allang841

Attach file . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 03/01/2014 11:10:23 System Uptime: 30/01/2014 10:27:34 (1 hours ago) . Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1 Processor: Intel® Pentium® CPU B950 @ 2.10GHz | U3E1 | 2100/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 681 GiB total, 624.51 GiB free. D: is CDROM () E: is FIXED (FAT32) - 7 GiB total, 7.439 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: McAfee Inc. mfeapfk Device ID: ROOT\LEGACY_MFEAPFK\0000 Manufacturer: Name: McAfee Inc. mfeapfk PNP Device ID: ROOT\LEGACY_MFEAPFK\0000 Service: mfeapfk . ==== System Restore Points =================== . RP31: 26/01/2014 19:56:14 - Removed Bet Angel - Professional RP32: 29/01/2014 10:49:18 - Language Pack Removal RP33: 29/01/2014 16:21:04 - Revo Uninstaller's restore point - Adobe Reader XI (11.0.06) . ==== Installed Programs ====================== . ActiveX-kontroll för fjärranslutningar för Windows Live Mesh Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) Advanced SystemCare 6 Agatha Christie - Death on the Nile Aloha TriPeaks BBC iPlayer Desktop Bejeweled 3 Bluetooth Stack for Windows by Toshiba BT NetProtect Plus CactusVPN Cake Mania CCleaner Chuzzle Deluxe D3DX10 EPSON Scan EPSON SX430 Series Printer Uninstall FLV.com FLV Converter 5.1 Free RAR Extract Frog Google Chrome Google Toolbar for Internet Explorer Google Update Helper High-Definition Video Playback Insaniquarium Deluxe Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® Trusted Connect Service Client IObit Apps Toolbar v8.6 Java 7 Update 51 Java Auto Updater Java™ 6 Update 30 Jewel Quest Solitaire 2 Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Mystery P.I. - The London Caper Nero 11 Essentials Nero 11 Kwik Themes Basic Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero BurnRights 11 Nero BurnRights 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero Express 11 Nero Express 11 Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero Update nero.prerequisites.msi NTREGOPT 1.1j Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Polar Bowler Premium Sound HD Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WLAN Driver Revo Uninstaller 1.95 RtkClassFilter Skype™ 6.11 SpywareBlaster 5.0 Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Manuals TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Online Product Information TOSHIBA PC Health Monitor TOSHIBA Places Icon Utility TOSHIBA Recovery Media Creator TOSHIBA Recovery Media Creator Reminder TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA TEMPRO TOSHIBA Value Added Package TOSHIBA Web Camera Application Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life VLC media player 2.1.2 welcome WildTangent Games WildTangent Games App (Toshiba Games) Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (12/02/2011 2.3.8.1) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalleri Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX Control for Remote Connections Windows Live Meshin etäyhteyksien ActiveX-komponentti Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima . ==== Event Viewer Messages From Past Week ======== . 30/01/2014 11:23:44, Error: Service Control Manager [7030] - The Advanced SystemCare Service 6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 30/01/2014 10:29:21, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 30/01/2014 10:27:55, Error: Service Control Manager [7000] - The McAfee Inc. mfeapfk service failed to start due to the following error: The specified service does not exist. 30/01/2014 10:27:54, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied.. 30/01/2014 10:08:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 30/01/2014 10:08:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51} 30/01/2014 10:05:37, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 30/01/2014 10:04:42, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 30/01/2014 10:04:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 30/01/2014 10:04:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 30/01/2014 10:04:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 30/01/2014 10:04:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 30/01/2014 10:04:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 30/01/2014 10:04:12, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 29/01/2014 16:54:34, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 29/01/2014 16:54:04, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 29/01/2014 16:54:04, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 29/01/2014 09:31:43, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{48711CA6-B62F-46BD-9410-141DFDD9EAE9} because another computer on the network has the same name. The server could not start. 26/01/2014 09:39:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. 26/01/2014 09:39:46, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 24/01/2014 10:28:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect. 24/01/2014 10:28:04, Error: Service Control Manager [7000] - The McAfee Platform Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 24/01/2014 10:28:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7} 24/01/2014 08:22:16, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 23/01/2014 08:17:11, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). 23/01/2014 08:17:11, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 23/01/2014 08:17:11, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 23/01/2014 08:17:11, Error: Service Control Manager [7031] - The McAfee Platform Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 23/01/2014 08:17:11, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 23/01/2014 08:17:11, Error: Service Control Manager [7031] - The McAfee Home Network service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File =========================== dds file DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2 Run by allan.nancy.liam at 11:28:30 on 2014-01-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6034.3633 [GMT 0:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\Windows\System32\GFNEXSrv.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe C:\windows\system32\mfevtps.exe C:\windows\system32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\windows\system32\rundll32.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\McAfee\MSC\McAPExe.exe C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe C:\Windows\System32\StikyNot.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\McAfee\VirusScan\mcods.exe C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe C:\windows\system32\msiexec.exe C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll mWinlogon: Userinit = userinit.exe, BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR uRun: [EPSON SX430 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\ALLANN~1.LIA\AppData\Local\Temp\E_S7FF8.tmp" /EF "HKCU" uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP StartupFolder: C:\Users\ALLANN~1.LIA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.254 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC} : NameServer = 192.168.1.254 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC}\244564F4E4 : NameServer = 192.168.1.254 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC}\244575966496D277964786D264F4E4 : NameServer = 192.168.1.254 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\g945swsu.default-1391023072094\ FF - prefs.js: browser.search.selectedEngine - Yahoo! FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\System32\drivers\NBVol.sys [2012-5-11 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\System32\drivers\NBVolUp.sys [2012-5-11 15920] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2014-1-30 574272] R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2014-1-16 807800] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2014-1-7 168448] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2014-1-7 131072] R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2014-1-3 162824] R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2014-1-3 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-1-3 161560] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-3 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-3 701512] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-1-3 178048] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2013-11-4 311120] R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-1-3 1025232] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-1-3 219272] R2 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2013-9-24 782360] R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2014-1-3 182752] R2 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2013-11-4 343696] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-1-3 363800] R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2013-11-4 70112] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-3 25928] R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2013-11-4 519576] R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2013-11-26 411944] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2014-1-3 38096] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-1-3 251496] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-1-3 565352] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtwlane.sys [2014-1-3 1082472] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-1-3 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2014-1-22 197704] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-1-4 111616] S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2013-11-26 96112] S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\drivers\RtkBtfilter.sys [2012-1-5 21096] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-1-3 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2014-01-30 11:23:34 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2014-01-30 11:23:32 -------- d-----w- C:\ProgramData\IObit 2014-01-30 11:23:31 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\IObit 2014-01-30 11:22:59 -------- d-----w- C:\Program Files (x86)\IObit 2014-01-30 11:22:48 -------- d-----w- C:\Program Files (x86)\Application Updater 2014-01-30 11:22:46 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar 2014-01-30 11:22:46 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot 2014-01-30 10:24:34 -------- d-----w- C:\Program Files (x86)\NT Registry Optimizer 2014-01-29 16:20:14 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2014-01-29 16:11:17 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\tor 2014-01-29 13:53:24 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\HandBrake 2014-01-29 09:29:44 -------- d-----w- C:\Program Files (x86)\CactusVPN 2014-01-28 11:59:17 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-28 11:59:06 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys 2014-01-28 11:27:10 -------- d-----w- C:\Program Files (x86)\VideoLAN 2014-01-28 11:14:41 -------- d-----w- C:\Program Files (x86)\GreenTree Applications 2014-01-28 11:11:46 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\{BF6923FB-FA84-4281-96BE-5F0D52812120} 2014-01-28 11:11:46 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\{17493466-6040-49A9-A52D-B886C71F3E16} 2014-01-22 10:02:45 197704 ----a-w- C:\windows\System32\drivers\HipShieldK.sys 2014-01-21 20:56:51 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\Philipp Winterberg 2014-01-21 20:56:46 -------- d-----w- C:\Program Files (x86)\Free RAR Extract Frog 2014-01-16 09:36:31 -------- d-----w- C:\ProgramData\Oracle 2014-01-16 09:36:13 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-01-16 00:56:17 -------- d-----w- C:\dd6d63709d03022f0a2a838d4c74 2014-01-15 13:53:09 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Deployment 2014-01-15 13:53:09 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Apps 2014-01-15 12:44:08 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\BetTraderEvolution 2014-01-15 12:44:08 -------- d-----w- C:\Program Files (x86)\BetTraderEvolution 2014-01-15 12:43:05 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\EvoTray 2014-01-15 12:40:19 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\Bet Angel 2014-01-15 08:45:26 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys 2014-01-15 08:45:26 7808 ----a-w- C:\windows\System32\drivers\usbd.sys 2014-01-15 08:45:26 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys 2014-01-15 08:45:26 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys 2014-01-15 08:45:26 325120 ----a-w- C:\windows\System32\drivers\usbport.sys 2014-01-15 08:45:26 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys 2014-01-15 08:45:26 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys 2014-01-15 08:45:24 3156480 ----a-w- C:\windows\System32\win32k.sys 2014-01-15 08:45:23 376768 ----a-w- C:\windows\System32\drivers\netio.sys 2014-01-10 12:06:10 -------- d-----r- C:\Program