saharanz

I installed Seatools and ran the S.M.A.R.T check which passed. the next test on the list was Short drive self test, which failed: Now is a good time to make sure you have a current backup of your important data. Unfortunately, your Seagate product has failed an important diagnostic test, possibly caused by problem sectors which are difficult to read. Seagate recommends that you run SeaTools for DOS, which has the ability to repair most problem sectors. SeaTools for DOS may be able to save you from the inconvenience and down time of exchanging the drive. For more information on this subject see our online FAQ: http://knowledge.seagate.com/articles/en_US/FAQ/201271en I need to get a CD in the morning to do this. I'll let you know how I get on.

Thanks very much! I'll give it a go and get back to you. Good night!

Sorry, it's on the downloads tab: SeaTools for Windows The quick diagnostic tool that checks the health of your drive. Learn more Download

I found this on the Samsung/sea gate website? Should I try it? http://www.seagate.com/support/internal-hard-drives/laptop-hard-drives/spinpoint-m-series/

I'm not sure. What should I look for?

The disk check is taking ages, but seems to work ok. MiniToolBox by Farbar Version: 16-06-2013 Ran by Team MacKenzie (administrator) on 28-06-2013 at 19:28:24 Running from "C:\Users\Team MacKenzie\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® Centrino® Wireless-N 130 = Wireless Network Connection (Connected) Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 = Local Area Connection 2 (Hardware not present) Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected) Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=10.0.0.5 metric=1 publish=Yes set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled metric=1 nud=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : TeamMacKenzie Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : DC-A9-71-34-B6-A7 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 130 Physical Address. . . . . . . . . : DC-A9-71-34-B6-A6 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::f514:9178:d698:a151%14(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 28 June 2013 15:42:04 Lease Expires . . . . . . . . . . : 29 June 2013 19:26:52 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 383560049 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-53-EF-DA-E8-11-32-C7-08-60 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : E8-11-32-C7-08-60 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : DC-A9-71-34-B6-AA DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{196A5449-767E-4471-AF6B-88970A1D7821}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{8E195604-012C-40A9-A42C-2AF777527283}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:301e:a00:3f57:fff4(Preferred) Link-local IPv6 Address . . . . . : fe80::301e:a00:3f57:fff4%19(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{FA0595DB-A17F-4B90-A0E6-620394AB4F2C}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.0.1 Name: google.com Addresses: 2404:6800:4006:803::1002 220.244.223.172 220.244.223.157 220.244.223.187 220.244.223.148 220.244.223.168 220.244.223.158 220.244.223.173 220.244.223.162 220.244.223.182 220.244.223.153 220.244.223.163 220.244.223.183 220.244.223.152 220.244.223.167 220.244.223.177 220.244.223.178 Pinging google.com [220.244.223.172] with 32 bytes of data: Reply from 220.244.223.172: bytes=32 time=22ms TTL=60 Reply from 220.244.223.172: bytes=32 time=25ms TTL=60 Ping statistics for 220.244.223.172: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 22ms, Maximum = 25ms, Average = 23ms DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.0.1 DNS request timed out. timeout was 2 seconds. Name: yahoo.com Addresses: 98.139.183.24 98.138.253.109 206.190.36.45 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=518ms TTL=51 Reply from 98.139.183.24: bytes=32 time=311ms TTL=50 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 311ms, Maximum = 518ms, Average = 414ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 17...dc a9 71 34 b6 a7 ......Microsoft Virtual WiFi Miniport Adapter 14...dc a9 71 34 b6 a6 ......Intel® Centrino® Wireless-N 130 13...e8 11 32 c7 08 60 ......Realtek PCIe GBE Family Controller 11...dc a9 71 34 b6 aa ......Bluetooth Device (Personal Area Network) 1...........................Software Loopback Interface 1 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.11 281 192.168.0.11 255.255.255.255 On-link 192.168.0.11 281 192.168.0.255 255.255.255.255 On-link 192.168.0.11 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.11 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.11 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 169.254.0.0 255.255.0.0 10.0.0.5 1 =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 19 58 ::/0 On-link 1 306 ::1/128 On-link 19 58 2001::/32 On-link 19 306 2001:0:9d38:953c:301e:a00:3f57:fff4/128 On-link 14 281 fe80::/64 On-link 19 306 fe80::/64 On-link 19 306 fe80::301e:a00:3f57:fff4/128 On-link 14 281 fe80::f514:9178:d698:a151/128 On-link 1 306 ff00::/8 On-link 19 306 ff00::/8 On-link 14 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (06/28/2013 03:43:25 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2013 09:13:28 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/28/2013 06:13:48 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/28/2013 06:13:48 PM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (06/28/2013 06:12:46 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/28/2013 06:11:45 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/28/2013 06:10:44 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/28/2013 06:09:43 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/28/2013 06:08:42 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/28/2013 06:07:41 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/28/2013 06:06:40 