Sorry i took so long to reply. The computer we saw this on was no longer in our possession when I saw this reply. Here is the contents of the log file... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2014 Ran by George (administrator) on GEORGE-HP on 01-07-2014 15:46:46Running from C:\Users\George\DesktopPlatform: Windows 7 Home Premium (X64) OS Language: English (United States)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe() C:\Program Files\pcmax\pcmax.exe(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe() C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\SupraSavingsService64.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe() C:\Program Files (x86)\Bench\Proxy\pwdg.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [bench Communicator Watcher] => C:\Program Files (x86)\Bench\Proxy\pwdg.exe [113152 2014-06-17] ()HKLM-x32\...\Run: [bench Settings Cleaner] => C:\Program Files (x86)\Bench\Proxy\cl.exe [55296 2014-06-17] ()HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-24] (Hewlett-Packard)HKLM-x32\...\Runonce: [browser Guardian] - [X]Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe [535216 2014-05-14] (Adobe Systems Incorporated)HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\MountPoints2: {515464fc-fe7c-11e0-a302-6c626dba1323} - J:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\MountPoints2: {db9f71e2-faec-11e0-b688-6c626dba1323} - J:\VZAccess_Manager.exe /z detectStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKCU - DefaultScope {45D62A98-3E69-4CD8-BF9B-9E80F55E8355} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US747&p={SearchTerms}SearchScopes: HKCU - {45D62A98-3E69-4CD8-BF9B-9E80F55E8355} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US747&p={SearchTerms}SearchScopes: HKCU - {899B35FF-D18B-8FBB-580A-E99390A9E0B2} URL = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111214&iesrc={referrer:source}SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=DesktopsToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No FileHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 10.1.10.2 FireFox:========FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\uq0nh8ss.defaultFF DefaultSearchEngine: Secure SearchFF SearchEngineOrder.1: Secure SearchFF SelectedSearchEngine: Secure SearchFF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A111US747&p=FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @winzip.com/Winzip Courier - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\uq0nh8ss.default\searchplugins\startnow.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xmlFF Extension: EpicPlay Games - C:\Users\George\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-12-14]FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-08-12]FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExtFF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt [2011-01-02]FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpiFF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: =======CHR HomePage: hxxp://www.google.com/CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=6A55159D-9E75-4299-B0BE-499A1E8E21E4"CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-06-18] ==================== Services (Whitelisted) ================= S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2011-09-06] (Autodesk)R2 DcomLaunch; C:\Windows\system32\rpcss.dll [518144 2009-07-13] (Microsoft Corporation) [File not signed]R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)R2 RpcSs; C:\Windows\system32\rpcss.dll [518144 2009-07-13] (Microsoft Corporation) [File not signed]R2 SupraSavingsService64; C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S2 0033821404239571mcinstcleanup; C:\Windows\TEMP\003382~1.EXE -cleanup -nolog [X] ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-01] (Malwarebytes Corporation)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-07-20] (support.com, Inc)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-14] (Anchorfree Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-01 