Files (x86)\Skype 2014-01-07 17:37:07 465920 ----a-w- C:\windows\System32\esxw2ud.dll 2014-01-07 17:37:07 13824 ----a-w- C:\windows\System32\esxcdev.dll 2014-01-07 17:37:07 132560 ----a-w- C:\windows\System32\esdevapp.exe 2014-01-07 17:35:26 -------- d-----w- C:\Program Files (x86)\epson 2014-01-07 14:39:28 -------- d-----w- C:\Program Files\Common Files\EPSON 2014-01-07 14:37:38 10752 ----a-w- C:\windows\System32\E_GCINST.DLL 2014-01-07 14:37:37 88064 ----a-w- C:\windows\System32\E_IBCBHAE.DLL 2014-01-07 14:37:37 118784 ----a-w- C:\windows\System32\E_ILMHAE.DLL 2014-01-07 14:34:12 -------- d-----w- C:\ProgramData\EPSON 2014-01-05 18:49:53 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\{38CF6140-3827-4CFE-AE9B-E97DFD6B16A0} 2014-01-05 18:49:00 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\{1EBF2983-58A0-4B26-B65B-8841F35529C5} 2014-01-04 09:54:19 -------- d-----w- C:\ProgramData\VirtualizedApplications 2014-01-04 09:35:39 -------- d-----w- C:\windows\Migration 2014-01-03 18:58:16 -------- d-----w- C:\windows\OemDrv 2014-01-03 18:54:04 38096 ----a-w- C:\windows\System32\drivers\PGEffect.sys 2014-01-03 18:47:31 -------- d-----w- C:\Program Files (x86)\TOSHIBA Corporation 2014-01-03 18:47:31 -------- d-----w- C:\Program Files (x86)\Common Files\Toshiba Shared 2014-01-03 18:40:59 24576 ----a-w- C:\windows\SysWow64\TSCI.dll 2014-01-03 18:40:59 24576 ----a-w- C:\windows\SysWow64\THCI.dll 2014-01-03 18:40:12 -------- d-----w- C:\windows\sv 2014-01-03 18:39:30 -------- d-----w- C:\windows\en 2014-01-03 18:39:27 -------- d-----w- C:\windows\da 2014-01-03 18:39:23 -------- d-----w- C:\windows\fi 2014-01-03 18:39:20 -------- d-----w- C:\windows\no 2014-01-03 18:39:01 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-01-03 18:37:34 -------- d-----w- C:\windows\PCHEALTH 2014-01-03 18:37:22 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll 2014-01-03 18:37:22 523088 ----a-w- C:\windows\System32\d3dx10_42.dll 2014-01-03 18:37:22 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll 2014-01-03 18:37:22 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll 2014-01-03 18:37:20 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll 2014-01-03 18:37:20 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll 2014-01-03 18:36:41 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be7cf1cf1cf08b204\MeshBetaRemover.exe 2014-01-03 18:36:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be4d564a1cf08b203\DSETUP.dll 2014-01-03 18:36:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be1696a41cf08b202\DSETUP.dll 2014-01-03 18:36:40 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bdcf2d5b1cf08b201\Silverlight.4.0.exe 2014-01-03 18:36:40 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be4d564a1cf08b203\DXSETUP.exe 2014-01-03 18:36:40 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be1696a41cf08b202\DXSETUP.exe 2014-01-03 18:36:40 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be4d564a1cf08b203\dsetup32.dll 2014-01-03 18:36:40 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be1696a41cf08b202\dsetup32.dll 2014-01-03 18:36:39 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2014-01-03 18:34:08 162824 ----a-w- C:\windows\System32\GFNEXSrv.exe 2014-01-03 18:34:08 152376 ----a-w- C:\windows\System32\GFNEX64.dll 2014-01-03 18:34:08 128312 ----a-w- C:\windows\SysWow64\GFNEX.dll 2014-01-03 18:33:51 -------- d-----w- C:\windows\SysWow64\sda 2014-01-03 18:33:47 251496 ----a-w- C:\windows\System32\drivers\RtsUStor.sys 2014-01-03 18:33:46 9887848 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll 2014-01-03 18:33:46 422504 ----a-w- C:\windows\System32\RtsUStor.dll 2014-01-03 18:32:52 40832 ----a-w- C:\windows\System32\drivers\TosBtCi.dll 2014-01-03 18:32:27 28528 ----a-w- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll 2014-01-03 18:29:42 626792 ----a-w- C:\windows\System32\drivers\rtl819xp.sys 2014-01-03 18:29:42 451072 ----a-w- C:\windows\SysWow64\ISSRemoveSP.exe 2014-01-03 18:29:42 450048 ----a-w- C:\windows\System32\drivers\rtl8187B.sys 2014-01-03 18:29:42 442368 ----a-w- C:\windows\System32\drivers\rtl8187Se.sys 2014-01-03 18:29:42 1225832 ----a-w- C:\windows\System32\drivers\rtl8192se.sys 2014-01-03 18:29:42 1145448 ----a-w- C:\windows\System32\drivers\rtl8192ce.sys 2014-01-03 18:29:42 1082472 ----a-w- C:\windows\System32\drivers\rtwlane.sys 2014-01-03 18:29:42 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver 2014-01-03 18:28:39 74272 ----a-w- C:\windows\System32\RtNicProp64.dll 2014-01-03 18:28:39 565352 ----a-w- C:\windows\System32\drivers\Rt64win7.sys 2014-01-03 18:28:39 107552 ----a-w- C:\windows\System32\RTNUninst64.dll 2014-01-03 18:28:13 -------- d-----w- C:\Program Files\Synaptics 2014-01-03 18:27:32 -------- d-----w- C:\Program Files\SRS Labs 2014-01-03 18:24:07 568600 ----a-w- C:\windows\System32\drivers\iaStor.sys 2014-01-03 18:20:05 -------- d-----w- C:\Program Files\Common Files\Intel 2014-01-03 18:20:05 -------- d-----w- C:\Program Files (x86)\Common Files\Intel 2014-01-03 18:18:20 15128 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll 2014-01-03 18:17:44 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2014-01-03 18:17:40 -------- d-----w- C:\Intel 2014-01-03 18:17:39 60184 ----a-w- C:\windows\System32\drivers\HECIx64.sys 2014-01-03 18:15:20 53248 ----a-w- C:\windows\SysWow64\CSVer.dll 2014-01-03 15:49:25 -------- d-----w- C:\windows\SysWow64\Wat 2014-01-03 15:49:25 -------- d-----w- C:\windows\System32\Wat 2014-01-03 15:43:03 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Macromedia 2014-01-03 14:53:24 465920 ----a-w- C:\windows\System32\WMPhoto.dll 2014-01-03 14:53:24 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll 2014-01-03 14:53:22 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2014-01-03 14:53:22 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2014-01-03 14:53:18 67072 ----a-w- C:\windows\splwow64.exe 2014-01-03 14:53:18 559104 ----a-w- C:\windows\System32\spoolsv.exe 2014-01-03 14:27:12 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2014-01-03 14:27:12 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2014-01-03 14:27:12 12625920 ----a-w- C:\windows\System32\wmploc.DLL 2014-01-03 14:27:11 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL 2014-01-03 13:48:03 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\SoftGrid Client 2014-01-03 13:48:02 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\SoftGrid Client 2014-01-03 13:46:48 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2014-01-03 13:46:48 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client 2014-01-03 13:46:23 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\TP 2014-01-03 13:06:30 294912 ----a-w- C:\windows\System32\browserchoice.exe 2014-01-03 12:47:45 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2014-01-03 12:47:45 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2014-01-03 12:47:45 744448 ----a-w- C:\windows\System32\WUDFx.dll 2014-01-03 12:47:45 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2014-01-03 12:47:45 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2014-01-03 12:47:45 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2014-01-03 12:47:45 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2014-01-03 12:39:03 -------- d-----w- C:\windows\System32\MRT 2014-01-03 12:32:29 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2014-01-03 12:32:29 5120 ----a-w- C:\windows\System32\wmi.dll 2014-01-03 12:32:29 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2014-01-03 12:25:04 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll 2014-01-03 12:25:04 2048 ----a-w- C:\windows\System32\msxml3r.dll 2014-01-03 12:25:04 2002432 ----a-w- C:\windows\System32\msxml6.dll 2014-01-03 12:25:04 1882624 ----a-w- C:\windows\System32\msxml3.dll 2014-01-03 12:25:04 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2014-01-03 12:25:04 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2014-01-03 12:25:03 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys 2014-01-03 12:25:02 327168 ----a-w- C:\windows\System32\mswsock.dll 2014-01-03 12:25:01 231424 ----a-w- C:\windows\SysWow64\mswsock.dll 2014-01-03 12:24:10 1887232 ----a-w- C:\windows\System32\d3d11.dll 2014-01-03 12:24:10 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll 2014-01-03 12:22:37 1474048 ----a-w- C:\windows\System32\crypt32.dll 2014-01-03 12:21:54 70144 ----a-w- C:\windows\System32\appinfo.dll 2014-01-03 12:21:54 111448 ----a-w- C:\windows\System32\consent.exe 2014-01-03 12:21:34 362496 ----a-w- C:\windows\System32\wow64win.dll 2014-01-03 12:21:34 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2014-01-03 12:21:34 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2014-01-03 12:21:04 3717632 ----a-w- C:\windows\System32\mstscax.dll 2014-01-03 12:21:04 3217408 ----a-w- C:\windows\SysWow64\mstscax.dll 2014-01-03 12:21:02 44032 ----a-w- C:\windows\System32\tsgqec.dll 2014-01-03 12:21:02 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll 2014-01-03 12:21:02 158720 ----a-w- C:\windows\System32\aaclient.dll 2014-01-03 12:21:02 131584 ----a-w- C:\windows\SysWow64\aaclient.dll 2014-01-03 12:19:58 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2014-01-03 12:18:55 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2014-01-03 12:07:05 461312 ----a-w- C:\windows\System32\scavengeui.dll 2014-01-03 11:57:01 2622464 ----a-w- C:\windows\System32\wucltux.dll 2014-01-03 11:56:53 99840 ----a-w- C:\windows\System32\wudriver.dll 2014-01-03 11:56:44 36864 ----a-w- C:\windows\System32\wuapp.exe 2014-01-03 11:56:44 186752 ----a-w- C:\windows\System32\wuwebv.dll 2014-01-03 11:48:22 -------- d-----w- C:\ProgramData\Licenses 2014-01-03 11:48:17 129872 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL 2014-01-03 11:48:17 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX 2014-01-03 11:48:16 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2014-01-03 11:47:28 -------- d-----w- C:\AdwCleaner 2014-01-03 11:46:51 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\Malwarebytes 2014-01-03 11:46:21 -------- d-----w- C:\ProgramData\Malwarebytes 2014-01-03 11:46:17 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2014-01-03 11:46:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-03 11:46:07 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Programs 2014-01-03 11:45:04 -------- d-----w- C:\Program Files\CCleaner 2014-01-03 11:40:22 -------- d-----w- C:\Program Files (x86)\McAfee.com 2014-01-03 11:40:17 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee 2014-01-03 11:40:06 -------- d-----w- C:\Program Files\McAfee.com 2014-01-03 11:40:06 -------- d-----w- C:\Program Files\McAfee 2014-01-03 11:40:04 -------- d-----w- C:\Program Files (x86)\McAfee 2014-01-03 11:33:52 182752 ----a-w- C:\windows\System32\mfevtps.exe 2014-01-03 11:33:51 -------- d-----w- C:\Program Files\Common Files\McAfee 2014-01-03 11:19:32 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Google 2014-01-03 11:13:35 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\SRS Labs 2014-01-03 11:13:15 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\TOSHIBA 2014-01-03 11:12:39 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\VirtualStore 2014-01-03 11:11:52 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\WinBatch 2014-01-03 11:11:50 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop 2014-01-03 11:11:43 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Adobe . ==================== Find3M ==================== . 2014-01-30 09:56:08 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-01-30 09:56:08 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2014-01-03 13:20:32 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-11-26 22:07:44 10856 ----a-w- C:\windows\System32\drivers\mfeclnrk.sys 2013-11-26 22:07:22 96112 ----a-w- C:\windows\System32\drivers\mfencrk.sys 2013-11-26 22:07:02 411944 ----a-w- C:\windows\System32\drivers\mfencbdc.sys 2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb 2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll 2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll 2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll 2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe 2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe 2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll 2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll 2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl 2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll 2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll 2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll 2013-11-04 16:51:44 70112 ----a-w- C:\windows\System32\drivers\cfwids.sys 2013-11-04 16:46:34 343696 ----a-w- C:\windows\System32\drivers\mfewfpk.sys 2013-11-04 16:43:04 782360 ----a-w- C:\windows\System32\drivers\mfehidk.sys 2013-11-04 16:41:22 519576 ----a-w- C:\windows\System32\drivers\mfefirek.sys 2013-11-04 16:40:00 311120 ----a-w- C:\windows\System32\drivers\mfeavfk.sys 2013-11-04 16:39:20 179792 ----a-w- C:\windows\System32\drivers\mfeapfk.sys . ============= FINISH: 11:29:17.59 =============== I also want this off the computer thanks dds.txt attach.txt

