Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

BrowseStudio file cannot be deleted [Solved]


  • This topic is locked This topic is locked
23 replies to this topic

#1 say-no-2-trojans

say-no-2-trojans

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 09 November 2014 - 11:23 AM

Hi, hope you can help

On my son's PC he has a file that we can't delete or shred via McAfee.

He keeps getting pop-up warning windows from McAfee stating that it has stopped a Potentially Unwanted Program from running. These are all from the same BrowseStudio file and every time we close or 'remove' them they just keep coming back.

Malwarebytes quarantined some files but detects no other threats with it.

Thanks

Dave


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 09 November 2014 - 06:08 PM

:welcome:

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
 
 

 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
FRST_zps5d956a1a.jpg
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check
*List BCD
*Drivers MD5
*Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 say-no-2-trojans

say-no-2-trojans

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 10 November 2014 - 03:05 PM

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-10 19:23:36
-----------------------------
19:23:36.797    OS Version: Windows x64 6.2.9200
19:23:36.797    Number of processors: 4 586 0x1001
19:23:36.798    ComputerName: LUKEMOSS  UserName:
19:23:37.831    Initialize success
19:23:38.054    VM: initialized successfully
19:23:38.055    VM: Amd CPU supported
19:27:54.709    AVAST engine defs: 14111001
19:28:05.077    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002a
19:28:05.079    Disk 0 Vendor: ST1000DM003-1CH162 CC47 Size: 953869MB BusType: 11
19:28:05.198    Disk 0 MBR read successfully
19:28:05.200    Disk 0 MBR scan
19:28:05.215    Disk 0 Windows 7 default MBR code
19:28:05.219    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          350 MB offset 2048
19:28:05.235    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953517 MB offset 718848
19:28:05.274    Disk 0 scanning C:\WINDOWS\system32\drivers
19:28:18.243    Service scanning
19:28:40.158    Modules scanning
19:28:40.163    Disk 0 trace - called modules:
19:28:40.185    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
19:28:40.188    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00161be7480]
19:28:40.192    3 CLASSPNP.SYS[fffff801c5b9c27b] -> nt!IofCallDriver -> \Device\0000002a[0xffffe00161a53060]
19:28:41.073    AVAST engine scan C:\WINDOWS
19:28:43.490    AVAST engine scan C:\WINDOWS\system32
19:33:28.428    AVAST engine scan C:\WINDOWS\system32\drivers
19:34:08.867    AVAST engine scan C:\Users\Dave Moss
19:39:47.224    File: C:\Users\Dave Moss\AppData\Local\Microsoft\Windows\INetCache\Low\IE\6OTO1VQD\we-oIsA7WJt[1].js  **SUSPICIOUS**
19:40:56.073    File: C:\Users\Dave Moss\AppData\Local\Microsoft\Windows\INetCache\Low\IE\GVCJWA9L\moma[1].js  **SUSPICIOUS**
20:04:02.596    AVAST engine scan C:\ProgramData
20:04:05.310    File: C:\ProgramData\dealpeak\TN3Rj6fyBRQYpw.exe  **INFECTED** Win32:Adware-gen [Adw]
20:07:00.798    Disk 0 statistics 3505134/0/0 @ 1.25 MB/s
20:07:00.831    Scan finished successfully
20:58:11.397    Disk 0 MBR has been saved successfully to "C:\Users\Dave Moss\Desktop\MBR.dat"
20:58:11.408    The log file has been saved successfully to "C:\Users\Dave Moss\Desktop\aswMBR.txt"

 