15:46 - 2014-07-01 15:47 - 00017613 _____ () C:\Users\George\Desktop\FRST.txt2014-07-01 15:46 - 2014-07-01 15:46 - 02083328 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe2014-07-01 15:46 - 2014-07-01 15:46 - 00000000 ____D () C:\FRST2014-07-01 15:38 - 2014-07-01 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-07-01 15:32 - 2014-07-01 15:47 - 00000003 _____ () C:\Users\George\AppData\Local\proxy.log2014-07-01 15:32 - 2014-07-01 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-01 15:32 - 2014-07-01 15:32 - 00265752 _____ (Secure By Design Inc.) C:\Users\George\Downloads\Ninite 7Zip Firefox Malwarebytes NET Reader Installer.exe2014-07-01 15:32 - 2014-07-01 15:32 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-sys.job2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-S-1-5-21-304265352-2529404635-3209431853-1000.job2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Guardian2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Browser Guardian2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\BenchUpdater2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Bench2014-07-01 15:32 - 2014-05-12 08:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-01 15:32 - 2014-05-12 08:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-01 15:32 - 2014-05-12 08:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-07-01 15:31 - 2014-07-01 15:31 - 00095512 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-01 15:30 - 2014-07-01 15:30 - 04979904 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-01 15:30 - 2014-07-01 15:30 - 00000356 _____ () C:\Windows\PFRO.log2014-07-01 15:30 - 2014-07-01 15:30 - 00000056 _____ () C:\Windows\setupact.log2014-07-01 15:30 - 2014-07-01 15:30 - 00000022 _____ () C:\Windows\S.dirmngr2014-07-01 15:30 - 2014-07-01 15:30 - 00000000 _____ () C:\Windows\setuperr.log2014-07-01 11:21 - 2014-07-01 11:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Hard Disk Sentinel2014-07-01 11:17 - 2014-07-01 11:17 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-07-01 11:17 - 2014-07-01 11:17 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\Program Files\CCleaner2014-07-01 11:16 - 2014-07-01 11:16 - 03736040 _____ (Piriform Ltd) C:\Users\George\Downloads\ccsetup415_slim.exe2014-07-01 11:06 - 2014-07-01 11:06 - 00000000 ____D () C:\Program Files\SupraSavings2014-07-01 11:04 - 2014-07-01 11:05 - 00000000 ____D () C:\AdwCleaner2014-07-01 11:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-07-01 10:53 - 2014-07-01 10:53 - 00000000 ____D () C:\Windows\ERUNT2014-06-30 18:55 - 2014-06-30 18:55 - 00016384 _____ () C:\BCD_backup2014-06-30 18:55 - 2014-06-30 18:55 - 00013312 ___SH () C:\BCD_backup.LOG2014-06-30 18:53 - 2009-07-13 21:38 - 00383562 __RSH () C:\bootmgr2014-06-30 10:50 - 2014-06-30 10:50 - 00000000 ___HD () C:\ProgramData\Backup2014-06-26 15:27 - 2014-06-30 16:09 - 00000000 ____D () C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D452014-06-13 15:12 - 2014-06-17 07:50 - 00026624 _____ () C:\Users\George\Documents\Drawing1_recover.dwg2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys2014-06-10 08:47 - 2014-06-10 08:47 - 00000000 ____D () C:\Users\George\AppData\Roaming\QuickScan2014-06-10 08:46 - 2014-06-10 08:52 - 00000000 ____D () C:\ProgramData\SmartPCScan2014-06-10 08:29 - 2014-06-10 08:29 - 01831520 _____ (iyogi) C:\Users\George\Downloads\iyogi-scc-w0yc301gghghg758z1d1g65g6xwxygwexzg8jic40jc90.exe2014-06-10 08:28 - 2014-06-10 09:07 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock2014-06-09 16:45 - 2014-06-10 09:15 - 00037376 _____ () C:\Windows\system32\mzusel.gey2014-06-09 16:42 - 2014-06-09 16:42 - 00000000 ____D () C:\Windows\Sun2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-06-05 12:32 - 2014-06-30 16:09 - 00000000 ____D () C:\Program Files\pcmax2014-06-05 12:32 - 2014-06-05 12:32 - 00003694 _____ () C:\Windows\System32\Tasks\pcreg2014-06-05 12:31 - 2014-06-05 12:31 - 00509232 _____ (App.install) C:\Users\George\Downloads\Autodesk%20DWG%20Trueview.exe2014-06-05 12:28 - 2014-06-05 12:28 - 00311884 _____ () C:\Users\George\Downloads\X-PLANS.dwg2014-06-04 13:50 - 2014-06-30 19:28 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGeorge2014-06-04 13:50 - 2014-06-30 19:28 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGeorge.job2014-06-04 05:56 - 2014-06-04 05:56 - 00000218 _____ () C:\Users\George\AppData\Local\recently-used.xbel ==================== One Month Modified Files and Folders ======= 2014-07-01 15:47 - 2014-07-01 15:46 - 00017613 _____ () C:\Users\George\Desktop\FRST.txt2014-07-01 15:47 - 2014-07-01 15:32 - 00000003 _____ () C:\Users\George\AppData\Local\proxy.log2014-07-01 15:46 - 2014-07-01 15:46 - 02083328 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe2014-07-01 15:46 - 2014-07-01 15:46 - 00000000 ____D () C:\FRST2014-07-01 15:46 - 2011-08-26 15:03 - 00000000 ____D () C:\Users\George\AppData\Local\CrashDumps2014-07-01 15:38 - 2014-07-01 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-07-01 15:38 - 2011-08-12 16:27 - 00001846 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk2014-07-01 15:38 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-01 15:38 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-01 15:34 - 2010-12-27 16:18 - 01465952 _____ () C:\Windows\WindowsUpdate.log2014-07-01 15:33 - 2014-07-01 15:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-01 15:32 - 2014-07-01 15:32 - 00265752 _____ (Secure By Design Inc.) C:\Users\George\Downloads\Ninite 7Zip Firefox Malwarebytes NET Reader Installer.exe2014-07-01 15:32 - 2014-07-01 15:32 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-sys.job2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-S-1-5-21-304265352-2529404635-3209431853-1000.job2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Guardian2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Browser Guardian2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\BenchUpdater2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Bench2014-07-01 15:32 - 2011-12-14 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip2014-07-01 15:32 - 2011-12-14 09:38 - 00000000 ____D () C:\Program Files (x86)\7-Zip2014-07-01 15:32 - 2011-08-12 13:41 - 00000000 ____D () C:\temp2014-07-01 15:31 - 2014-07-01 15:31 - 00095512 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-01 15:30 - 2014-07-01 15:30 - 04979904 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-01 15:30 - 2014-07-01 15:30 - 00000356 _____ () C:\Windows\PFRO.log2014-07-01 15:30 - 2014-07-01 15:30 - 00000056 _____ () C:\Windows\setupact.log2014-07-01 15:30 - 2014-07-01 15:30 - 00000022 _____ () C:\Windows\S.dirmngr2014-07-01 15:30 - 2014-07-01 15:30 - 00000000 _____ () C:\Windows\setuperr.log2014-07-01 15:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-01 15:17 - 2013-03-26 17:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-01 15:02 - 2013-09-04 08:03 - 00000000 ____D () C:\Windows\Minidump2014-07-01 15:02 - 2011-01-01 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\ExpressFiles2014-07-01 15:02 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther2014-07-01 14:32 - 2011-08-12 12:56 - 00000000 ____D () C:\Program Files (x86)\McAfee2014-07-01 11:21 - 2014-07-01 11:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Hard Disk Sentinel2014-07-01 11:21 - 2014-05-12 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-01 11:17 - 2014-07-01 11:17 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-07-01 11:17 - 2014-07-01 11:17 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\Program Files\CCleaner2014-07-01 11:16 - 2014-07-01 11:16 - 03736040 _____ (Piriform Ltd) C:\Users\George\Downloads\ccsetup415_slim.exe2014-07-01 11:06 - 2014-07-01 11:06 - 00000000 ____D () C:\Program Files\SupraSavings2014-07-01 11:05 - 2014-07-01 11:04 - 00000000 ____D () C:\AdwCleaner2014-07-01 10:55 - 2009-07-14 01:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-01 10:53 - 2014-07-01 10:53 - 00000000 ____D () C:\Windows\ERUNT2014-07-01 