Attach file . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 03/01/2014 11:10:23 System Uptime: 30/01/2014 10:27:34 (1 hours ago) . Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1 Processor: Intel® Pentium® CPU B950 @ 2.10GHz | U3E1 | 2100/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 681 GiB total, 624.51 GiB free. D: is CDROM () E: is FIXED (FAT32) - 7 GiB total, 7.439 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: McAfee Inc. mfeapfk Device ID: ROOT\LEGACY_MFEAPFK\0000 Manufacturer: Name: McAfee Inc. mfeapfk PNP Device ID: ROOT\LEGACY_MFEAPFK\0000 Service: mfeapfk . ==== System Restore Points =================== . RP31: 26/01/2014 19:56:14 - Removed Bet Angel - Professional RP32: 29/01/2014 10:49:18 - Language Pack Removal RP33: 29/01/2014 16:21:04 - Revo Uninstaller's restore point - Adobe Reader XI (11.0.06) . ==== Installed Programs ====================== . ActiveX-kontroll för fjärranslutningar för Windows Live Mesh Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) Advanced SystemCare 6 Agatha Christie - Death on the Nile Aloha TriPeaks BBC iPlayer Desktop Bejeweled 3 Bluetooth Stack for Windows by Toshiba BT NetProtect Plus CactusVPN Cake Mania CCleaner Chuzzle Deluxe D3DX10 EPSON Scan EPSON SX430 Series Printer Uninstall FLV.com FLV Converter 5.1 Free RAR Extract Frog Google Chrome Google Toolbar for Internet Explorer Google Update Helper High-Definition Video Playback Insaniquarium Deluxe Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® Trusted Connect Service Client IObit Apps Toolbar v8.6 Java 7 Update 51 Java Auto Updater Java 6 Update 30 Jewel Quest Solitaire 2 Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Mystery P.I. - The London Caper Nero 11 Essentials Nero 11 Kwik Themes Basic Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero BurnRights 11 Nero BurnRights 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero Express 11 Nero Express 11 Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero Update nero.prerequisites.msi NTREGOPT 1.1j Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Polar Bowler Premium Sound HD Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WLAN Driver Revo Uninstaller 1.95 RtkClassFilter Skype™ 6.11 SpywareBlaster 5.0 Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Manuals TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Online Product Information TOSHIBA PC Health Monitor TOSHIBA Places Icon Utility TOSHIBA Recovery Media Creator TOSHIBA Recovery Media Creator Reminder TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA TEMPRO TOSHIBA Value Added Package TOSHIBA Web Camera Application Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life VLC media player 2.1.2 welcome WildTangent Games WildTangent Games App (Toshiba Games) Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (12/02/2011 2.3.8.1) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalleri Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX Control for Remote Connections Windows Live Meshin etäyhteyksien ActiveX-komponentti Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima . ==== Event Viewer Messages From Past Week ======== . 30/01/2014 11:23:44, Error: Service Control Manager [7030] - The Advanced SystemCare Service 6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 30/01/2014 10:29:21, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 30/01/2014 10:27:55, Error: Service Control Manager [7000] - The McAfee Inc. mfeapfk service failed to start due to the following error: The specified service does not exist. 30/01/2014 10:27:54, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied.. 30/01/2014 10:08:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 30/01/2014 10:08:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51} 30/01/2014 10:05:37, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 30/01/2014 10:04:42, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 30/01/2014 10:04:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 30/01/2014 10:04:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 30/01/2014 10:04:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 30/01/2014 10:04:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 30/01/2014 10:04:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 30/01/2014 10:04:12, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 29/01/2014 16:54:34, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 29/01/2014 16:54:04, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 29/01/2014 16:54:04, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 29/01/2014 09:31:43, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{48711CA6-B62F-46BD-9410-141DFDD9EAE9} because another computer on the network has the same name. The server could not start. 26/01/2014 09:39:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. 26/01/2014 09:39:46, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 24/01/2014 10:28:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect. 24/01/2014 10:28:04, Error: Service Control Manager [7000] - The McAfee Platform Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 24/01/2014 10:28:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7} 24/01/2014 08:22:16, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 23/01/2014 08:17:11, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). 23/01/2014 08:17:11, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 23/01/2014 08:17:11, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 23/01/2014 08:17:11, Error: Service Control Manager [7031] - The McAfee Platform Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 23/01/2014 08:17:11, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 23/01/2014 08:17:11, Error: Service Control Manager [7031] - The McAfee Home Network service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File =========================== dds file DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2 Run by allan.nancy.liam at 11:28:30 on 2014-01-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6034.3633 [GMT 0:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\Windows\System32\GFNEXSrv.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe C:\windows\system32\mfevtps.exe C:\windows\system32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\windows\system32\rundll32.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\McAfee\MSC\McAPExe.exe C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe C:\Windows\System32\StikyNot.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\McAfee\VirusScan\mcods.exe C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe C:\windows\system32\msiexec.exe C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll mWinlogon: Userinit = userinit.exe, BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR uRun: [EPSON SX430 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\ALLANN~1.LIA\AppData\Local\Temp\E_S7FF8.tmp" /EF "HKCU" uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP StartupFolder: C:\Users\ALLANN~1.LIA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.254 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC} : NameServer = 192.168.1.254 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC}\244564F4E4 : NameServer = 192.168.1.254 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC}\244575966496D277964786D264F4E4 : NameServer = 192.168.1.254 TCP: Interfaces\{D7F5D7B3-E4F8-4388-B3FE-E902478BE6AC}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\g945swsu.default-1391023072094\ FF - prefs.js: browser.search.selectedEngine - Yahoo! FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\System32\drivers\NBVol.sys [2012-5-11 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\System32\drivers\NBVolUp.sys [2012-5-11 15920] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2014-1-30 574272] R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2014-1-16 807800] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2014-1-7 168448] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2014-1-7 131072] R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2014-1-3 162824] R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2014-1-3 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-1-3 161560] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-3 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-3 701512] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-1-3 178048] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-3 328928] R2 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2013-11-4 311120] R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-1-3 1025232] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-1-3 219272] R2 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2013-9-24 782360] R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2014-1-3 182752] R2 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2013-11-4 343696] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-1-3 363800] R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2013-11-4 70112] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-3 25928] R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2013-11-4 519576] R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2013-11-26 411944] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2014-1-3 38096] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-1-3 251496] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-1-3 565352] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtwlane.sys [2014-1-3 1082472] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-1-3 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2014-1-22 197704] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-1-4 111616] S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2013-11-26 96112] S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\drivers\RtkBtfilter.sys [2012-1-5 21096] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-1-3 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2014-01-30 11:23:34 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2014-01-30 11:23:32 -------- d-----w- C:\ProgramData\IObit 2014-01-30 11:23:31 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\IObit 2014-01-30 11:22:59 -------- d-----w- C:\Program Files (x86)\IObit 2014-01-30 11:22:48 -------- d-----w- C:\Program Files (x86)\Application Updater 2014-01-30 11:22:46 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar 2014-01-30 11:22:46 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot 2014-01-30 10:24:34 -------- d-----w- C:\Program Files (x86)\NT Registry Optimizer 2014-01-29 16:20:14 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2014-01-29 16:11:17 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\tor 2014-01-29 13:53:24 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\HandBrake 2014-01-29 09:29:44 -------- d-----w- C:\Program Files (x86)\CactusVPN 2014-01-28 11:59:17 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-28 11:59:06 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys 2014-01-28 11:27:10 -------- d-----w- C:\Program Files (x86)\VideoLAN 2014-01-28 11:14:41 -------- d-----w- C:\Program Files (x86)\GreenTree Applications 2014-01-28 11:11:46 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\{BF6923FB-FA84-4281-96BE-5F0D52812120} 2014-01-28 11:11:46 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\{17493466-6040-49A9-A52D-B886C71F3E16} 2014-01-22 10:02:45 197704 ----a-w- C:\windows\System32\drivers\HipShieldK.sys 2014-01-21 20:56:51 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\Philipp Winterberg 2014-01-21 20:56:46 -------- d-----w- C:\Program Files (x86)\Free RAR Extract Frog 2014-01-16 09:36:31 -------- d-----w- C:\ProgramData\Oracle 2014-01-16 09:36:13 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-01-16 00:56:17 -------- d-----w- C:\dd6d63709d03022f0a2a838d4c74 2014-01-15 13:53:09 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Deployment 2014-01-15 13:53:09 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Apps 2014-01-15 12:44:08 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\BetTraderEvolution 2014-01-15 12:44:08 -------- d-----w- C:\Program Files (x86)\BetTraderEvolution 2014-01-15 12:43:05 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\EvoTray 2014-01-15 12:40:19 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\Bet Angel 2014-01-15 08:45:26 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys 2014-01-15 08:45:26 7808 ----a-w- C:\windows\System32\drivers\usbd.sys 2014-01-15 08:45:26 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys 2014-01-15 08:45:26 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys 2014-01-15 08:45:26 325120 ----a-w- C:\windows\System32\drivers\usbport.sys 2014-01-15 08:45:26 