Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015 Ran by test (administrator) on TEST-TOSH on 14-04-2015 22:30:05 Running from C:\Users\test\Downloads Loaded Profiles: test (Available profiles: test) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-2219068051-696335796-1202380909-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-2219068051-696335796-1202380909-1000\...\Run: [Google Update] => C:\Users\test\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-28] (Google Inc.) HKU\S-1-5-21-2219068051-696335796-1202380909-1000\...\Run: [Google+ Auto Backup] => C:\Users\test\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.) HKU\S-1-5-21-2219068051-696335796-1202380909-1000\...\Run: [Flvto Youtube Downloader] => "C:\Users\test\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exe" /minimize HKU\S-1-5-21-2219068051-696335796-1202380909-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-2219068051-696335796-1202380909-1000\...\MountPoints2: {8e96bedd-c9f1-11e3-862c-e89a8fda6ecf} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2219068051-696335796-1202380909-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2219068051-696335796-1202380909-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2219068051-696335796-1202380909-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA URLSearchHook: HKU\S-1-5-21-2219068051-696335796-1202380909-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKU\S-1-5-21-2219068051-696335796-1202380909-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.) Toolbar: HKU\S-1-5-21-2219068051-696335796-1202380909-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.5.5 FireFox: ======== FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\4lbbd7gp.default FF SelectedSearchEngine: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-11] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-11] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2219068051-696335796-1202380909-1000: @tools.google.com/Google Update;version=3 -> C:\Users\test\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin HKU\S-1-5-21-2219068051-696335796-1202380909-1000: @tools.google.com/Google Update;version=9 -> C:\Users\test\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF user.js: detected! => C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\4lbbd7gp.default\user.js [2015-01-20] FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\4lbbd7gp.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2015-04-02] FF Extension: Adblock Plus - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\4lbbd7gp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-22] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-08-03] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-08-03] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll () CHR Plugin: (McAfee SiteAdvisor) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SourceApp) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjognfeddkelfhnjlakfbjmonmmifio [2015-01-19] CHR Extension: (bhjmjkdknjeokcmgjmdpkccpmahfmiib) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib [2015-04-02] CHR Extension: (SiteAdvisor) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-11] CHR Extension: (fngmhnnpilhplaeedifhccceomclgfbg) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2015-01-23] CHR Extension: (kdcgdhlccojbnonmhcioigcdodakjcmh) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcgdhlccojbnonmhcioigcdodakjcmh [2015-04-08] CHR Extension: (Google Wallet) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-15] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - http://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed] R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-19] (Disc Soft Ltd) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.) U3 mfeapfk01; No ImagePath R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.) S3 Tosrfcom; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 21:07 - 2015-04-14 21:07 - 00203499 _____ () C:\Users\test\Desktop\6137653595598487745.htm 2015-04-14 21:06 - 2015-04-14 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-04-13 15:20 - 2015-04-13 15:21 - 00034511 _____ () C:\Users\test\Downloads\Addition.txt 2015-04-13 15:19 - 2015-04-14 22:31 - 00026333 _____ () C:\Users\test\Downloads\FRST.txt 2015-04-13 15:18 - 2015-04-14 22:30 - 00000000 ____D () C:\FRST 2015-04-13 15:17 - 2015-04-13 15:17 - 02096640 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe 2015-04-13 14:53 - 2015-04-13 14:53 - 00082470 _____ () C:\Users\test\Downloads\Extras.Txt 2015-04-13 14:51 - 2015-04-13 14:51 - 00099834 _____ () C:\Users\test\Downloads\OTL.Txt 2015-04-13 14:26 - 2015-04-13 14:26 - 00602112 _____ (OldTimer Tools) C:\Users\test\Downloads\OTL.exe 2015-04-13 14:17 - 2015-04-13 14:17 - 00003124 _____ () C:\Windows\System32\Tasks\{850C161A-C3D5-478D-812D-EEB3450148E2} 2015-04-13 11:07 - 2015-04-13 14:20 - 00015928 _____ () C:\Users\test\Downloads\hijackthis.log 2015-04-13 11:07 - 2015-04-13 11:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\test\Downloads\HijackThis.exe 2015-04-13 08:55 - 2015-04-13 08:55 - 01054912 _____ (Adobe) C:\Users\test\Downloads\install_flashplayer17x32au_mssa_aaa_aih.exe 2015-04-13 08:19 - 2015-04-13 13:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-13 08:19 - 2015-04-13 08:19 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-13 08:19 - 2015-04-13 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-13 