10:14 - 2014-04-07 14:52 - 00000084 _____ () C:\Windows\system32\vtkycg.fno2014-07-01 10:10 - 2010-12-27 16:29 - 00000000 ____D () C:\ProgramData\PDFC2014-07-01 02:00 - 2011-12-14 10:09 - 00000000 ____D () C:\Users\George\AppData\Local\Adobe2014-06-30 19:28 - 2014-06-04 13:50 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGeorge2014-06-30 19:28 - 2014-06-04 13:50 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGeorge.job2014-06-30 18:55 - 2014-06-30 18:55 - 00016384 _____ () C:\BCD_backup2014-06-30 18:55 - 2014-06-30 18:55 - 00013312 ___SH () C:\BCD_backup.LOG2014-06-30 18:45 - 2013-06-20 08:00 - 00000000 ____D () C:\ProgramData\Recovery2014-06-30 16:09 - 2014-06-26 15:27 - 00000000 ____D () C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D452014-06-30 16:09 - 2014-06-05 12:32 - 00000000 ____D () C:\Program Files\pcmax2014-06-30 16:09 - 2010-12-27 16:29 - 00000000 ____D () C:\ProgramData\RoxioNow2014-06-30 16:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-06-30 14:57 - 2011-08-09 13:09 - 00000000 ____D () C:\Users\George2014-06-30 13:29 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV2014-06-30 10:50 - 2014-06-30 10:50 - 00000000 ___HD () C:\ProgramData\Backup2014-06-25 15:50 - 2011-08-09 14:11 - 00000000 ____D () C:\Users\George\Documents\elevator2014-06-25 15:40 - 2011-09-23 15:50 - 00014137 _____ () C:\Users\George\Documents\plot.log2014-06-25 13:27 - 2011-11-02 12:33 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-06-25 13:27 - 2011-08-10 17:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-06-19 12:00 - 2012-05-03 10:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-06-18 03:02 - 2013-08-14 16:39 - 00000000 ____D () C:\Windows\system32\MRT2014-06-18 03:00 - 2011-08-12 08:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-06-17 07:50 - 2014-06-13 15:12 - 00026624 _____ () C:\Users\George\Documents\Drawing1_recover.dwg2014-06-17 07:50 - 2011-09-06 08:34 - 00000383 _____ () C:\Users\George\Documents\acad.err2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys2014-06-10 09:15 - 2014-06-09 16:45 - 00037376 _____ () C:\Windows\system32\mzusel.gey2014-06-10 09:15 - 2014-04-07 14:42 - 00000105 _____ () C:\Windows\system32\pzlgy.dxi2014-06-10 09:07 - 2014-06-10 08:28 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock2014-06-10 08:52 - 2014-06-10 08:46 - 00000000 ____D () C:\ProgramData\SmartPCScan2014-06-10 08:47 - 2014-06-10 08:47 - 00000000 ____D () C:\Users\George\AppData\Roaming\QuickScan2014-06-10 08:29 - 2014-06-10 08:29 - 01831520 _____ (iyogi) C:\Users\George\Downloads\iyogi-scc-w0yc301gghghg758z1d1g65g6xwxygwexzg8jic40jc90.exe2014-06-09 16:42 - 2014-06-09 16:42 - 00000000 ____D () C:\Windows\Sun2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-06-06 13:39 - 2013-03-26 17:02 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2014-06-06 13:39 - 2013-03-26 17:02 - 00000000 ____D () C:\ProgramData\McAfee Security Scan2014-06-05 12:32 - 2014-06-05 12:32 - 00003694 _____ () C:\Windows\System32\Tasks\pcreg2014-06-05 12:31 - 2014-06-05 12:31 - 00509232 _____ (App.install) C:\Users\George\Downloads\Autodesk%20DWG%20Trueview.exe2014-06-05 12:28 - 2014-06-05 12:28 - 00311884 _____ () C:\Users\George\Downloads\X-PLANS.dwg2014-06-05 09:19 - 2011-10-13 03:19 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGEORGE-HP$2014-06-05 09:19 - 2011-10-13 03:19 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForGEORGE-HP$.job2014-06-04 05:56 - 2014-06-04 05:56 - 00000218 _____ () C:\Users\George\AppData\Local\recently-used.xbel2014-06-04 05:56 - 2014-04-07 08:36 - 00000000 ____D () C:\Users\George\AppData\Local\gtk-2.02014-06-04 05:53 - 2014-04-07 08:24 - 00000000 ____D () C:\Users\George\AppData\Roaming\gnupg ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll[2009-07-13 20:00] - [2009-07-13 21:41] - 0518144 ____A (Microsoft Corporation) BD3275F3ED33E7E1A6C2319373EB3B5C ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-30 15:16 ==================== End Of Log ============================