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/28/2013 06:05:39 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Microsoft Office Sessions: ========================= Error: (06/28/2013 03:43:25 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2013 09:13:28 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-06-05 17:12:14.910 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-05 17:12:14.895 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-05 17:12:14.879 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-05 17:12:14.848 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-04 21:44:14.162 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-04 21:44:14.147 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-07 17:26:13.165 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-07 17:26:13.149 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-07 17:04:54.932 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-07 17:04:54.932 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ Adobe AIR (Version: 3.1.0.4880) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Photoshop Lightroom 4.2 64-bit (Version: 4.2.1) Adobe Reader XI (11.0.03) (Version: 11.0.03) Amazon MP3-Downloader 1.0.9 Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Atheros Client Installation Program (Version: 9.0) Bonjour (Version: 3.0.0.10) CamToPrint (Version: 5.5.1.0) Canon Easy-WebPrint EX Canon MP Navigator EX 3.0 Canon MP640 series MP Drivers Canon MP640 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CDDRV_Installer (Version: 4.60) Cisco AnyConnect Secure Mobility Client (Version: 3.1.01065) Cisco AnyConnect Secure Mobility Client (Version: 3.1.01065) CyberLink Power2Go (Version: 6.1.3802) Dropbox (Version: 1.6.16) Easy Content Share (Version: 1.0) Easy Migration (Version: 1.0) EasyFileShare (Version: 1.0.12) Eco Mode (Version: 1.0.0.11) erLT (Version: 1.20.0137) ERUNT 1.1j ETDWare PS/2-X64 8.0.7.2_WHQL (Version: 8.0.7.2) File Uploader (Version: 1.2.5) Garmin Communicator Plugin (Version: 4.0.1) Garmin Communicator Plugin x64 (Version: 4.0.3) Garmin Lifetime Updater (Version: 2.1.11) Garmin USB Drivers (Version: 2.3.1.0) Garmin WebUpdater (Version: 2.5.6) Google Update Helper (Version: 1.3.21.135) GPL Ghostscript 8.71 GSview 4.9 HandBrake 0.9.8 (Version: 0.9.8) iCloud (Version: 2.1.1.3) Intel PROSet Wireless Intel® Control Center (Version: 1.2.1.1007) Intel® Management Engine Components (Version: 7.0.0.1144) Intel® Processor Graphics (Version: 8.15.10.2266) Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.1.0.0537) Intel® PROSet/Wireless WiFi-Software (Version: 14.2.1000) Intel® Rapid Storage Technology (Version: 10.1.5.1001) Interactive Guide (Version: 1.1) iTunes (Version: 11.0.2.26) KhalInstallWrapper (Version: 4.72.40) Logitech SetPoint (Version: 4.72) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Security Client (Version: 4.2.0223.1) Microsoft Security Essentials (Version: 4.2.223.1) Microsoft Silverlight (Version: 4.0.50401.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MiKTeX 2.9 (Version: 2.9) Mozilla Firefox 20.0.1 (x86 en-GB) (Version: 20.0.1) Mozilla Maintenance Service (Version: 20.0.1) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nikon Message Center (Version: 0.92.000) Nikon Message Center 2 (Version: 2.0.1) Nikon Movie Editor (Version: 2.2.4) Nikon Transfer (Version: 1.5.3) NVIDIA Control Panel 267.54 (Version: 267.54) NVIDIA Graphics Driver 267.54 (Version: 267.54) NVIDIA Install Application (Version: 2.265.39.0) NVIDIA Optimus 1.0.21 (Version: 1.0.21) NVIDIA Update Components (Version: 1.0.21) PeaZip 4.7.2 Picasa 3 (Version: 3.9) Picture Control Utility (Version: 1.4.1) QuickTime (Version: 7.73.80.64) Realtek Ethernet Controller Driver (Version: 7.44.421.2011) Realtek High Definition Audio Driver (Version: 6.0.1.6400) Revo Uninstaller 1.93 (Version: 1.93) Revo Uninstaller Pro 3.0.5 (Version: 3.0.5) Samsung AnyWeb Print (Version: 2.0.67.1) Samsung Control Center (Version: 1.0) Samsung Printer Live Update Samsung Recovery Solution 5 (Version: 5.0.1.3) Samsung Universal Print Driver (Version: 2.02.05.00:27) Samsung Universal Scan Driver (Version: 1.2.5.0) Samsung Update Plus (Version: 3.0.0.17) Skype Click to Call (Version: 6.8.12323) Skype™ 6.3 (Version: 6.3.105) Speckie (Version: 5.8.0) SUPERAntiSpyware (Version: 5.6.1014) TeXnicCenter Version 1.0 Stable RC1 (Version: Version 1.0 Stable RC1) TikzEdt 0.2.1 (Version: 0.2.1) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.0.82.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) ViewNX 2 (Version: 2.2.5) VLC media player 1.1.11 (Version: 1.1.11) Webcam 2080 series (Version: 3.3.6.06) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0) WordCaptureX Pro (Version: 4.0.0) ========================= Devices: ================================ Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: WebCam SCB-1100N Description: WebCam SCB-1100N Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: SunplusIT Service: SPUVCbv Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: avkmgr Description: avkmgr Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: avkmgr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ========================= Memory info: =================================== Percentage of memory in use: 19% Total physical RAM: 6057.55 MB Available physical RAM: 4853.46 MB Total Pagefile: 12113.29 MB Available Pagefile: 10071.41 MB Total Virtual: 4095.88 MB Available Virtual: 3965.55 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:270 GB) (Free:83.37 GB) NTFS 2 Drive d: () (Fixed) (Total:404.33 GB) (Free:27.28 GB) NTFS ========================= Users: ======================================== User accounts for \\TEAMMACKENZIE Administrator Guest Team MacKenzie UpdatusUser ========================= Minidump Files ================================== No minidump file found **** End of log ****

