinar.ics 2013-08-07 13:53 - 2013-08-07 13:53 - 00000000 ____D C:\Users\T8r Salad\Desktop\Zacks Reports 2013-08-07 06:41 - 2010-11-03 07:24 - 00000000 ____D C:\Users\T8r Salad\AppData\Roaming\Skype 2013-08-06 16:53 - 2012-02-28 16:19 - 00000000 ____D C:\Program Files (x86)\QBrew 2013-08-06 16:07 - 2013-08-06 16:07 - 00002014 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2013-08-06 15:23 - 2012-02-26 14:02 - 00000000 ____D C:\Users\T8r Salad\Desktop\Beer 2013-08-06 13:08 - 2010-11-01 19:05 - 00000000 ____D C:\Vision Pro LT7 2013-08-06 09:50 - 2013-08-04 14:03 - 00000000 ____D C:\Users\T8r Salad\Desktop\Costco 8-5-2013 2013-08-05 17:38 - 2010-11-01 17:45 - 00000000 ____D C:\Users\T8r Salad\AppData\Roaming\Mozilla 2013-08-05 09:21 - 2010-11-01 17:40 - 00000000 ____D C:\Users\T8r Salad\AppData\Roaming\Adobe 2013-08-05 09:21 - 2010-02-27 20:01 - 00000000 ____D C:\ProgramData\Adobe 2013-08-04 14:15 - 2011-08-10 11:05 - 00000000 ____D C:\Users\T8r Salad\Desktop\aRon 2013-08-03 20:58 - 2013-08-03 20:58 - 00013105 _____ C:\Users\T8r Salad\Desktop\Windows Defender.lnk 2013-08-02 00:50 - 2011-11-03 10:41 - 00151728 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2013-08-02 00:50 - 2011-11-03 10:41 - 00114184 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys 2013-08-02 00:50 - 2011-11-03 10:41 - 00104360 _____ (Webroot) C:\Windows\system32\WRusr.dll 2013-08-01 09:13 - 2013-08-01 09:13 - 00000334 _____ C:\Users\T8r Salad\Downloads\UltimateWebinar.ics 2013-07-31 05:55 - 2012-10-01 13:11 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-30 14:38 - 2012-01-07 14:11 - 00002391 _____ C:\Users\T8r Salad\Desktop\Google Chrome.lnk 2013-07-30 10:50 - 2013-07-30 10:50 - 00000000 ____D C:\Users\T8r Salad\AppData\Roaming\Oracle 2013-07-29 18:30 - 2013-03-24 18:01 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-07-29 18:30 - 2010-11-03 07:24 - 00000000 ____D C:\ProgramData\Skype 2013-07-26 13:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2013-07-25 15:54 - 2013-05-04 10:20 - 00004614 _____ C:\Windows\PFRO.log 2013-07-25 13:57 - 2013-05-02 20:36 - 00000000 ____D C:\Users\T8r Salad\Desktop\Frisbee 2013-07-25 12:10 - 2013-02-13 07:57 - 00000000 ____D C:\Users\T8r Salad\Desktop\Hayley 2013-07-24 21:15 - 2013-07-24 21:15 - 00000000 ____D C:\Users\T8RSAL~1\AppData\Local\DIRECTV Player 2013-07-24 21:14 - 2013-07-24 21:13 - 13024568 _____ (DIRECTV) C:\Users\T8r Salad\Downloads\DIRECTV_Player_8.0.exe 2013-07-22 12:58 - 2013-07-22 12:54 - 00000000 ____D C:\Windows\system32\MRT 2013-07-21 14:55 - 2013-07-21 14:55 - 00005079 _____ C:\Users\T8r Salad\Downloads\thankyouforyouremail.zip 2013-07-21 08:09 - 2013-02-03 07:56 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForT8r Salad.job 2013-07-20 13:07 - 2013-02-03 07:56 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForT8r Salad 2013-07-19 20:27 - 2013-07-19 20:26 - 00000000 ____D C:\Users\T8r Salad\Desktop\Cindy 2013-07-19 20:26 - 2013-07-19 20:26 - 00000000 ____D C:\Users\T8r Salad\Desktop\CMI 2013-07-19 20:25 - 2010-09-30 10:56 - 00003720 _____ C:\Windows\System32\Tasks\Registration 2013-07-18 14:47 - 2013-07-18 14:47 - 00014228 _____ C:\Users\T8r Salad\Downloads\PAUL RHODES EVENT AUGUST 29, 2013.xlsx 2013-07-18 14:30 - 2013-07-16 06:01 - 00000000 ____D C:\Users\T8r Salad\Desktop\Omega 2013-07-18 09:43 - 2013-07-16 06:01 - 00000000 ____D C:\Users\T8r Salad\Desktop\Oregon 2013 2013-07-18 06:25 - 2013-07-18 06:25 - 00000000 ____D C:\ProgramData\r2 Studios 2013-07-18 06:25 - 2013-07-18 06:25 - 00000000 ____D C:\Program Files\r2 Studios 2013-07-17 11:52 - 2011-04-13 07:11 - 00003224 _____ C:\Windows\System32\Tasks\HPCeeScheduleForT8RSALAD-PC$ 2013-07-17 11:52 - 2011-04-13 07:11 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForT8RSALAD-PC$.job 2013-07-16 16:04 - 2013-07-16 15:03 - 00000000 __SHD C:\Users\T8r Salad\Documents\cache 2013-07-16 16:04 - 2013-07-16 14:59 - 00000000 ____D C:\Users\T8r Salad\AppData\Roaming\webex 2013-07-16 15:03 - 2013-07-16 14:58 - 00000000 ____D C:\ProgramData\WebEx 2013-07-16 14:09 - 2013-07-16 14:09 - 00000000 ____D C:\ProgramData\LightScribe 2013-07-16 12:37 - 2013-07-16 12:37 - 00003086 _____ C:\Windows\System32\Tasks\{3F64657A-A4DD-44CE-931F-484F450A0772} 2013-07-16 06:02 - 2013-07-11 19:22 - 00000000 ____D C:\Users\T8r Salad\Desktop\Scarface script 2013-07-15 15:15 - 2013-06-11 09:39 - 00014228 _____ C:\Users\T8r Salad\Desktop\PAUL RHODES EVENT