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys 2014-01-15 08:45:26 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys 2014-01-15 08:45:24 3156480 ----a-w- C:\windows\System32\win32k.sys 2014-01-15 08:45:23 376768 ----a-w- C:\windows\System32\drivers\netio.sys 2014-01-10 12:06:10 -------- d-----r- C:\Program Files (x86)\Skype 2014-01-07 17:37:07 465920 ----a-w- C:\windows\System32\esxw2ud.dll 2014-01-07 17:37:07 13824 ----a-w- C:\windows\System32\esxcdev.dll 2014-01-07 17:37:07 132560 ----a-w- C:\windows\System32\esdevapp.exe 2014-01-07 17:35:26 -------- d-----w- C:\Program Files (x86)\epson 2014-01-07 14:39:28 -------- d-----w- C:\Program Files\Common Files\EPSON 2014-01-07 14:37:38 10752 ----a-w- C:\windows\System32\E_GCINST.DLL 2014-01-07 14:37:37 88064 ----a-w- C:\windows\System32\E_IBCBHAE.DLL 2014-01-07 14:37:37 118784 ----a-w- C:\windows\System32\E_ILMHAE.DLL 2014-01-07 14:34:12 -------- d-----w- C:\ProgramData\EPSON 2014-01-05 18:49:53 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\{38CF6140-3827-4CFE-AE9B-E97DFD6B16A0} 2014-01-05 18:49:00 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\{1EBF2983-58A0-4B26-B65B-8841F35529C5} 2014-01-04 09:54:19 -------- d-----w- C:\ProgramData\VirtualizedApplications 2014-01-04 09:35:39 -------- d-----w- C:\windows\Migration 2014-01-03 18:58:16 -------- d-----w- C:\windows\OemDrv 2014-01-03 18:54:04 38096 ----a-w- C:\windows\System32\drivers\PGEffect.sys 2014-01-03 18:47:31 -------- d-----w- C:\Program Files (x86)\TOSHIBA Corporation 2014-01-03 18:47:31 -------- d-----w- C:\Program Files (x86)\Common Files\Toshiba Shared 2014-01-03 18:40:59 24576 ----a-w- C:\windows\SysWow64\TSCI.dll 2014-01-03 18:40:59 24576 ----a-w- C:\windows\SysWow64\THCI.dll 2014-01-03 18:40:12 -------- d-----w- C:\windows\sv 2014-01-03 18:39:30 -------- d-----w- C:\windows\en 2014-01-03 18:39:27 -------- d-----w- C:\windows\da 2014-01-03 18:39:23 -------- d-----w- C:\windows\fi 2014-01-03 18:39:20 -------- d-----w- C:\windows\no 2014-01-03 18:39:01 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-01-03 18:37:34 -------- d-----w- C:\windows\PCHEALTH 2014-01-03 18:37:22 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll 2014-01-03 18:37:22 523088 ----a-w- C:\windows\System32\d3dx10_42.dll 2014-01-03 18:37:22 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll 2014-01-03 18:37:22 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll 2014-01-03 18:37:20 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll 2014-01-03 18:37:20 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll 2014-01-03 18:36:41 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be7cf1cf1cf08b204\MeshBetaRemover.exe 2014-01-03 18:36:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be4d564a1cf08b203\DSETUP.dll 2014-01-03 18:36:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be1696a41cf08b202\DSETUP.dll 2014-01-03 18:36:40 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bdcf2d5b1cf08b201\Silverlight.4.0.exe 2014-01-03 18:36:40 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be4d564a1cf08b203\DXSETUP.exe 2014-01-03 18:36:40 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be1696a41cf08b202\DXSETUP.exe 2014-01-03 18:36:40 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be4d564a1cf08b203\dsetup32.dll 2014-01-03 18:36:40 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\be1696a41cf08b202\dsetup32.dll 2014-01-03 18:36:39 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2014-01-03 18:34:08 162824 ----a-w- C:\windows\System32\GFNEXSrv.exe 2014-01-03 18:34:08 152376 ----a-w- C:\windows\System32\GFNEX64.dll 2014-01-03 18:34:08 128312 ----a-w- C:\windows\SysWow64\GFNEX.dll 2014-01-03 18:33:51 -------- d-----w- C:\windows\SysWow64\sda 2014-01-03 18:33:47 251496 ----a-w- C:\windows\System32\drivers\RtsUStor.sys 2014-01-03 18:33:46 9887848 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll 2014-01-03 18:33:46 422504 ----a-w- C:\windows\System32\RtsUStor.dll 2014-01-03 18:32:52 40832 ----a-w- C:\windows\System32\drivers\TosBtCi.dll 2014-01-03 18:32:27 28528 ----a-w- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll 2014-01-03 18:29:42 626792 ----a-w- C:\windows\System32\drivers\rtl819xp.sys 2014-01-03 18:29:42 451072 ----a-w- C:\windows\SysWow64\ISSRemoveSP.exe 2014-01-03 18:29:42 450048 ----a-w- C:\windows\System32\drivers\rtl8187B.sys 2014-01-03 18:29:42 442368 ----a-w- C:\windows\System32\drivers\rtl8187Se.sys 2014-01-03 18:29:42 1225832 ----a-w- C:\windows\System32\drivers\rtl8192se.sys 2014-01-03 18:29:42 1145448 ----a-w- C:\windows\System32\drivers\rtl8192ce.sys 2014-01-03 18:29:42 1082472 ----a-w- C:\windows\System32\drivers\rtwlane.sys 2014-01-03 18:29:42 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver 2014-01-03 18:28:39 74272 ----a-w- C:\windows\System32\RtNicProp64.dll 2014-01-03 18:28:39 565352 ----a-w- C:\windows\System32\drivers\Rt64win7.sys 2014-01-03 18:28:39 107552 ----a-w- C:\windows\System32\RTNUninst64.dll 2014-01-03 18:28:13 -------- d-----w- C:\Program Files\Synaptics 2014-01-03 18:27:32 -------- d-----w- C:\Program Files\SRS Labs 2014-01-03 18:24:07 568600 ----a-w- C:\windows\System32\drivers\iaStor.sys 2014-01-03 18:20:05 -------- d-----w- C:\Program Files\Common Files\Intel 2014-01-03 18:20:05 -------- d-----w- C:\Program Files (x86)\Common Files\Intel 2014-01-03 18:18:20 15128 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll 2014-01-03 18:17:44 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2014-01-03 18:17:40 -------- d-----w- C:\Intel 2014-01-03 18:17:39 60184 ----a-w- C:\windows\System32\drivers\HECIx64.sys 2014-01-03 18:15:20 53248 ----a-w- C:\windows\SysWow64\CSVer.dll 2014-01-03 15:49:25 -------- d-----w- C:\windows\SysWow64\Wat 2014-01-03 15:49:25 -------- d-----w- C:\windows\System32\Wat 2014-01-03 15:43:03 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Macromedia 2014-01-03 14:53:24 465920 ----a-w- C:\windows\System32\WMPhoto.dll 2014-01-03 14:53:24 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll 2014-01-03 14:53:22 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2014-01-03 14:53:22 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2014-01-03 14:53:18 67072 ----a-w- C:\windows\splwow64.exe 2014-01-03 14:53:18 559104 ----a-w- C:\windows\System32\spoolsv.exe 2014-01-03 14:27:12 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2014-01-03 14:27:12 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2014-01-03 14:27:12 12625920 ----a-w- C:\windows\System32\wmploc.DLL 2014-01-03 14:27:11 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL 2014-01-03 13:48:03 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\SoftGrid Client 2014-01-03 13:48:02 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\SoftGrid Client 2014-01-03 13:46:48 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2014-01-03 13:46:48 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client 2014-01-03 13:46:23 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\TP 2014-01-03 13:06:30 294912 ----a-w- C:\windows\System32\browserchoice.exe 2014-01-03 12:47:45 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2014-01-03 12:47:45 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2014-01-03 12:47:45 744448 ----a-w- C:\windows\System32\WUDFx.dll 2014-01-03 12:47:45 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2014-01-03 12:47:45 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2014-01-03 12:47:45 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2014-01-03 12:47:45 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2014-01-03 12:39:03 -------- d-----w- C:\windows\System32\MRT 2014-01-03 12:32:29 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2014-01-03 12:32:29 5120 ----a-w- C:\windows\System32\wmi.dll 2014-01-03 12:32:29 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2014-01-03 12:25:04 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll 2014-01-03 12:25:04 2048 ----a-w- C:\windows\System32\msxml3r.dll 2014-01-03 12:25:04 2002432 ----a-w- C:\windows\System32\msxml6.dll 2014-01-03 12:25:04 1882624 ----a-w- C:\windows\System32\msxml3.dll 2014-01-03 12:25:04 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2014-01-03 12:25:04 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2014-01-03 12:25:03 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys 2014-01-03 12:25:02 327168 ----a-w- C:\windows\System32\mswsock.dll 2014-01-03 12:25:01 231424 ----a-w- C:\windows\SysWow64\mswsock.dll 2014-01-03 12:24:10 1887232 ----a-w- C:\windows\System32\d3d11.dll 2014-01-03 12:24:10 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll 2014-01-03 12:22:37 1474048 ----a-w- C:\windows\System32\crypt32.dll 2014-01-03 12:21:54 70144 ----a-w- C:\windows\System32\appinfo.dll 2014-01-03 12:21:54 111448 ----a-w- C:\windows\System32\consent.exe 2014-01-03 12:21:34 362496 ----a-w- C:\windows\System32\wow64win.dll 2014-01-03 12:21:34 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2014-01-03 12:21:34 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2014-01-03 12:21:04 3717632 ----a-w- C:\windows\System32\mstscax.dll 2014-01-03 12:21:04 3217408 ----a-w- C:\windows\SysWow64\mstscax.dll 2014-01-03 12:21:02 44032 ----a-w- C:\windows\System32\tsgqec.dll 2014-01-03 12:21:02 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll 2014-01-03 12:21:02 158720 ----a-w- C:\windows\System32\aaclient.dll 2014-01-03 12:21:02 131584 ----a-w- C:\windows\SysWow64\aaclient.dll 2014-01-03 12:19:58 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2014-01-03 12:18:55 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2014-01-03 12:07:05 461312 ----a-w- C:\windows\System32\scavengeui.dll 2014-01-03 11:57:01 2622464 ----a-w- C:\windows\System32\wucltux.dll 2014-01-03 11:56:53 99840 ----a-w- C:\windows\System32\wudriver.dll 2014-01-03 11:56:44 36864 ----a-w- C:\windows\System32\wuapp.exe 2014-01-03 11:56:44 186752 ----a-w- C:\windows\System32\wuwebv.dll 2014-01-03 11:48:22 -------- d-----w- C:\ProgramData\Licenses 2014-01-03 11:48:17 129872 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL 2014-01-03 11:48:17 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX 2014-01-03 11:48:16 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2014-01-03 11:47:28 -------- d-----w- C:\AdwCleaner 2014-01-03 11:46:51 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\Malwarebytes 2014-01-03 11:46:21 -------- d-----w- C:\ProgramData\Malwarebytes 2014-01-03 11:46:17 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2014-01-03 11:46:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-03 11:46:07 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Programs 2014-01-03 11:45:04 -------- d-----w- C:\Program Files\CCleaner 2014-01-03 11:40:22 -------- d-----w- C:\Program Files (x86)\McAfee.com 2014-01-03 11:40:17 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee 2014-01-03 11:40:06 -------- d-----w- C:\Program Files\McAfee.com 2014-01-03 11:40:06 -------- d-----w- C:\Program Files\McAfee 2014-01-03 11:40:04 -------- d-----w- C:\Program Files (x86)\McAfee 2014-01-03 11:33:52 182752 ----a-w- C:\windows\System32\mfevtps.exe 2014-01-03 11:33:51 -------- d-----w- C:\Program Files\Common Files\McAfee 2014-01-03 11:19:32 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Google 2014-01-03 11:13:35 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\SRS Labs 2014-01-03 11:13:15 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\TOSHIBA 2014-01-03 11:12:39 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\VirtualStore 2014-01-03 11:11:52 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\WinBatch 2014-01-03 11:11:50 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop 2014-01-03 11:11:43 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Adobe . ==================== Find3M ==================== . 2014-01-30 09:56:08 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-01-30 09:56:08 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2014-01-03 13:20:32 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-11-26 22:07:44 10856 ----a-w- C:\windows\System32\drivers\mfeclnrk.sys 2013-11-26 22:07:22 96112 ----a-w- C:\windows\System32\drivers\mfencrk.sys 2013-11-26 22:07:02 411944 ----a-w- C:\windows\System32\drivers\mfencbdc.sys 2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb 2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll 2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll 2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll 2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe 2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe 2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll 2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll 2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl 2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll 2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll 2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll 2013-11-04 16:51:44 70112 ----a-w- C:\windows\System32\drivers\cfwids.sys 2013-11-04 16:46:34 343696 ----a-w- C:\windows\System32\drivers\mfewfpk.sys 2013-11-04 16:43:04 782360 ----a-w- C:\windows\System32\drivers\mfehidk.sys 2013-11-04 16:41:22 519576 ----a-w- C:\windows\System32\drivers\mfefirek.sys 2013-11-04 16:40:00 311120 ----a-w- C:\windows\System32\drivers\mfeavfk.sys 2013-11-04 16:39:20 179792 ----a-w- C:\windows\System32\drivers\mfeapfk.sys . ============= FINISH: 11:29:17.59 ===============