Here we go ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Team MacKenzie on 26/06/2013 at 20:59:05.74 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 26/06/2013 at 21:04:59.71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.303 - Logfile created 06/26/2013 at 21:10:03 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Team MacKenzie - TEAMMACKENZIE # Boot Mode : Normal # Running from : C:\Users\Team MacKenzie\Desktop\AdwCleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-GB) File : C:\Users\Team MacKenzie\AppData\Roaming\Mozilla\Firefox\Profiles\bje3w57u.default\prefs.js [OK] File is clean. File : C:\Users\Team MacKenzie\AppData\Roaming\Mozilla\Firefox\Profiles\yy6bka7m.default-1370740250419\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1026 octets] - [05/06/2013 16:57:22] AdwCleaner[R2].txt - [1087 octets] - [05/06/2013 16:57:50] AdwCleaner[s1].txt - [4097 octets] - [05/06/2013 09:19:20] AdwCleaner[s2].txt - [1148 octets] - [05/06/2013 16:57:59] AdwCleaner[s3].txt - [1276 octets] - [26/06/2013 21:10:03] ########## EOF - C:\AdwCleaner[s3].txt - [1336 octets] ##########

Yes! Was away for a few days. Here is the log (it was to long to copy and paste). TDSSKiller.2.8.16.0_19.06.2013_21.18.33_log.txt

Ok, I'm all backed up and ready to sort it out! Thanks again for all your help.