AUGUST 29, 2013.xlsx 2013-07-12 21:49 - 2012-10-01 13:11 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-12 21:49 - 2012-10-01 13:11 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-12 17:31 - 2011-04-12 20:00 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001UA 2013-07-12 17:31 - 2011-04-12 20:00 - 00003510 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001Core 2013-07-11 17:39 - 2011-05-09 09:29 - 00021742 _____ C:\Users\T8r Salad\AppData\Roaming\Comma Separated Values (DOS).EML 2013-07-11 17:35 - 2011-07-06 19:38 - 00000000 ____D C:\Users\T8r Salad\AppData\Roaming\Dropbox 2013-07-11 17:34 - 2011-07-06 19:40 - 00000000 ___RD C:\Users\T8r Salad\Dropbox 2013-07-11 17:10 - 2012-05-27 15:34 - 00001032 _____ C:\Users\T8r Salad\Desktop\Dropbox.lnk 2013-07-11 17:10 - 2012-05-27 15:32 - 00000000 ____D C:\Users\T8r Salad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-07-11 16:05 - 2010-11-01 17:44 - 00000000 ____D C:\Users\T8r Salad\AppData\Roaming\HpUpdate 2013-07-11 15:05 - 2012-05-31 05:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-11 15:05 - 2012-05-31 05:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-11 15:05 - 2011-05-13 05:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-11 15:05 - 2010-11-02 08:02 - 00000000 ____D C:\Users\T8RSAL~1\AppData\Local\Adobe 2013-07-11 15:01 - 2009-07-13 21:45 - 00436424 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-11 14:59 - 2012-05-24 12:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-11 14:59 - 2012-05-24 12:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-11 14:59 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-11 14:59 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-11 14:57 - 2010-02-27 19:27 - 00000000 ____D C:\ProgramData\Microsoft Help ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-02 00:45 ==================== End Of Log ============================

C:\$Recycle.Bin\S-1-5-21-3234435069-2337432931-1277263858-1001\$RN75HDJ.exe multiple threats

# AdwCleaner v2.306 - Logfile created 08/10/2013 at 10:29:52 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : T8r Salad - T8RSALAD-PC # Boot Mode : Normal # Running from : C:\Users\T8r Salad\Downloads\AdwCleaner (2).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} Deleted on reboot : C:\ProgramData\Browser Manager Deleted on reboot : C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433} Folder Deleted : C:\Users\T8r Salad\AppData\Local\PackageAware Folder Deleted : C:\Users\T8RSAL~1\AppData\Local\Temp\Smartbar ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v8.0 (en-US) File : C:\Users\T8r Salad\AppData\Roaming\Mozilla\Firefox\Profiles\e03hvm6l.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\T8r Salad\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [3144 octets] - [09/08/2013 19:18:40] AdwCleaner[s1].txt - [1429 octets] - [10/08/2013 10:29:52] ########## EOF - C:\AdwCleaner[s1].txt - [1489 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.1 (08.10.2013:1) OS: Windows 7 Home Premium x64 Ran by T8r Salad on Sat 08/10/2013 at 9:52:58.68 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C0C6E1B9-707A-442E-9AB3-71E285D6370F} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\big fish games" Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\Users\T8r Salad\AppData\Roaming\strongvault" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\local\downloadterms" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\local\smartbar" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\locallow\ilividtoolbarguid" Successfully deleted: [Folder] "C:\Users\T8r Salad\appdata\locallow\smartbar" Successfully deleted: [Folder] "C:\Program Files (x86)\delta" Successfully deleted: [Folder] "C:\Program Files (x86)\search results toolbar" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml" Successfully deleted: [File] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\searchplugins\delta.xml Successfully deleted: [File] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\searchplugins\search_results.xml Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net" Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\ilividtoolbarguid Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\ffxtlbr@babylon.com Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\cxfnl@nxazbwxrbgsgfqqp.net Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\staged Failed to delete: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\{3EC9C995-8072-4FC0-953E-4F30620D17F3} Successfully deleted: [Folder] C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\extensions\{F34C9277-6577-4DFF-B2D7-7D58092F272F} Successfully deleted the following from C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\prefs.js # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the appl Emptied folder: C:\Users\T8r Salad\AppData\Roaming\mozilla\firefox\profiles\e03hvm6l.