08:19 - 2015-04-13 08:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-13 08:19 - 2015-04-13 08:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-13 08:19 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-13 08:19 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-13 08:19 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-13 08:17 - 2015-04-13 08:18 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\test\Downloads\mbam-setup-2.1.4.1018.exe 2015-04-07 22:08 - 2015-04-07 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-07 21:43 - 2015-04-07 21:43 - 00000469 _____ () C:\Windows\SynInst.log 2015-04-04 15:40 - 2015-04-04 15:40 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-04 15:40 - 2015-04-04 15:40 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-02 16:13 - 2015-04-14 20:59 - 00001008 _____ () C:\Windows\Tasks\HEUyuCX78M7jOiZIxMzg.job 2015-04-02 16:13 - 2015-04-02 16:13 - 00004034 _____ () C:\Windows\System32\Tasks\HEUyuCX78M7jOiZIxMzg 2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\test\AppData\Roaming\HEUyuCX78M7jOiZIxMzg 2015-03-30 21:37 - 2015-03-30 21:37 - 00561064 _____ (Oracle Corporation) C:\Users\test\Downloads\jxpiinstall(2).exe 2015-03-30 21:36 - 2015-03-30 21:37 - 00561064 _____ (Oracle Corporation) C:\Users\test\Downloads\jxpiinstall(1).exe 2015-03-24 21:28 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-24 21:28 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-24 21:28 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-24 21:28 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-24 21:28 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-24 21:28 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-03-24 21:28 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-24 21:28 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 22:14 - 2014-05-07 16:43 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2219068051-696335796-1202380909-1000UA1cf6a02ab2dc24c.job 2015-04-14 22:09 - 2014-10-21 00:58 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfecb965b82145.job 2015-04-14 22:03 - 2011-08-03 14:01 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-14 21:58 - 2014-04-14 21:46 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-14 21:28 - 2014-04-09 14:14 - 01617028 _____ () C:\Windows\WindowsUpdate.log 2015-04-14 21:27 - 2009-07-14 06:51 - 00062364 _____ () C:\Windows\setupact.log 2015-04-14 21:06 - 2011-08-03 13:51 - 00001851 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2015-04-14 20:59 - 2014-04-19 14:59 - 00000000 ____D () C:\Users\test\AppData\Roaming\SoftGrid Client 2015-04-14 09:49 - 2011-08-03 14:01 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-14 00:14 - 2014-04-28 19:31 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2219068051-696335796-1202380909-1000Core.job 2015-04-13 15:03 - 2011-02-14 11:01 - 00740800 _____ () C:\Windows\system32\perfh015.dat 2015-04-13 15:03 - 2011-02-14 11:01 - 00156084 _____ () C:\Windows\system32\perfc015.dat 2015-04-13 15:03 - 2009-07-14 07:13 - 01670742 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-13 09:01 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-13 09:01 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-13 08:53 - 2015-01-20 01:36 - 00000266 __RSH () C:\ProgramData\ntuser.pol 2015-04-13 08:53 - 2014-04-09 14:15 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-13 08:53 - 2010-11-21 05:47 - 00130486 _____ () C:\Windows\PFRO.log 2015-04-13 08:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-13 08:51 - 2014-07-31 21:08 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-04-10 21:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-10 03:08 - 2014-04-11 14:50 - 00000000 ____D () C:\Users\test\AppData\Roaming\Skype 2015-04-08 19:34 - 2014-04-15 15:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-03 16:17 - 2011-08-03 14:01 - 00002196 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-30 21:52 - 2014-08-21 22:56 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-30 21:51 - 2011-08-03 14:09 - 00000000 ____D () C:\Program Files (x86)\Java 2015-03-30 21:50 - 2014-08-21 22:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-03-25 09:31 - 2014-12-12 04:20 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-25 09:31 - 2014-05-01 01:06 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-17 21:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache ==================== Files in the root of some directories ======= 2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\test\AppData\Roaming\HEUyuCX78M7jOiZIxMzg Some content of TEMP: ==================== C:\Users\test\AppData\Local\Temp\916_sof_sweet-page-29-07-14.exe C:\Users\test\AppData\Local\Temp\APNSetup.exe C:\Users\test\AppData\Local\Temp\binkw32.dll C:\Users\test\AppData\Local\Temp\cabex.dll C:\Users\test\AppData\Local\Temp\d2l_Install.exe C:\Users\test\AppData\Local\Temp\DseShExt-x64.dll C:\Users\test\AppData\Local\Temp\DseShExt-x86.dll C:\Users\test\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\test\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\test\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\test\AppData\Local\Temp\SkypeSetup.exe C:\Users\test\AppData\Local\Temp\tu17p84.exe C:\Users\test\AppData\Local\Temp\unelevate.exe C:\Users\test\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-04 14:46 ==================== End Of Log ============================