Have ran malwarebytes, mcafee, adwcleaner and there are no issues? any ideas? cheers

Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 30 Java version out of Date! Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (App.) Google Chrome 12.0.742.91 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe TOSHIBA TOSHIBA Online Product Information TOPI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````

AdwCleaner Log # AdwCleaner v2.306 - Logfile created 08/07/2013 at 16:26:13 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : allan.nancy.liam - ALLANNANCYLIAM # Boot Mode : Normal # Running from : C:\Users\allan.nancy.liam\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\extensions\addon@defaulttab.com.xpi File Deleted : C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\searchplugins\Babylon.xml File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\allan.nancy.liam\AppData\Local\Smartbar Folder Deleted : C:\Users\allan.nancy.liam\AppData\Roaming\DefaultTab Folder Deleted : C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\extensions\plugin@getwebcake.com Folder Deleted : C:\Users\allan.nancy.liam\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\ALLANN~1.LIA\AppData\Local\Temp\Smartbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKCU\Software\pc optimizer pro Key Deleted : HKCU\Software\SmartbarBackup Key Deleted : HKCU\Software\SmartbarLog Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\Software\InstallIQ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\5853dbdcb73fbd10 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [browser Infrastructure Helper] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\prefs.js C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\user.js ... Deleted ! Deleted : user_pref("extensions.crossriderapp26278.adsOldValue", -1); Deleted : user_pref("extensions.delta.admin", false); Deleted : user_pref("extensions.delta.aflt", "babsst"); Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Deleted : user_pref("extensions.delta.autoRvrt", "false"); Deleted : user_pref("extensions.delta.dfltLng", "en"); Deleted : user_pref("extensions.delta.excTlbr", false); Deleted : user_pref("extensions.delta.ffxUnstlRst", true); Deleted : user_pref("extensions.delta.id", "3e5533aa00000000000000ff58625175"); Deleted : user_pref("extensions.delta.instlDay", "15923"); Deleted : user_pref("extensions.delta.instlRef", "sst"); Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.22.018:04:27"); Deleted : user_pref("extensions.delta.newTab", false); Deleted : user_pref("extensions.delta.prdct", "delta"); Deleted : user_pref("extensions.delta.prtnrId", "delta"); Deleted : user_pref("extensions.delta.rvrt", "false"); Deleted : user_pref("extensions.delta.smplGrp", "none"); Deleted : user_pref("extensions.delta.tlbrId", "base"); Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0"); Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.018:04:27"); Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0"); Deleted : user_pref("extensions.delta_i.babExt", ""); Deleted : user_pref("extensions.delta_i.babTrack", "affID=121240&tt=060813_av&tsp=4966"); Deleted : user_pref("extensions.delta_i.srcExt", "ss"); ************************* AdwCleaner[R1].txt - [8530 octets] - [07/08/2013 09:45:20] AdwCleaner[R2].txt - [8590 octets] - [07/08/2013 09:47:43] AdwCleaner[R3].txt - [8650 octets] - [07/08/2013 16:25:52] AdwCleaner[s1].txt - [8636 octets] - [07/08/2013 16:26:13] ########## EOF - C:\AdwCleaner[s1].txt - [8696 octets] ########## Junkware Removal Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.4 (08.06.2013:1) OS: Windows 7 Home Premium x64 Ran by allan.nancy.liam on 07/08/2013 at 16:32:11.77 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222622278} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255625578} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266626678} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222622278} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550255625578} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266626678} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255625578} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266626678} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550255625578} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266626678} ~~~ Files Successfully deleted: [File] C:\windows\syswow64\sho3DCE.tmp ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup" Successfully deleted: [Empty Folder] C:\Users\allan.nancy.liam\appdata\local\{28160336-19E3-46F7-B831-63EA1CD18887} Successfully deleted: [Empty Folder] C:\Users\allan.nancy.liam\appdata\local\{B3439799-3C07-41EC-A128-072FF69D4FEA} ~~~ FireFox Successfully deleted: [File] C:\Users\allan.nancy.liam\AppData\Roaming\mozilla\firefox\profiles\zudk6fwj.default\invalidprefs.js Emptied folder: C:\Users\allan.nancy.liam\AppData\Roaming\mozilla\firefox\profiles\zudk6fwj.default\minidumps [17 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [blacklisted Policy] Successfully deleted: [Folder] C:\Users\allan.nancy.liam\appdata\local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07/08/2013 at 16:36:33.18 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ malware away

this is my log from AdwCleaner # AdwCleaner v2.306 - Logfile created 08/07/2013 at 09:47:43 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : allan.nancy.liam - ALLANNANCYLIAM # Boot Mode : Normal # Running from : C:\Users\allan.nancy.liam\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\extensions\addon@defaulttab.com.xpi File Found : C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\extensions\addon@defaulttab.com.xpi File Found : C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\searchplugins\Babylon.xml File Found : C:\Users\Public\Desktop\eBay.lnk Folder Found : C:\ProgramData\APN Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Partner Folder Found : C:\Users\allan.nancy.liam\AppData\Local\Smartbar Folder Found : C:\Users\allan.nancy.liam\AppData\Roaming\DefaultTab Folder Found : C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\extensions\plugin@getwebcake.com Folder Found : C:\Users\allan.nancy.liam\AppData\Roaming\OpenCandy Folder Found : C:\Users\ALLANN~1.LIA\AppData\Local\Temp\Smartbar ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\BabSolution Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Default Tab Key Found : HKCU\Software\Delta Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Found : HKCU\Software\pc optimizer pro Key Found : HKCU\Software\SmartbarBackup Key Found : HKCU\Software\SmartbarLog Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BHO Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\Default Tab Key Found : HKLM\Software\Delta Key Found : HKLM\Software\InstallIQ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Found : HKLM\SOFTWARE\Wow6432Node\5853dbdcb73fbd10 Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} Key Found : HKLM\SOFTWARE\Software Key Found : HKU\S-1-5-21-1099913106-367438988-2773310967-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [browser Infrastructure Helper] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\prefs.js Found : user_pref("extensions.crossriderapp26278.adsOldValue", -1); Found : user_pref("extensions.delta.admin", false); Found : user_pref("extensions.delta.aflt", "babsst"); Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Found : user_pref("extensions.delta.autoRvrt", "false"); Found : user_pref("extensions.delta.dfltLng", "en"); Found : user_pref("extensions.delta.excTlbr", false); Found : user_pref("extensions.delta.ffxUnstlRst", true); Found : user_pref("extensions.delta.id", "3e5533aa00000000000000ff58625175"); Found : user_pref("extensions.delta.instlDay", "15923"); Found : user_pref("extensions.delta.instlRef", "sst"); Found : user_pref("extensions.delta.lastVrsnTs", "1.8.22.018:04:27"); Found : user_pref("extensions.delta.newTab", false); Found : user_pref("extensions.delta.prdct", "delta"); Found : user_pref("extensions.delta.prtnrId", "delta"); Found : user_pref("extensions.delta.rvrt", "false"); Found : user_pref("extensions.delta.smplGrp", "none"); Found : user_pref("extensions.delta.tlbrId", "base"); Found : user_pref("extensions.delta.tlbrSrchUrl", ""); Found : user_pref("extensions.delta.vrsn", "1.8.22.0"); Found : user_pref("extensions.delta.vrsnTs", "1.8.22.018:04:27"); Found : user_pref("extensions.delta.vrsni", "1.8.22.0"); Found : user_pref("extensions.delta_i.babExt", ""); Found : user_pref("extensions.delta_i.babTrack", "affID=121240&tt=060813_av&tsp=4966"); Found : user_pref("extensions.delta_i.srcExt", "ss"); ************************* AdwCleaner[R1].txt - [8530 octets] - [07/08/2013 09:45:20] AdwCleaner[R2].txt - [8489 octets] - [07/08/2013 09:47:43] ########## EOF - C:\AdwCleaner[R2].txt - [8549 octets] ##########

just ran another malware bytes quick scan and found 21 items Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.05.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 allan.nancy.liam :: ALLANNANCYLIAM [administrator] Protection: Disabled 06/08/2013 19:36:19 MBAM-log-2013-08-06 (19-39-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218816 Time elapsed: 2 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 5 HKCR\CLSID\{11111111-1111-1111-1111-110211621178} (PUP.Optional.Crossrider) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211621178} (PUP.Optional.Crossrider) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178} (PUP.Optional.Crossrider) -> No action taken. HKCR\CrossriderApp0026278.BHO (PUP.Optional.Crossrider) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Solid Savings (PUP.Optional.SolidSavings.A) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www1.delta-search.com/?babsrc=HP_ss&mntrId=3E5500FF58625175&affID=121240&tt=060813_av&tsp=4966) Good: (http://www.google.com) -> No action taken. Folders Detected: 2 C:\Users\allan.nancy.liam\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken. C:\Program Files (x86)\Solid Savings (PUP.Optional.SolidSavings.A) -> No action taken. Files Detected: 13 C:\Program Files (x86)\Solid Savings\Solid Savings-bho.dll (PUP.Optional.Crossrider) -> No action taken. C:\Users\allan.nancy.liam\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken. C:\Program Files (x86)\Solid Savings\background.html (PUP.Optional.SolidSavings.A) -> No action taken. C:\Program Files (x86)\Solid Savings\Installer.log (PUP.Optional.SolidSavings.A) -> No action taken. C:\Program Files (x86)\Solid Savings\Solid Savings-bg.exe (PUP.Optional.SolidSavings.A) -> No action taken. C:\Program Files (x86)\Solid Savings\Solid Savings-buttonutil.dll (PUP.Optional.SolidSavings.A) -> No action taken. C:\Program Files (x86)\Solid Savings\Solid Savings-buttonutil.exe (PUP.Optional.SolidSavings.A) -> No action taken. C:\Program Files (x86)\Solid Savings\Solid Savings-buttonutil64.dll (PUP.Optional.SolidSavings.A) -> No action taken. C:\Program Files (x86)\Solid Savings\Solid Savings-buttonutil64.exe (PUP.Optional.SolidSavings.A) -> No action taken. C:\Program Files (x86)\Solid Savings\Solid Savings-codedownloader.exe (PUP.Optional.SolidSavings.A) -> No action taken. C:\Program Files (x86)\Solid Savings\Solid Savings-helper.exe (PUP.Optional.SolidSavings.A) -> No action taken. C:\Program Files (x86)\Solid Savings\Solid Savings.ico (PUP.Optional.SolidSavings.A) -> No action taken. C:\Program Files (x86)\Solid Savings\Uninstall.exe (PUP.Optional.SolidSavings.A) -> No action taken. (end)