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 08/10/2013 at 9:59:46.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Rootkit BETA 1.06.1.1005 www.malwarebytes.org Database version: v2013.08.10.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 T8r Salad :: T8RSALAD-PC [administrator] 8/10/2013 8:38:02 AM mbar-log-2013-08-10 (08-38-02).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 271267 Time elapsed: 34 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16635 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 4083007488, free: 1995112448 Downloaded database version: v2013.08.08.01 Downloaded database version: v2013.08.08.02 Downloaded database version: v2013.08.08.03 Downloaded database version: v2013.08.08.04 Downloaded database version: v2013.08.08.05 Downloaded database version: v2013.08.08.06 Downloaded database version: v2013.08.08.07 Downloaded database version: v2013.08.09.01 Downloaded database version: v2013.08.09.02 Downloaded database version: v2013.08.09.03 Downloaded database version: v2013.08.09.04 Downloaded database version: v2013.08.09.05 Downloaded database version: v2013.08.09.06 Downloaded database version: v2013.08.09.07 Downloaded database version: v2013.08.10.01 Initializing... ------------ Kernel report ------------ 08/10/2013 08:37:58 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\drivers\WRkrn.sys \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\NETIO.SYS \SystemRoot\System32\drivers\NDIS.SYS \SystemRoot\System32\drivers\TDI.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\DRIVERS\dvmio.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\system32\DRIVERS\igdpmd64.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Netwsw00.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\Impcd.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\AMPPAL.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\aksdf.sys \SystemRoot\system32\DRIVERS\aksfridge.sys \??\C:\Windows\system32\drivers\hardlock.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\sechost.dll \Windows\System32\msctf.dll \Windows\System32\normaliz.dll \Windows\System32\setupapi.dll \Windows\System32\advapi32.dll \Windows\System32\iertutil.dll \Windows\System32\wininet.dll \Windows\System32\kernel32.dll \Windows\System32\imm32.dll \Windows\System32\gdi32.dll \Windows\System32\ole32.dll \Windows\System32\usp10.dll \Windows\System32\urlmon.dll \Windows\System32\clbcatq.dll \Windows\System32\Wldap32.dll \Windows\System32\lpk.dll \Windows\System32\psapi.dll \Windows\System32\msvcrt.dll \Windows\System32\imagehlp.dll \Windows\System32\nsi.dll \Windows\System32\comdlg32.dll \Windows\System32\shell32.dll \Windows\System32\oleaut32.dll \Windows\System32\shlwapi.dll \Windows\System32\difxapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\user32.dll \Windows\System32\ws2_32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\comctl32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007004060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800501d050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007004060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80051359d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007004060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005136b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa800501d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 41EA23B6 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 928387072 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 928796672 Numsec = 47763456 Partition 3 type is Other (0xe) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16635 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 4083007488, free: 1878630400 Downloaded database version: v2013.08.08.01 Downloaded database version: v2013.08.08.02 Downloaded database version: v2013.08.08.03 Downloaded database version: v2013.08.08.04 Downloaded database version: v2013.08.08.05 