Here are the logs: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.11.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Team MacKenzie :: TEAMMACKENZIE [administrator] 11/06/2013 19:43:22 mbam-log-2013-06-11 (19-43-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 259894 Time elapsed: 34 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) MiniToolBox by Farbar Version:21-04-2013 Ran by Team MacKenzie (administrator) on 11-06-2013 at 20:23:52 Running from "C:\Users\Team MacKenzie\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® Centrino® Wireless-N 130 = Wireless Network Connection (Connected) Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 = Local Area Connection 2 (Hardware not present) Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected) Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=10.0.0.5 metric=1 publish=Yes set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled metric=1 nud=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : TeamMacKenzie Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : DC-A9-71-34-B6-A7 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 130 Physical Address. . . . . . . . . : DC-A9-71-34-B6-A6 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::f514:9178:d698:a151%14(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.7(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 11 June 2013 19:33:49 Lease Expires . . . . . . . . . . : 12 June 2013 19:33:54 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 383560049 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-53-EF-DA-E8-11-32-C7-08-60 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : E8-11-32-C7-08-60 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : DC-A9-71-34-B6-AA DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1c45:2d7c:3f57:fff8(Preferred) Link-local IPv6 Address . . . . . : fe80::1c45:2d7c:3f57:fff8%19(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.0.1 Name: google.com Addresses: 2404:6800:4006:804::1002 220.244.223.163 220.244.223.182 220.244.223.162 220.244.223.178 220.244.223.187 220.244.223.158 220.244.223.172 220.244.223.157 220.244.223.177 220.244.223.183 220.244.223.152 220.244.223.168 220.244.223.148 220.244.223.173 220.244.223.153 220.244.223.167 Pinging google.com [220.244.223.163] with 32 bytes of data: Reply from 220.244.223.163: bytes=32 time=20ms TTL=60 Reply from 220.244.223.163: bytes=32 time=22ms TTL=60 Ping statistics for 220.244.223.163: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 22ms, Average = 21ms DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.0.1 DNS request timed out. timeout was 2 seconds. Name: yahoo.com Addresses: 98.138.253.109 98.139.183.24 206.190.36.45 Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=341ms TTL=51 Reply from 98.138.253.109: bytes=32 time=354ms TTL=51 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 341ms, Maximum = 354ms, Average = 347ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 17...dc a9 71 34 b6 a7 ......Microsoft Virtual WiFi Miniport Adapter 14...dc a9 71 34 b6 a6 ......Intel® Centrino® Wireless-N 130 13...e8 11 32 c7 08 60 ......Realtek PCIe GBE Family Controller 11...dc a9 71 34 b6 aa ......Bluetooth Device (Personal Area Network) 1...........................Software Loopback Interface 1 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.7 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.7 281 192.168.0.7 255.255.255.255 On-link 192.168.0.7 281 192.168.0.255 255.255.255.255 On-link 192.168.0.7 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.7 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.7 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 169.254.0.0 255.255.0.0 10.0.0.5 1 =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 19 58 ::/0 On-link 1 306 ::1/128 On-link 19 58 2001::/32 On-link 19 306 2001:0:9d38:953c:1c45:2d7c:3f57:fff8/128 On-link 14 281 fe80::/64 On-link 19 306 fe80::/64 On-link 19 306 fe80::1c45:2d7c:3f57:fff8/128 On-link 14 281 fe80::f514:9178:d698:a151/128 On-link 1 306 ff00::/8 On-link 19 306 ff00::/8 On-link 14 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (06/11/2013 07:35:18 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2013 07:26:57 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2013 01:15:01 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/10/2013 10:17:34 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 171601 Error: (06/10/2013 10:17:34 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 171601 Error: (06/10/2013 10:17:34 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2013 10:17:19 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 156001 Error: (06/10/2013 10:17:19 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 156001 Error: (06/10/2013 10:17:19 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2013 10:17:03 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 140401 System errors: ============= Error: (06/11/2013 08:16:20 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/11/2013 08:15:10 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/11/2013 08:14:09 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/11/2013 08:13:08 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/11/2013 08:12:07 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/11/2013 08:11:06 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/11/2013 08:09:05 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/11/2013 08:08:04 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/11/2013 08:07:04 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (06/11/2013 08:06:03 PM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Microsoft Office Sessions: ========================= Error: (06/11/2013 07:35:18 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2013 07:26:57 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2013 01:15:01 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/10/2013 10:17:34 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 171601 Error: (06/10/2013 10:17:34 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 