This is my log from combifix ComboFix 13-08-05.03 - allan.nancy.liam 06/08/2013 18:17:00.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6034.4165 [GMT 1:00] Running from: c:\users\allan.nancy.liam\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\allan.nancy.liam\AppData\Roaming\DefaultTab\DefaultTab c:\users\allan.nancy.liam\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe c:\users\allan.nancy.liam\Desktop\Setup.exe . . ((((((((((((((((((((((((( Files Created from 2013-07-06 to 2013-08-06 ))))))))))))))))))))))))))))))) . . 2013-08-06 17:31 . 2013-08-06 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-06 17:07 . 2013-08-06 17:07 -------- d-----w- c:\program files (x86)\7-Zip 2013-08-06 17:07 . 2013-08-06 17:10 -------- d-----w- c:\program files (x86)\MyPC Backup 2013-08-06 17:04 . 2013-08-06 17:05 -------- d-----w- c:\program files (x86)\Solid Savings 2013-08-06 17:04 . 2013-08-06 17:04 -------- d-----w- c:\programdata\BrowserDefender 2013-08-06 13:38 . 2013-08-06 13:47 -------- d-----w- C:\dvbdream 2013-08-06 08:47 . 2013-08-06 08:47 -------- d-----w- c:\programdata\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21_97A6E9190B374845A2EEEC5B058B8C9F_F893F7CA-8278-41DF-A76F-CAF0437A90CD__ 2013-08-06 08:47 . 2013-08-06 08:49 -------- d-----w- c:\programdata\CMUV 2013-08-05 19:30 . 2013-08-06 16:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-05 16:24 . 2010-03-15 10:31 165376 ----a-w- c:\windows\SysWow64\unrar.dll 2013-08-05 16:24 . 2013-08-05 16:24 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack 2013-08-05 16:23 . 2013-08-05 16:23 -------- d-----w- c:\program files (x86)\The Sea App (Firefox) 2013-08-05 16:22 . 2013-08-05 16:22 -------- d-----w- c:\programdata\APN 2013-08-05 15:54 . 2013-08-05 15:54 -------- d-----w- C:\SBCL 2013-08-01 07:14 . 2013-08-01 07:17 -------- d-----w- c:\windows\system32\MRT 2013-07-30 15:55 . 2013-07-30 15:55 -------- d-----w- c:\program files (x86)\VideoLAN 2013-07-19 08:49 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-07-19 08:49 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-07-18 10:27 . 2013-07-18 10:26 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2013-07-18 10:27 . 2013-07-18 10:26 120320 ----a-w- c:\windows\system32\E_ILMHAE.DLL 2013-07-18 10:27 . 2013-07-18 10:26 83968 ----a-w- c:\windows\system32\E_ID4BHAE.DLL 2013-07-18 10:24 . 2013-07-18 10:24 -------- d-----w- c:\program files\Common Files\EPSON 2013-07-18 10:23 . 2009-09-30 17:01 88064 ----a-w- c:\windows\system32\E_IBCBHAE.DLL 2013-07-18 09:56 . 2012-11-12 19:41 535552 ----a-w- c:\windows\system32\ensppui.dll 2013-07-18 09:56 . 2012-11-12 19:41 535552 ----a-w- c:\windows\system32\enppui.dll 2013-07-18 09:56 . 2012-11-12 14:15 558592 ----a-w- c:\windows\system32\ensppmon.dll 2013-07-18 09:56 . 2012-11-12 14:15 558592 ----a-w- c:\windows\system32\enppmon.dll 2013-07-18 09:56 . 2012-10-22 16:19 219648 ----a-w- c:\windows\system32\enspres.dll 2013-07-18 09:56 . 2012-10-22 16:19 219648 ----a-w- c:\windows\system32\enpres.dll 2013-07-18 09:56 . 2013-07-18 09:56 -------- d-----w- c:\program files\EpsonNet 2013-07-18 09:56 . 2013-07-18 09:56 -------- d-----w- c:\program files (x86)\Common Files\EPSON 2013-07-18 09:55 . 2013-07-18 10:24 -------- d-----w- c:\programdata\EPSON 2013-07-18 09:55 . 2011-08-09 23:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll 2013-07-18 09:55 . 2009-10-15 23:00 13824 ----a-w- c:\windows\system32\esxcdev.dll 2013-07-18 09:55 . 2009-10-15 23:00 132560 ----a-w- c:\windows\system32\esdevapp.exe 2013-07-18 09:55 . 2013-07-18 09:55 -------- d-----w- c:\program files (x86)\epson 2013-07-18 09:03 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-07-18 09:03 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-07-18 08:18 . 2013-07-18 08:18 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-17 19:15 . 2013-07-17 19:15 -------- d-----w- c:\programdata\Microsoft Help 2013-07-17 18:25 . 2013-07-17 18:25 -------- d-----r- C:\MSOCache 2013-07-17 09:17 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-17 09:17 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-07-17 09:17 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-07-17 09:17 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-07-17 09:17 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-07-17 09:17 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-07-17 09:06 . 2013-07-17 09:06 -------- d-----w- c:\windows\SysWow64\Wat 2013-07-17 09:06 . 2013-07-17 09:06 -------- d-----w- c:\windows\system32\Wat 2013-07-16 19:09 . 2013-07-16 19:09 -------- d-----w- c:\windows\OemDrv 2013-07-16 19:05 . 2011-02-09 02:07 38096 ----a-w- c:\windows\system32\drivers\PGEffect.sys 2013-07-16 18:59 . 2013-07-16 18:59 -------- d-----w- c:\program files (x86)\TOSHIBA Corporation 2013-07-16 18:59 . 2013-07-16 18:59 -------- d-----w- c:\program files (x86)\Common Files\Toshiba Shared 2013-07-16 18:56 . 2013-08-03 11:50 -------- d-----w- c:\programdata\Toshiba 2013-07-16 18:54 . 2013-07-16 18:54 -------- d-----w- c:\users\Public\Toshiba 2013-07-16 18:52 . 1999-10-13 02:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll 2013-07-16 18:52 . 1999-10-13 02:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll 2013-07-16 18:51 . 2013-07-16 18:51 -------- d-----w- c:\windows\sv 2013-07-16 18:50 . 2013-07-16 18:50 -------- d-----w- c:\windows\en 2013-07-16 18:50 . 2013-07-16 18:50 -------- d-----w- c:\windows\da 2013-07-16 18:50 . 2013-07-16 18:50 -------- d-----w- c:\windows\fi 2013-07-16 18:50 . 2013-07-16 18:50 -------- d-----w- c:\windows\no 2013-07-16 18:50 . 2013-07-16 18:50 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2013-07-16 18:49 . 2013-07-16 18:51 -------- d-----w- c:\program files (x86)\Windows Live 2013-07-16 18:49 . 2013-07-16 18:49 -------- d-----w- c:\windows\PCHEALTH 2013-07-16 18:49 . 2013-07-16 18:49 -------- d-----w- c:\program files\Windows Live 2013-07-16 18:48 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2013-07-16 18:48 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2013-07-16 18:48 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2013-07-16 18:48 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2013-07-16 18:48 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll 2013-07-16 18:48 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll 2013-07-16 18:48 . 2013-07-16 18:48 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2013-07-16 18:45 . 2010-09-10 00:26 162824 ----a-w- c:\windows\system32\GFNEXSrv.exe 2013-07-16 18:45 . 2010-09-10 00:26 152376 ----a-w- c:\windows\system32\GFNEX64.dll 2013-07-16 18:45 . 2010-09-10 00:26 128312 ----a-w- c:\windows\SysWow64\GFNEX.dll 2013-07-16 18:45 . 2013-07-16 18:45 -------- d-----w- c:\windows\SysWow64\sda 2013-07-16 18:45 . 2011-08-17 21:27 9887848 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll 2013-07-16 18:45 . 2011-08-17 21:27 422504 ----a-w- c:\windows\system32\RtsUStor.dll 2013-07-16 18:45 . 2011-08-17 21:27 251496 ----a-w- c:\windows\system32\drivers\RtsUStor.sys 2013-07-16 18:44 . 2009-06-19 04:42 40832 ----a-w- c:\windows\system32\drivers\TosBtCi.dll 2013-07-16 18:44 . 2013-07-16 18:44 -------- d-----w- c:\program files\DIFX 2013-07-16 18:44 . 2012-02-12 04:25 28528 ----a-w- c:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll 2013-07-16 18:41 . 2013-07-16 18:41 -------- d-----w- c:\program files (x86)\Realtek WLAN Driver 2013-07-16 18:41 . 2012-01-17 00:20 1082472 ----a-w- c:\windows\system32\drivers\rtwlane.sys 2013-07-16 18:41 . 2011-07-18 23:11 1145448 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys 2013-07-16 18:41 . 2011-06-21 00:07 1225832 ----a-w- c:\windows\system32\drivers\rtl8192se.sys 2013-07-16 18:41 . 2010-12-22 23:24 626792 ----a-w- c:\windows\system32\drivers\rtl819xp.sys 2013-07-16 18:41 . 2010-12-01 16:31 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe 2013-07-16 18:41 . 2010-04-01 21:01 442368 ----a-w- c:\windows\system32\drivers\rtl8187Se.sys 2013-07-16 18:41 . 2010-03-31 18:10 450048 ----a-w- c:\windows\system32\drivers\rtl8187B.sys 2013-07-16 18:40 . 2011-08-24 04:57 74272 ----a-w- c:\windows\system32\RtNicProp64.dll 2013-07-16 18:40 . 2011-08-24 04:57 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2013-07-16 18:40 . 2011-08-24 04:57 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2013-07-16 18:39 . 2013-07-16 18:39 -------- d-----w- c:\program files\Synaptics 2013-07-16 18:39 . 2013-07-16 18:39 -------- d-----w- c:\program files\SRS Labs 2013-07-16 18:35 . 2011-11-30 02:40 568600 ----a-w- c:\windows\system32\drivers\iaStor.sys 2013-07-16 18:31 . 2013-07-16 18:31 -------- d-----w- c:\program files\Common Files\Intel 2013-07-16 18:31 . 2013-07-16 18:31 -------- d-----w- c:\program files (x86)\Common Files\Intel 2013-07-16 18:29 . 2012-02-21 19:10 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll 2013-07-16 18:29 . 2013-07-16 18:30 -------- d-----w- c:\programdata\Intel 2013-07-16 18:29 . 2013-07-16 18:29 -------- d-----w- c:\program files\Intel 2013-07-16 18:29 . 2013-07-16 18:29 -------- d-----w- c:\program files (x86)\Common Files\postureAgent 2013-07-16 18:29 . 2013-07-16 18:31 -------- d-----w- C:\Intel 2013-07-16 18:29 . 2011-11-10 08:04 60184 ----a-w- c:\windows\system32\drivers\HECIx64.sys 2013-07-16 18:26 . 2013-07-16 18:35 -------- d-----w- c:\program files (x86)\Intel 2013-07-16 18:26 . 2012-01-16 18:06 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2013-07-16 18:16 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2013-07-16 18:15 . 2013-07-16 18:15 -------- d-----w- c:\program files\iPod 2013-07-16 18:15 . 2013-07-16 18:16 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-07-16 18:15 . 2013-07-16 18:16 -------- d-----w- c:\program files\iTunes 2013-07-16 18:15 . 2013-07-16 18:16 -------- d-----w- c:\program files (x86)\iTunes 2013-07-16 18:15 . 2013-07-16 18:15 -------- d-----w- c:\programdata\Apple Computer 2013-07-16 18:10 . 2013-07-16 18:10 -------- d-----w- c:\program files (x86)\Apple Software Update 2013-07-16 18:09 . 2013-07-16 18:09 -------- d-----w- c:\program files\Common Files\Apple 2013-07-16 18:09 . 2013-07-16 18:09 -------- d-----w- c:\program files\Bonjour 2013-07-16 18:09 . 2013-07-16 18:09 -------- d-----w- c:\program files (x86)\Bonjour 2013-07-16 18:09 . 2013-07-16 18:15 -------- d-----w- c:\program files (x86)\Common Files\Apple 2013-07-16 18:09 . 2013-07-16 18:10 -------- d-----w- c:\programdata\Apple 2013-07-16 16:14 . 2013-07-16 18:09 -------- d-----w- c:\programdata\VirtualizedApplications 2013-07-16 14:02 . 2013-07-16 14:02 0 ----a-w- c:\windows\SysWow64\sho3DCE.tmp 2013-07-16 13:35 . 2012-07-26 07:31 2560 ----a-w- c:\windows\system32\drivers\da-DK\wdf01000.sys.mui 2013-07-16 13:35 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\nb-NO\wdf01000.sys.mui 2013-07-16 13:35 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\fi-FI\wdf01000.sys.mui 2013-07-16 13:35 . 2012-07-26 07:45 2560 ----a-w- c:\windows\system32\drivers\sv-SE\wdf01000.sys.mui . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-16 18:49 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-07-16 12:22 . 2012-05-11 18:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-16 12:22 . 2012-05-11 18:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211621178}] 2013-08-06 17:05 752008 ----a-w- c:\program files (x86)\Solid Savings\Solid Savings-bho.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE" [2013-07-18 283232] "DelayShred"="c:\progra~1\mcafee\mqs\ShrCL.EXE" [2012-09-10 67416] "Browser Infrastructure Helper"="c:\users\allan.nancy.liam\AppData\Local\Smartbar\Application\QuickShare.exe" [2013-07-15 20248] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 958576] "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936] . c:\users\allan.nancy.liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104] Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2012-5-11 1492352] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x] S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2013-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 12:22] . 2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11 18:52] . 2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11 18:52] . 2013-08-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41] . 2013-08-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112] "SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720] "Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-05-11 150992] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-10 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-10 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-10 440088] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{1847CD55-799D-4161-9DB9-DF668D598EC9}: NameServer = 176.67.84.19,178.79.166.52 TCP: Interfaces\{2F67D703-A00D-43B5-8974-B28B9D6F5796}: NameServer = 176.67.84.19,178.79.166.52 TCP: Interfaces\{2F67D703-A00D-43B5-8974-B28B9D6F5796}\244575966496: NameServer = 176.67.84.19,178.79.166.52 TCP: Interfaces\{2F67D703-A00D-43B5-8974-B28B9D6F5796}\244575966496D277964786D264F4E4: NameServer = 176.67.84.19,178.79.166.52 FF - ProfilePath - c:\users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\ FF - ExtSQL: 2013-07-16 12:52; plugin@getwebcake.com; c:\users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\extensions\plugin@getwebcake.com FF - ExtSQL: 2013-07-16 13:12; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor FF - ExtSQL: 2013-07-16 13:46; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2013-08-05 17:23; addon@defaulttab.com; c:\users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\extensions\addon@defaulttab.com.xpi FF - ExtSQL: 2013-08-05 17:23; sea-condensed@plugin.org; c:\program files (x86)\The Sea App (Firefox) FF - ExtSQL: 2013-08-06 18:05; 9518042e-7ad6-4dac-b377-056e28d00c8f@f1cc0a13-4df1-4d66-938f-088db8838882.com; c:\users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\extensions\9518042e-7ad6-4dac-b377-056e28d00c8f@f1cc0a13-4df1-4d66-938f-088db8838882.com FF - user.js: extentions.webcake.installId - b42525ea-3214-4b25-9503-5fb9de039a3e FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 3e5533aa00000000000000ff58625175 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15923 FF - user.js: extensions.delta.vrsn - 1.8.22.0 FF - user.js: extensions.delta.vrsni - 1.8.22.0 FF - user.js: extensions.delta.vrsnTs - 1.8.22.018:04 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=121240&tt=060813_av&tsp=4966 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe AddRemove-DefaultTab - c:\users\allan.nancy.liam\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-06 18:55:15 ComboFix-quarantined-files.txt 2013-08-06 17:55 . Pre-Run: 672,224,968,704 bytes free Post-Run: 673,168,318,464 bytes free . - - End Of File - - 936EB342C0BFEA583F7D50273990234A D41D8CD98F00B204E9800998ECF8427E