Downloaded database version: v2013.08.08.06 Downloaded database version: v2013.08.08.07 Downloaded database version: v2013.08.09.01 Downloaded database version: v2013.08.09.02 Downloaded database version: v2013.08.09.03 Downloaded database version: v2013.08.09.04 Downloaded database version: v2013.08.09.05 Downloaded database version: v2013.08.09.06 Downloaded database version: v2013.08.09.07 Downloaded database version: v2013.08.10.01 Initializing... ------------ Kernel report ------------ 08/10/2013 09:14:19 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\drivers\WRkrn.sys \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\NETIO.SYS \SystemRoot\System32\drivers\NDIS.SYS \SystemRoot\System32\drivers\TDI.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\DRIVERS\dvmio.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\system32\DRIVERS\igdpmd64.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Netwsw00.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\Impcd.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\AMPPAL.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\aksdf.sys \SystemRoot\system32\DRIVERS\aksfridge.sys \??\C:\Windows\system32\drivers\hardlock.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\sechost.dll \Windows\System32\msctf.dll \Windows\System32\normaliz.dll \Windows\System32\setupapi.dll \Windows\System32\advapi32.dll \Windows\System32\iertutil.dll \Windows\System32\wininet.dll \Windows\System32\kernel32.dll \Windows\System32\imm32.dll \Windows\System32\gdi32.dll \Windows\System32\ole32.dll \Windows\System32\usp10.dll \Windows\System32\urlmon.dll \Windows\System32\clbcatq.dll \Windows\System32\Wldap32.dll \Windows\System32\lpk.dll \Windows\System32\psapi.dll \Windows\System32\msvcrt.dll \Windows\System32\imagehlp.dll \Windows\System32\nsi.dll \Windows\System32\comdlg32.dll \Windows\System32\shell32.dll \Windows\System32\oleaut32.dll \Windows\System32\shlwapi.dll \Windows\System32\difxapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\user32.dll \Windows\System32\ws2_32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\comctl32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007004060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800501d050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007004060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80051359d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007004060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005136b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa800501d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 41EA23B6 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 928387072 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 928796672 Numsec = 47763456 Partition 3 type is Other (0xe) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done!

RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : T8r Salad [Admin rights]Mode : Scan -- Date : 08/10/2013 08:31:27| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\T8r Salad\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [7] -> KILLED [TermProc][sUSP PATH] NDSPCShowServer.exe -- C:\Users\T8r Salad\AppData\Local\DIRECTV Player\NDSPCShowServer.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 10 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\T8r Salad\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3234435069-2337432931-1277263858-1001\[...]\Run : Google Update ("C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3234435069-2337432931-1277263858-1001\[...]\Run : PCShowServer ("C:\Users\T8r Salad\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [7]) -> FOUND[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 4 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001UA.job : C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001Core.job : C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001Core : C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3234435069-2337432931-1277263858-1001UA : C:\Users\T8r Salad\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++--- User ---[MBR] 5409b1cd23a2bb3a113fb4b9a40e9ce7[bSP] 605dbfb8eb6280c37de5f0e0e187d455 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 453314 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 928796672 | Size: 23322 Mo3 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_08102013_083127.txt >>

RKreport0_S_08102013_083127.txt