171601 Error: (06/10/2013 10:17:34 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2013 10:17:19 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 156001 Error: (06/10/2013 10:17:19 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 156001 Error: (06/10/2013 10:17:19 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2013 10:17:03 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 140401 CodeIntegrity Errors: =================================== Date: 2013-06-05 17:12:14.910 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-05 17:12:14.895 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-05 17:12:14.879 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-05 17:12:14.848 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-04 21:44:14.162 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-04 21:44:14.147 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-07 17:26:13.165 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-07 17:26:13.149 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-07 17:04:54.932 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-07 17:04:54.932 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ Adobe AIR (Version: 3.1.0.4880) Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.7.700.202) Adobe Photoshop Lightroom 4.2 64-bit (Version: 4.2.1) Adobe Reader XI (11.0.03) (Version: 11.0.03) Amazon MP3-Downloader 1.0.9 Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Atheros Client Installation Program (Version: 9.0) Bonjour (Version: 3.0.0.10) CamToPrint (Version: 5.5.1.0) Canon Easy-WebPrint EX Canon MP Navigator EX 3.0 Canon MP640 series MP Drivers Canon MP640 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CDDRV_Installer (Version: 4.60) Cisco AnyConnect Secure Mobility Client (Version: 3.1.01065) Cisco AnyConnect Secure Mobility Client (Version: 3.1.01065) CyberLink Power2Go (Version: 6.1.3802) Dropbox (Version: 1.6.16) Easy Content Share (Version: 1.0) Easy Migration (Version: 1.0) EasyFileShare (Version: 1.0.12) Eco Mode (Version: 1.0.0.11) erLT (Version: 1.20.0137) ERUNT 1.1j ETDWare PS/2-X64 8.0.7.2_WHQL (Version: 8.0.7.2) File Uploader (Version: 1.2.5) Garmin Communicator Plugin (Version: 4.0.1) Garmin Communicator Plugin x64 (Version: 4.0.3) Garmin Lifetime Updater (Version: 2.1.11) Garmin USB Drivers (Version: 2.3.1.0) Garmin WebUpdater (Version: 2.5.6) Google Update Helper (Version: 1.3.21.135) GPL Ghostscript 8.71 GSview 4.9 HandBrake 0.9.8 (Version: 0.9.8) iCloud (Version: 2.1.1.3) Intel PROSet Wireless Intel® Control Center (Version: 1.2.1.1007) Intel® Management Engine Components (Version: 7.0.0.1144) Intel® Processor Graphics (Version: 8.15.10.2266) Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.1.0.0537) Intel® PROSet/Wireless WiFi-Software (Version: 14.2.1000) Intel® Rapid Storage Technology (Version: 10.1.5.1001) Interactive Guide (Version: 1.1) iTunes (Version: 11.0.2.26) KhalInstallWrapper (Version: 4.72.40) Logitech SetPoint (Version: 4.72) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Security Client (Version: 4.2.0223.1) Microsoft Security Essentials (Version: 4.2.223.1) Microsoft Silverlight (Version: 4.0.50401.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MiKTeX 2.9 (Version: 2.9) Mozilla Firefox 20.0.1 (x86 en-GB) (Version: 20.0.1) Mozilla Maintenance Service (Version: 20.0.1) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nikon Message Center (Version: 0.92.000) Nikon Message Center 2 (Version: 2.0.1) Nikon Movie Editor (Version: 2.2.4) Nikon Transfer (Version: 1.5.3) NVIDIA Control Panel 267.54 (Version: 267.54) NVIDIA Graphics Driver 267.54 (Version: 267.54) NVIDIA Install Application (Version: 2.265.39.0) NVIDIA Optimus 1.0.21 (Version: 1.0.21) NVIDIA Update Components (Version: 1.0.21) PeaZip 4.7.2 Picasa 3 (Version: 3.9) Picture Control Utility (Version: 1.4.1) QuickTime (Version: 7.73.80.64) Realtek Ethernet Controller Driver (Version: 7.44.421.2011) Realtek High Definition Audio Driver (Version: 6.0.1.6400) Revo Uninstaller 1.93 (Version: 1.93) Revo Uninstaller Pro 3.0.5 (Version: 3.0.5) Samsung AnyWeb Print (Version: 2.0.67.1) Samsung Control Center (Version: 1.0) Samsung Printer Live Update Samsung Recovery Solution 5 (Version: 5.0.1.3) Samsung Universal Print Driver (Version: 2.02.05.00:27) Samsung Universal Scan Driver (Version: 1.2.5.0) Samsung Update Plus (Version: 3.0.0.17) Skype Click to Call (Version: 6.8.12323) Skype™ 6.3 (Version: 6.3.105) Speckie (Version: 5.8.0) SUPERAntiSpyware (Version: 5.6.1014) TeXnicCenter Version 1.0 Stable RC1 (Version: Version 1.0 Stable RC1) TikzEdt 0.2.1 (Version: 0.2.1) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.0.82.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) ViewNX 2 (Version: 2.2.5) VLC media player 1.1.11 (Version: 1.1.11) Webcam 2080 series (Version: 3.3.6.06) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0) WordCaptureX Pro (Version: 4.0.0) ========================= Devices: ================================ Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: WebCam SCB-1100N Description: WebCam SCB-1100N Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: SunplusIT Service: SPUVCbv Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: avkmgr Description: avkmgr Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: avkmgr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ========================= Memory info: =================================== Percentage of memory in use: 28% Total physical RAM: 6057.55 MB Available physical RAM: 4360.82 MB Total Pagefile: 12113.29 MB Available Pagefile: 10325.18 MB Total Virtual: 4095.88 MB Available Virtual: 3965.55 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:270 GB) (Free:82.92 GB) NTFS 2 Drive d: () (Fixed) (Total:404.33 GB) (Free:31.19 GB) NTFS ========================= Users: ======================================== User accounts for \\TEAMMACKENZIE Administrator Guest Team MacKenzie UpdatusUser ========================= Minidump Files ================================== No minidump file found **** End of log ****