hi no more threats were found when i ran the anti rootkit internet running fine cheers

This is my report, RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : allan.nancy.liam [Admin rights] Mode : Scan -- Date : 08/06/2013 08:39:24 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [DNS] HKLM\[...]\CCSet\[...]\{1847CD55-799D-4161-9DB9-DF668D598EC9} : NameServer (176.67.84.19,178.79.166.52) -> FOUND [DNS] HKLM\[...]\CCSet\[...]\{2F67D703-A00D-43B5-8974-B28B9D6F5796} : NameServer (176.67.84.19,178.79.166.52) -> FOUND [DNS] HKLM\[...]\CS001\[...]\{1847CD55-799D-4161-9DB9-DF668D598EC9} : NameServer (176.67.84.19,178.79.166.52) -> FOUND [DNS] HKLM\[...]\CS001\[...]\{2F67D703-A00D-43B5-8974-B28B9D6F5796} : NameServer (176.67.84.19,178.79.166.52) -> FOUND [DNS] HKLM\[...]\CS002\[...]\{1847CD55-799D-4161-9DB9-DF668D598EC9} : NameServer (176.67.84.19,178.79.166.52) -> FOUND [DNS] HKLM\[...]\CS002\[...]\{2F67D703-A00D-43B5-8974-B28B9D6F5796} : NameServer (176.67.84.19,178.79.166.52) -> FOUND [HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤

Hi, I bought a laptop off a friend and it seems to be infected the same issues keep appearing when I scan the system here are the logs: DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 Run by allan.nancy.liam at 21:02:40 on 2013-08-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6034.3948 [GMT 1:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\Windows\System32\GFNEXSrv.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\windows\system32\mfevtps.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\rundll32.exe C:\windows\system32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\taskhost.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\System32\StikyNot.exe C:\windows\system32\SearchIndexer.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Users\allan.nancy.liam\Downloads\mbar-1.06.0.1004\mbar\mbar.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\vssvc.exe C:\windows\System32\svchost.exe -k swprv C:\windows\system32\SearchFilterHost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe uRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX430" mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP StartupFolder: C:\Users\ALLANN~1.LIA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRDCRE~1.LNK - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{0CD679EF-6790-4488-8C0D-800838A0CEAB} : DHCPNameServer = 109.249.185.224 109.249.190.32 TCP: Interfaces\{1847CD55-799D-4161-9DB9-DF668D598EC9} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{2F67D703-A00D-43B5-8974-B28B9D6F5796} : NameServer = 176.67.84.19,178.79.166.52 TCP: Interfaces\{2F67D703-A00D-43B5-8974-B28B9D6F5796} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{2F67D703-A00D-43B5-8974-B28B9D6F5796}\244575966496 : NameServer = 176.67.84.19,178.79.166.52 TCP: Interfaces\{2F67D703-A00D-43B5-8974-B28B9D6F5796}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{2F67D703-A00D-43B5-8974-B28B9D6F5796}\244575966496D277964786D264F4E4 : NameServer = 176.67.84.19,178.79.166.52 TCP: Interfaces\{2F67D703-A00D-43B5-8974-B28B9D6F5796}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{58625175-29F4-4C08-8ACF-660C0B1DED41} : DHCPNameServer = 8.8.8.8 TCP: Interfaces\{7AB0CAA0-F85C-49E7-8144-77AAD1FAE397} : DHCPNameServer = 109.249.185.224 109.249.186.32 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\ FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - ExtSQL: 2013-07-16 12:52; plugin@getwebcake.com; C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\extensions\plugin@getwebcake.com FF - ExtSQL: 2013-07-16 13:12; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor FF - ExtSQL: 2013-07-16 13:46; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2013-08-05 17:23; addon@defaulttab.com; C:\Users\allan.nancy.liam\AppData\Roaming\Mozilla\Firefox\Profiles\zudk6fwj.default\extensions\addon@defaulttab.com.xpi FF - ExtSQL: 2013-08-05 17:23; sea-condensed@plugin.org; C:\Program Files (x86)\The Sea App (Firefox) . ---- FIREFOX POLICIES ---- FF - user.js: extentions.webcake.installId - b42525ea-3214-4b25-9503-5fb9de039a3e FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 3e5533aa00000000000024ec9984b1aa FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15902 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.512:53:08 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=121564&tsp=4945 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-10-15 771536] R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-10-15 340216] R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\System32\drivers\NBVol.sys [2012-5-11 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\System32\drivers\NBVolUp.sys [2012-5-11 15920] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-7-18 151648] R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2013-7-16 162824] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-7-16 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-16 161560] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-16 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-16 701512] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2013-7-16 201304] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2013-7-16 201304] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2013-7-16 201304] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2013-7-16 201304] R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2013-7-16 241456] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-7-16 218760] R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-5-11 182752] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289472] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-16 363800] R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2013-7-16 70112] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264] R3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-8-5 36680] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-7-16 25928] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2013-7-16 309840] R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2013-7-16 515968] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-7-16 38096] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-7-16 251496] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-7-16 565352] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtwlane.sys [2013-7-16 1082472] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-7-16 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2013-7-16 196440] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2013-7-16 106552] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2012-9-10 22528] S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\drivers\RtkBtfilter.sys [2012-1-5 21096] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-7-17 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2013-08-05 19:30:30 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-05 19:29:43 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys 2013-08-05 16:24:46 165376 ----a-w- C:\windows\SysWow64\unrar.dll 2013-08-05 16:24:42 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2013-08-05 16:23:49 -------- d-----w- C:\Program Files (x86)\The Sea App (Firefox) 2013-08-05 16:23:48 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\DefaultTab 2013-08-05 16:22:23 -------- d-----w- C:\ProgramData\APN 2013-08-05 15:54:58 -------- d-----w- C:\SBCL 2013-08-01 07:14:50 -------- d-----w- C:\windows\System32\MRT 2013-07-30 15:55:42 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-07-27 12:02:17 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\{28160336-19E3-46F7-B831-63EA1CD18887} 2013-07-27 12:02:16 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\{B3439799-3C07-41EC-A128-072FF69D4FEA} 2013-07-23 13:56:59 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Microsoft Games 2013-07-19 08:49:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2013-07-19 08:49:06 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2013-07-18 10:27:37 10752 ----a-w- C:\windows\System32\E_GCINST.DLL 2013-07-18 10:27:35 120320 ----a-w- C:\windows\System32\E_ILMHAE.DLL 2013-07-18 10:27:34 83968 ----a-w- C:\windows\System32\E_ID4BHAE.DLL 2013-07-18 10:24:18 -------- d-----w- C:\Program Files\Common Files\EPSON 2013-07-18 10:23:53 88064 ----a-w- C:\windows\System32\E_IBCBHAE.DLL 2013-07-18 09:56:17 558592 ----a-w- C:\windows\System32\ensppmon.dll 2013-07-18 09:56:17 558592 ----a-w- C:\windows\System32\enppmon.dll 2013-07-18 09:56:17 535552 ----a-w- C:\windows\System32\ensppui.dll 2013-07-18 09:56:17 535552 ----a-w- C:\windows\System32\enppui.dll 2013-07-18 09:56:17 219648 ----a-w- C:\windows\System32\enspres.dll 2013-07-18 09:56:17 219648 ----a-w- C:\windows\System32\enpres.dll 2013-07-18 09:56:16 -------- d-----w- C:\Program Files\EpsonNet 2013-07-18 09:56:06 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON 2013-07-18 09:55:48 -------- d-----w- C:\ProgramData\EPSON 2013-07-18 09:55:30 464384 ----a-w- C:\windows\System32\esxw2ud.dll 2013-07-18 09:55:30 13824 ----a-w- C:\windows\System32\esxcdev.dll 2013-07-18 09:55:30 132560 ----a-w- C:\windows\System32\esdevapp.exe 2013-07-18 09:55:19 -------- d-----w- C:\Program Files (x86)\epson 2013-07-18 09:03:05 1643520 ----a-w- C:\windows\System32\DWrite.dll 2013-07-18 09:03:05 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll 2013-07-18 08:18:43 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-17 19:15:38 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Microsoft Help 2013-07-17 09:17:26 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-07-17 09:17:26 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-07-17 09:17:25 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll 2013-07-17 09:17:25 43520 ----a-w- C:\windows\System32\csrsrv.dll 2013-07-17 09:17:25 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-07-17 09:17:25 112640 ----a-w- C:\windows\System32\smss.exe 2013-07-17 09:06:08 -------- d-----w- C:\windows\SysWow64\Wat 2013-07-17 09:06:07 -------- d-----w- C:\windows\System32\Wat 2013-07-16 19:09:32 -------- d-----w- C:\windows\OemDrv 2013-07-16 19:05:28 38096 ----a-w- C:\windows\System32\drivers\PGEffect.sys 2013-07-16 18:59:00 -------- d-----w- C:\Program Files (x86)\TOSHIBA Corporation 2013-07-16 18:59:00 -------- d-----w- C:\Program Files (x86)\Common Files\Toshiba Shared 2013-07-16 18:52:22 24576 ----a-w- C:\windows\SysWow64\TSCI.dll 2013-07-16 18:52:22 24576 ----a-w- C:\windows\SysWow64\THCI.dll 2013-07-16 18:51:33 -------- d-----w- C:\windows\sv 2013-07-16 18:50:53 -------- d-----w- C:\windows\en 2013-07-16 18:50:50 -------- d-----w- C:\windows\da 2013-07-16 18:50:46 -------- d-----w- C:\windows\fi 2013-07-16 18:50:43 -------- d-----w- C:\windows\no 2013-07-16 18:50:25 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-07-16 18:49:06 -------- d-----w- C:\windows\PCHEALTH 2013-07-16 18:45:32 162824 ----a-w- C:\windows\System32\GFNEXSrv.exe 2013-07-16 18:45:32 152376 ----a-w- C:\windows\System32\GFNEX64.dll 2013-07-16 18:45:32 128312 ----a-w- C:\windows\SysWow64\GFNEX.dll 2013-07-16 18:45:16 -------- d-----w- C:\windows\SysWow64\sda 2013-07-16 18:45:11 9887848 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll 2013-07-16 18:45:11 422504 ----a-w- C:\windows\System32\RtsUStor.dll 2013-07-16 18:45:11 251496 ----a-w- C:\windows\System32\drivers\RtsUStor.sys 2013-07-16 18:44:28 40832 ----a-w- C:\windows\System32\drivers\TosBtCi.dll 2013-07-16 18:44:04 28528 ----a-w- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll 2013-07-16 18:41:18 626792 ----a-w- C:\windows\System32\drivers\rtl819xp.sys 2013-07-16 18:41:18 451072 ----a-w- C:\windows\SysWow64\ISSRemoveSP.exe 2013-07-16 18:41:18 450048 ----a-w- C:\windows\System32\drivers\rtl8187B.sys 2013-07-16 18:41:18 442368 ----a-w- C:\windows\System32\drivers\rtl8187Se.sys 2013-07-16 18:41:18 1225832 ----a-w- C:\windows\System32\drivers\rtl8192se.sys 2013-07-16 18:41:18 1145448 ----a-w- C:\windows\System32\drivers\rtl8192ce.sys 2013-07-16 18:41:18 1082472 ----a-w- C:\windows\System32\drivers\rtwlane.sys 2013-07-16 18:41:18 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver 2013-07-16 18:40:12 74272 ----a-w- C:\windows\System32\RtNicProp64.dll 2013-07-16 18:40:12 565352 ----a-w- C:\windows\System32\drivers\Rt64win7.sys 2013-07-16 18:40:12 107552 ----a-w- C:\windows\System32\RTNUninst64.dll 2013-07-16 18:39:46 -------- d-----w- C:\Program Files\Synaptics 2013-07-16 18:39:06 -------- d-----w- C:\Program Files\SRS Labs 2013-07-16 18:35:47 568600 ----a-w- C:\windows\System32\drivers\iaStor.sys 2013-07-16 18:31:43 -------- d-----w- C:\Program Files\Common Files\Intel 2013-07-16 18:31:43 -------- d-----w- C:\Program Files (x86)\Common Files\Intel 2013-07-16 18:29:59 15128 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll 2013-07-16 18:29:24 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2013-07-16 18:29:20 -------- d-----w- C:\Intel 2013-07-16 18:29:19 60184 ----a-w- C:\windows\System32\drivers\HECIx64.sys 2013-07-16 18:26:56 53248 ----a-w- C:\windows\SysWow64\CSVer.dll 2013-07-16 18:16:34 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Apple Computer 2013-07-16 18:16:28 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys 2013-07-16 18:15:39 -------- d-----w- C:\Program Files\iPod 2013-07-16 18:15:38 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-07-16 18:15:38 -------- d-----w- C:\Program Files\iTunes 2013-07-16 18:15:38 -------- d-----w- C:\Program Files (x86)\iTunes 2013-07-16 18:10:19 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Apple 2013-07-16 18:09:46 -------- d-----w- C:\Program Files\Bonjour 2013-07-16 18:09:46 -------- d-----w- C:\Program Files (x86)\Bonjour 2013-07-16 16:14:42 -------- d-----w- C:\ProgramData\VirtualizedApplications 2013-07-16 14:02:49 0 ----a-w- C:\windows\SysWow64\sho3DCE.tmp 2013-07-16 13:59:14 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\ElevatedDiagnostics 2013-07-16 13:35:52 2560 ----a-w- C:\windows\System32\drivers\nb-NO\wdf01000.sys.mui 2013-07-16 13:35:52 2560 ----a-w- C:\windows\System32\drivers\fi-FI\wdf01000.sys.mui 2013-07-16 13:35:52 2560 ----a-w- C:\windows\System32\drivers\da-DK\wdf01000.sys.mui 2013-07-16 13:35:51 9728 ----a-w- C:\windows\System32\Wdfres.dll 2013-07-16 13:35:51 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys 2013-07-16 13:35:51 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys 2013-07-16 13:35:51 2560 ----a-w- C:\windows\System32\drivers\sv-SE\wdf01000.sys.mui 2013-07-16 13:35:51 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2013-07-16 13:32:50 294912 ----a-w- C:\windows\System32\browserchoice.exe 2013-07-16 13:25:50 46080 ----a-w- C:\windows\System32\atmlib.dll 2013-07-16 13:25:50 367616 ----a-w- C:\windows\System32\atmfd.dll 2013-07-16 13:25:50 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2013-07-16 13:25:50 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2013-07-16 13:24:51 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2013-07-16 13:24:51 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2013-07-16 13:24:51 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2013-07-16 13:24:51 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2013-07-16 13:24:50 744448 ----a-w- C:\windows\System32\WUDFx.dll 2013-07-16 13:24:50 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2013-07-16 13:24:50 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2013-07-16 13:21:06 81408 ----a-w- C:\windows\System32\imagehlp.dll 2013-07-16 13:21:06 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2013-07-16 13:21:06 5120 ----a-w- C:\windows\System32\wmi.dll 2013-07-16 13:21:06 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2013-07-16 13:21:06 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2013-07-16 13:15:29 30720 ----a-w- C:\windows\System32\cryptdlg.dll 2013-07-16 13:15:28 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll 2013-07-16 13:12:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-07-16 13:10:31 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2013-07-16 13:10:31 2048 ----a-w- C:\windows\System32\tzres.dll 2013-07-16 13:08:50 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-07-16 13:07:41 220160 ----a-w- C:\windows\System32\wintrust.dll 2013-07-16 13:06:37 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-07-16 13:05:35 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys 2013-07-16 13:04:56 3216384 ----a-w- C:\windows\System32\msi.dll 2013-07-16 13:03:44 90624 ----a-w- C:\windows\System32\drivers\bowser.sys 2013-07-16 13:03:42 956928 ----a-w- C:\windows\System32\localspl.dll 2013-07-16 12:56:13 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\OverPlay.net, LP 2013-07-16 12:55:42 1887232 ----a-w- C:\windows\System32\d3d11.dll 2013-07-16 12:55:42 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll 2013-07-16 12:55:39 67072 ----a-w- C:\windows\splwow64.exe 2013-07-16 12:55:39 559104 ----a-w- C:\windows\System32\spoolsv.exe 2013-07-16 12:55:03 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Deployment 2013-07-16 12:55:03 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Apps 2013-07-16 12:21:26 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\Malwarebytes 2013-07-16 12:21:04 -------- d-----w- C:\ProgramData\Malwarebytes 2013-07-16 12:21:02 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-07-16 12:21:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-16 12:20:52 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Programs 2013-07-16 12:17:29 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\SoftGrid Client 2013-07-16 12:17:28 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\SoftGrid Client 2013-07-16 12:16:29 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-07-16 12:16:11 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\TP 2013-07-16 12:11:26 196440 ----a-w- C:\windows\System32\drivers\HipShieldK.sys 2013-07-16 12:11:14 -------- d-----w- C:\Program Files (x86)\McAfee.com 2013-07-16 12:11:11 10728 ----a-w- C:\windows\System32\drivers\mfeclnk.sys 2013-07-16 12:11:11 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee 2013-07-16 12:11:10 70112 ----a-w- C:\windows\System32\drivers\cfwids.sys 2013-07-16 12:11:10 515968 ----a-w- C:\windows\System32\drivers\mfefirek.sys 2013-07-16 12:11:10 309840 ----a-w- C:\windows\System32\drivers\mfeavfk.sys 2013-07-16 12:11:10 106552 ----a-w- C:\windows\System32\drivers\mferkdet.sys 2013-07-16 12:10:58 -------- d-----w- C:\Program Files\McAfee.com 2013-07-16 12:10:58 -------- d-----w- C:\Program Files\McAfee 2013-07-16 12:10:56 -------- d-----w- C:\Program Files (x86)\McAfee 2013-07-16 11:52:54 -------- d-----w- C:\ProgramData\Babylon 2013-07-16 11:52:48 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\Philipp Winterberg 2013-07-16 11:52:46 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\OpenCandy 2013-07-16 11:52:46 -------- d-----w- C:\Program Files (x86)\Free RAR Extract Frog 2013-07-16 11:52:03 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Macromedia 2013-07-16 11:34:12 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\TOSHIBA Online Product Information 2013-07-16 11:31:03 2622464 ----a-w- C:\windows\System32\wucltux.dll 2013-07-16 11:28:14 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Google 2013-07-16 11:25:03 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\SRS Labs 2013-07-16 11:24:44 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\TOSHIBA 2013-07-16 11:24:07 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\VirtualStore 2013-07-16 11:23:20 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Roaming\WinBatch 2013-07-16 11:23:10 -------- d-----w- C:\Users\allan.nancy.liam\AppData\Local\Adobe . ==================== Find3M ==================== . 2013-07-18 08:18:43 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-16 12:22:45 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-16 12:22:45 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll 2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys . ============= FINISH: 21:03:10.36 =============== ATTACH . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 16/07/2013 12:21:34 System Uptime: 05/08/2013 20:20:13 (1 hours ago) . Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1 Processor: Intel® Pentium® CPU B950 @ 2.10GHz | U3E1 | 2100/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 681 GiB total, 625.35 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&186AA2C8&0&01 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&186AA2C8&0&01 Service: vwifimp . ==== System Restore Points =================== . RP3: 16/07/2013 12:30:05 - Windows Update RP4: 16/07/2013 12:36:31 - Windows Update RP5: 16/07/2013 13:14:47 - Removed BBC iPlayer Desktop RP6: 16/07/2013 13:54:23 - Device Driver Package Install: TAP-Win32 Provider V9 Network adapters RP7: 16/07/2013 14:15:58 - Windows Update RP8: 16/07/2013 19:10:24 - Installed iTunes RP9: 16/07/2013 20:06:43 - Windows Update RP10: 17/07/2013 10:05:16 - Windows Update RP11: 18/07/2013 08:49:50 - Windows Update RP12: 18/07/2013 11:27:48 - Device Driver Package Install: EPSON Printers RP13: 18/07/2013 13:28:27 - Windows Update RP14: 19/07/2013 19:53:59 - Windows Update RP15: 01/08/2013 08:09:49 - Windows Update . ==== Installed Programs ====================== . ActiveX-kontroll för fjärranslutningar för Windows Live Mesh Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) MUI Agatha Christie - Death on the Nile Aloha TriPeaks Apple Application Support Apple Mobile Device Support Apple Software Update Bejeweled 3 Bluetooth Stack for Windows by Toshiba Bonjour BT NetProtect Plus Cake Mania Chuzzle Deluxe D3DX10 DefaultTab EPSON Scan EPSON SX430 Series Printer Uninstall EpsonNet Print Free RAR Extract Frog Google Chrome Google Update Helper High-Definition Video Playback Insaniquarium Deluxe Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® Trusted Connect Service Client iTunes Java Auto Updater Java 6 Update 30 Jewel Quest Solitaire 2 Junk Mail filter update K-Lite Codec Pack 7.0.0 (Standard) Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Mystery P.I. - The London Caper Nero 11 Essentials Nero 11 Kwik Themes Basic Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero BurnRights 11 Nero BurnRights 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero Express 11 Nero Express 11 Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero Update nero.prerequisites.msi OpenVPN Tap Adapter 9.0.0.8 OverPlay VPN Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Polar Bowler Premium Sound HD Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WLAN Driver RtkClassFilter Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Shared C Run-time for x64 Skype Click to Call Skype™ 6.6 Synaptics Pointing Device Driver The Sea App (Firefox) TOSHIBA Assist TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Manuals TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Online Product Information TOSHIBA PC Health Monitor TOSHIBA Places Icon Utility TOSHIBA Recovery Media Creator TOSHIBA Recovery Media Creator Reminder TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA TEMPRO TOSHIBA Value Added Package TOSHIBA Web Camera Application Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life VLC media player 2.0.7 WebCake 3.00 welcome WildTangent Games WildTangent Games App (Toshiba Games) Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (12/02/2011 2.3.8.1) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalleri Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX Control for Remote Connections Windows Live Meshin etäyhteyksien ActiveX-komponentti Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima . ==== Event Viewer Messages From Past Week ======== . 05/08/2013 19:58:46, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 05/08/2013 19:51:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} 05/08/2013 19:50:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 05/08/2013 19:49:59, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 05/08/2013 19:49:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 05/08/2013 19:49:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 05/08/2013 19:49:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 05/08/2013 19:49:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 05/08/2013 19:49:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Tosrfcom Wanarpv6 05/08/2013 19:49:28, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 05/08/2013 19:48:42, Error: Service Control Manager [7023] - The TPCH Service service terminated with the following error: %%-2147221008 04/08/2013 09:46:01, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). 04/08/2013 09:46:01, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 04/08/2013 09:46:01, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 04/08/2013 09:46:01, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 04/08/2013 09:46:01, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 04/08/2013 09:46:01, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 02/08/2013 11:26:37, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================