I did (attempt to) disable MSE before running the scan. I see Combofix says it was still running?

Here you go, scan took 12hours!!!! ComboFix 13-06-08.02 - Team MacKenzie 10/06/2013 19:27:43.4.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.4906 [GMT 10:00] Running from: c:\users\Team MacKenzie\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-05-10 to 2013-06-10 ))))))))))))))))))))))))))))))) . . 2013-06-10 21:40 . 2013-06-10 21:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-06-10 21:40 . 2013-06-10 21:40 -------- d-----w- c:\users\UpdatusUser.TeamMacKenzie\AppData\Local\temp 2013-06-10 21:40 . 2013-06-10 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-10 02:25 . 2013-05-12 13:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5B1705B-CE2C-473D-9C67-3A2FD5DA6B96}\mpengine.dll 2013-06-09 10:09 . 2013-06-09 10:09 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2013-06-09 10:09 . 2013-06-09 10:09 -------- d-----w- c:\users\Team MacKenzie\AppData\Roaming\Speckie 2013-06-09 10:09 . 2013-06-09 10:09 -------- d-----w- c:\users\Team MacKenzie\AppData\Local\Speckie 2013-06-09 00:46 . 2013-05-12 13:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-05 07:22 . 2013-06-05 07:21 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33A47011-2BAC-4A70-AB8F-94DA24363ACB}\gapaengine.dll 2013-06-05 07:19 . 2013-06-05 07:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-06-05 07:19 . 2013-06-05 07:19 -------- d-----w- c:\program files\Microsoft Security Client 2013-06-05 06:50 . 2013-06-05 06:50 -------- d-----w- c:\program files (x86)\ERUNT 2013-06-05 03:47 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20B3BF95-F4A8-45DE-8A4D-EBCBCEA7CC83}\mpengine.dll 2013-06-04 23:27 . 2013-06-04 23:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-04 23:27 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-04 22:20 . 2013-06-04 22:20 -------- d-----w- c:\windows\ERUNT 2013-06-04 22:19 . 2013-06-04 23:05 -------- d-----w- C:\JRT 2013-06-04 22:13 . 2013-06-04 22:13 -------- d-----w- c:\users\Team MacKenzie\AppData\Local\VS Revo Group 2013-06-04 22:13 . 2013-06-04 22:13 -------- d-----w- c:\programdata\VS Revo Group 2013-06-04 22:13 . 2009-12-30 01:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2013-06-04 22:13 . 2013-06-04 22:13 -------- d-----w- c:\program files\VS Revo Group 2013-06-03 05:48 . 2013-06-05 11:21 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-02 21:43 . 2013-06-02 21:43 -------- d-----w- C:\3ae3b71526c007986eeb86 2013-06-02 21:42 . 2013-06-05 06:47 -------- d-----w- c:\program files\AVAST Software 2013-06-02 21:24 . 2013-06-05 06:47 -------- d-----w- c:\programdata\AVAST Software 2013-05-30 03:26 . 2013-05-11 22:27 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2013-05-14 03:31 . 2013-05-14 03:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-05-14 03:31 . 2013-05-14 03:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-05 04:43 . 2013-01-05 04:59 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-05 04:43 . 2011-12-03 09:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-01 16:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-03-25 20:39 . 2013-03-25 20:39 4546560 ----a-w- c:\windows\SysWow64\GPhotos.scr . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x] R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\drivers\mbamswissarmy.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x] R3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 04:43] . 2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 15:32] . 2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 15:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-24 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-24 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-24 418584] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 243216] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Team MacKenzie\AppData\Roaming\Mozilla\Firefox\Profiles\yy6bka7m.default-1370740250419\ FF - ExtSQL: 2013-06-03 17:22; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Amazon MP3-Downloader - c:\program files (x86)\Amazon\MP3 Downloader\Uninstall.exe AddRemove-CamToPrint - c:\program files (x86)\CamToPrint\Uninstall_CamToPrint.exe AddRemove-Easy-WebPrint EX - c:\program files (x86)\Canon\Easy-WebPrint EX\Maint.exe AddRemove-HandBrake - c:\program files\Handbrake\uninst.exe AddRemove-Sunplus SPUVCb - c:\program files (x86)\SC_WebCam\uninstall.exe AddRemove-{9A8E4762-3331-4EDB-8E1F-B11179DDBC00} - c:\program files (x86)\InstallShield Installation Information\{9A8E4762-3331-4EDB-8E1F-B11179DDBC00}\setup.exe AddRemove-{AD86049C-3D9C-43E1-BE73-643F57D83D50} - c:\program files (x86)\InstallShield Installation Information\{AD86049C-3D9C-43E1-BE73-643F57D83D50}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-11 07:42:06 ComboFix-quarantined-files.txt 2013-06-10 21:42 ComboFix2.txt 2013-06-05 07:14 ComboFix3.txt 2013-06-04 11:46 . Pre-Run: 88,547,729,408 bytes free Post-Run: 89,024,143,360 bytes free . - - End Of File - - 308E092703C9C26CE067B1FC9BF6A59F D41D8CD98F00B204E9800998ECF8427E

Hi again Ron, so I'm still haveing a few issues with the computer. It is still freezing regularly, sometimes with nothing running, sometimes with Internet explorer and always when I run firefox. Firefox seems to run fine when I reset it, but then after restarting the computer it freezes again. When it freezes, the only thing I can do is force a reboot by holding the power button. Ctrl, alt, del etc doesn't help. I still have the same problem with MSE freezing too, always on the same file FRADM.ttf

Hmmm, I might have spoken to soon. It's still freezing. Can't do anything except force reboot. Just did it twice. I'll try another MSE scan too, haven't managed to finish one yet.

It seems to be running fine now. I used a different method to sort out Firefox, the one you gave didn't work- I didn't get the list of check boxes in safe mode. This worked though and was easier too. I had a quick look at the log. Do I still have Avira, Adaware and AVG running????? I have tried and tried and tried to get rid of them. Here are the logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 Run by Team MacKenzie at 19:53:38 on 2013-06-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.4328 [GMT 10:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\windows\system32\nvvsvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\windows\system32\taskhost.exe C:\windows\Explorer.EXE C:\windows\system32\Dwm.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\windows\system32\sppsvc.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wuauclt.exe C:\windows\system32\svchost.exe -k SDRSVC C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = hxxp://samsung.msn.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{8E195604-012C-40A9-A42C-2AF777527283} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B}\343564 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B}\E45445745414256343 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B}\E45445745414257383 : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Team MacKenzie\AppData\Roaming\Mozilla\Firefox\Profiles\y0b9ysgb.default-1370512249173\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - ExtSQL: 2013-06-03 17:22; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-1-29 14456] R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-1-1 25960] R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-10-8 39768] R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-7-13 13824] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-5 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-5 701512] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208] R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-13 2656536] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296] R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-15 327168] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-7-13 138024] R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-13 317440] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-5 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-7-13 471144] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 acsock;acsock;C:\windows\System32\drivers\acsock64.sys [2012-10-18 107432] S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008] S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-8 51712] S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2011-8-19 351136] S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024] S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2013-6-5 31800] S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-7-13 166704] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-18 544248] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-5 1255736] . =============== Created Last 30 ================ . 2013-06-06 09:31:55 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8BB0E2CC-74E1-4291-9E44-7D048C56DE64}\mpengine.dll 2013-06-05 08:11:03 -------- d-sh--w- C:\$RECYCLE.BIN 2013-06-05 07:22:14 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33A47011-2BAC-4A70-AB8F-94DA24363ACB}\gapaengine.dll 2013-06-05 07:22:10 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-05 07:19:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-06-05 07:19:42 -------- d-----w- C:\Program Files\Microsoft Security Client 2013-06-05 03:47:33 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20B3BF95-F4A8-45DE-8A4D-EBCBCEA7CC83}\mpengine.dll 2013-06-04 23:27:48 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-06-04 23:27:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-04 22:20:23 -------- d-----w- C:\windows\ERUNT 2013-06-04 22:19:20 -------- d-----w- C:\JRT 2013-06-04 22:13:04 -------- d-----w- C:\Users\Team MacKenzie\AppData\Local\VS Revo Group 2013-06-04 22:13:02 -------- d-----w- C:\ProgramData\VS Revo Group 2013-06-04 22:13:01 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys 2013-06-04 22:13:00 -------- d-----w- C:\Program Files\VS Revo Group 2013-06-04 07:04:21 98816 ----a-w- C:\windows\sed.exe 2013-06-04 07:04:21 256000 ----a-w- C:\windows\PEV.exe 2013-06-04 07:04:21 208896 ----a-w- C:\windows\MBR.exe 2013-06-03 05:48:28 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-06-02 21:43:30 -------- d-----w- C:\3ae3b71526c007986eeb86 2013-06-02 21:42:36 -------- d-----w- C:\Program Files\AVAST Software 2013-06-02 21:24:32 -------- d-----w- C:\ProgramData\AVAST Software 2013-05-30 03:26:48 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2013-05-19 06:30:33 -------- d-----w- C:\windows\pss 2013-05-14 03:31:10 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-05-14 03:31:10 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll . ==================== Find3M ==================== . 2013-06-05 04:43:24 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-05 04:43:24 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-05-01 16:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-03-25 20:39:46 4546560 ----a-w- C:\windows\SysWow64\GPhotos.scr . ============= FINISH: 19:54:31.53 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 03/12/2011 02:09:57 System Uptime: 06/06/2013 19:46:26 (0 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 300V3A/300V4A/300V5A Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU | 2178/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 270 GiB total, 79.034 GiB free. D: is FIXED (NTFS) - 404 GiB total, 33.899 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: BTHENUM\{F0B2DD71-FB14-4E30-A62D-931874BF282F}_LOCALMFG&0000\8&2A9577BA&0&000000000000_00000000 Manufacturer: Name: PNP Device ID: BTHENUM\{F0B2DD71-FB14-4E30-A62D-931874BF282F}_LOCALMFG&0000\8&2A9577BA&0&000000000000_00000000 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: WebCam SCB-1100N Device ID: USB\VID_2232&PID_1008&MI_00\7&35941262&0&0000 Manufacturer: SunplusIT Name: WebCam SCB-1100N PNP Device ID: USB\VID_2232&PID_1008&MI_00\7&35941262&0&0000 Service: SPUVCbv . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: avkmgr Device ID: ROOT\LEGACY_AVKMGR\0000 Manufacturer: Name: avkmgr PNP Device ID: ROOT\LEGACY_AVKMGR\0000 Service: avkmgr . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0002000A_PID&0000\8&2A9577BA&0&50566368428F_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0002000A_PID&0000\8&2A9577BA&0&50566368428F_C00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00006675-7475-7265-6469-616C62756D70}_VID&0002000A_PID&0000\8&2A9577BA&0&50566368428F_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00006675-7475-7265-6469-616C62756D70}_VID&0002000A_PID&0000\8&2A9577BA&0&50566368428F_C00000000 Service: . ==== System Restore Points =================== . RP221: 05/06/2013 07:22:54 - Windows Backup RP222: 05/06/2013 09:52:14 - avast! Free Antivirus Setup RP223: 05/06/2013 13:36:35 - Removed Google Earth Plug-in. RP224: 05/06/2013 13:38:05 - Removed Java 6 Update 29 RP225: 05/06/2013 13:38:49 - Removed Java 7 Update 15 RP226: 05/06/2013 16:42:17 - avast! Free Antivirus Setup RP227: 05/06/2013 17:21:30 - Windows Update . ==== Installed Programs ====================== . Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Lightroom 4.2 64-bit Adobe Reader XI (11.0.03) Amazon MP3-Downloader 1.0.9 Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Client Installation Program Bonjour CamToPrint Canon Easy-WebPrint EX Canon MP Navigator EX 3.0 Canon MP640 series MP Drivers Canon MP640 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CDDRV_Installer Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client CyberLink Power2Go Dropbox Easy Content Share Easy Migration EasyFileShare Eco Mode erLT ERUNT 1.1j ETDWare PS/2-X64 8.0.7.2_WHQL File Uploader Garmin Communicator Plugin Garmin Communicator Plugin x64 Garmin Lifetime Updater Garmin USB Drivers Garmin WebUpdater Google Update Helper GPL Ghostscript 8.71 GSview 4.9 HandBrake 0.9.8 iCloud Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® PROSet/Wireless WiFi-Software Intel® Rapid Storage Technology Interactive Guide iTunes KhalInstallWrapper Logitech SetPoint Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MiKTeX 2.9 Mozilla Firefox 20.0.1 (x86 en-GB) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nikon Message Center Nikon Message Center 2 Nikon Movie Editor Nikon Transfer NVIDIA Control Panel 267.54 NVIDIA Graphics Driver 267.54 NVIDIA Install Application NVIDIA Optimus 1.0.21 NVIDIA Update Components PeaZip 4.7.2 Picasa 3 Picture Control Utility QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Revo Uninstaller 1.93 Revo Uninstaller Pro 3.0.5 Samsung AnyWeb Print Samsung Control Center Samsung Printer Live Update Samsung Recovery Solution 5 Samsung Universal Print Driver Samsung Universal Scan Driver Samsung Update Plus Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Skype Click to Call Skype™ 6.3 SUPERAntiSpyware TeXnicCenter Version 1.0 Stable RC1 TikzEdt 0.2.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) ViewNX 2 VLC media player 1.1.11 Webcam 2080 series Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) WordCaptureX Pro . ==== Event Viewer Messages From Past Week ======== . 06/06/2013 19:49:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 06/06/2013 19:49:31, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 06/06/2013 19:47:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avkmgr 05/06/2013 23:06:34, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 05/06/2013 22:48:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 05/06/2013 17:12:42, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 05/06/2013 17:12:14, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 05/06/2013 17:01:28, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). 05/06/2013 13:44:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr 05/06/2013 13:44:28, Error: Service Control Manager [7003] - The avast! Antivirus service depends the following service: aswMonFlt. This service might not be installed. 05/06/2013 13:44:28, Error: Service Control Manager [7000] - The avgntflt service failed to start due to the following error: The system cannot find the file specified. 05/06/2013 09:55:29, Error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The system cannot find the file specified. 05/06/2013 09:55:28, Error: Service Control Manager [7000] - The Avira Realtime Protection service failed to start due to the following error: The system cannot find the file specified. 05/06/2013 09:55:27, Error: Service Control Manager [7000] - The Avira Scheduler service failed to start due to the following error: The system cannot find the file specified. 05/06/2013 09:55:27, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified. 05/06/2013 09:42:33, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 05/06/2013 09:42:31, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 05/06/2013 09:42:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 05/06/2013 09:42:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 05/06/2013 09:42:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 05/06/2013 09:42:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 05/06/2013 09:42:04, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache SABI SASDIFSV SASKUTIL spldr Wanarpv6 . ==== End Of File ===========================