#4 say-no-2-trojans

say-no-2-trojans

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 10 November 2014 - 03:05 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Dave Moss (administrator) on LUKEMOSS on 10-11-2014 21:01:53
Running from C:\Users\Dave Moss\Desktop
Loaded Profile: Dave Moss (Available profiles: Dave Moss)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\British Telecom\British Telecom 802.11 Network Adapter\CppWindowsService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe
() C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.PurBrowse64.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsMap.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1388095947-3507186701-1847790041-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-11-04] (Electronic Arts)
HKU\S-1-5-21-1388095947-3507186701-1847790041-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1388095947-3507186701-1847790041-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-10-28] (PC Utilities Software Limited)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\Users\Dave Moss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9438E4CD4B97CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: dealpeak -> {5ba1e2c0-1a0a-4493-aabb-b9b3887b40e3} -> C:\ProgramData\dealpeak\TN3Rj6fyBRQYpw.x64.dll ()
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: BrowseStudio -> {1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92} -> C:\Program Files (x86)\BrowseStudio\BrowseStudiobho.dll No File
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-08-17]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-10]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3113040 2014-11-09] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 BT_WPS_Service; C:\Program Files\British Telecom\British Telecom 802.11 Network Adapter\CppWindowsService.exe [87552 2013-08-14] () [File not signed]
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MaintainerSvc4.52.864054; C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe [123632 2014-11-10] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 Update BrowseStudio; C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe [526064 2014-11-10] ()
R2 Util BrowseStudio; C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe [526064 2014-11-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-29] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2013-08-14] (CACE Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R1 {75afa305-1b32-4464-a5e2-f606c80b73a4}Gw64; C:\Windows\System32\drivers\{75afa305-1b32-4464-a5e2-f606c80b73a4}Gw64.sys [48784 2014-11-09] (StdLib)
R1 {75afa305-1b32-4464-a5e2-f606c80b73a4}w64; C:\Windows\System32\drivers\{75afa305-1b32-4464-a5e2-f606c80b73a4}w64.sys [48784 2014-11-10] (StdLib)
R1 {8fe19c8e-7524-443d-b4e0-39594b611d24}Gw64; C:\Windows\System32\drivers\{8fe19c8e-7524-443d-b4e0-39594b611d24}Gw64.sys [48784 2014-11-08] (StdLib)
U3 aswMBR; \??\C:\Users\DAVEMO~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\DAVEMO~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 21:01 - 2014-11-10 21:02 - 00016766 _____ () C:\Users\Dave Moss\Desktop\FRST.txt
2014-11-10 21:01 - 2014-11-10 21:01 - 00000000 ____D () C:\FRST
2014-11-10 21:00 - 2014-11-10 21:00 - 02116096 _____ (Farbar) C:\Users\Dave Moss\Desktop\FRST64.exe
2014-11-10 20:58 - 2014-11-10 20:58 - 00002306 _____ () C:\Users\Dave Moss\Desktop\aswMBR.txt
2014-11-10 20:58 - 2014-11-10 20:58 - 00000512 _____ () C:\Users\Dave Moss\Desktop\MBR.dat
2014-11-10 20:02 - 2014-11-10 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-10 19:23 - 2014-11-10 19:23 - 05194752 _____ (AVAST Software) C:\Users\Dave Moss\Desktop\aswMBR.exe
2014-11-10 19:20 - 2014-11-10 19:20 - 05194752 _____ (AVAST Software) C:\Users\Dave Moss\Downloads\aswMBR.exe
2014-11-10 17:40 - 2014-11-10 05:32 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{75afa305-1b32-4464-a5e2-f606c80b73a4}w64.sys
2014-11-09 18:51 - 2014-11-10 18:39 - 00000000 ____D () C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7
2014-11-09 17:12 - 2014-11-10 20:07 - 00000000 ____D () C:\ProgramData\SuperManCoupon
2014-11-09 17:12 - 2014-11-09 17:12 - 00000000 ____D () C:\ProgramData\dealpeak
2014-11-09 17:12 - 2014-11-09 17:12 - 00000000 ____D () C:\ProgramData\8101400d266d14b8
2014-11-09 16:54 - 2014-11-09 03:36 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{75afa305-1b32-4464-a5e2-f606c80b73a4}Gw64.sys
2014-11-09 11:19 - 2014-11-08 14:33 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{8fe19c8e-7524-443d-b4e0-39594b611d24}Gw64.sys
2014-11-09 11:15 - 2014-11-10 20:15 - 00000060 _____ () C:\Users\Dave Moss\AppData\Roaming\WB.CFG
2014-11-09 10:15 - 2014-11-10 20:15 - 00000324 _____ () C:\WINDOWS\Tasks\WSE_Lasaoren.job
2014-11-09 10:15 - 2014-11-09 10:15 - 00002662 _____ () C:\WINDOWS\System32\Tasks\WSE_Lasaoren
2014-11-09 10:15 - 2014-11-09 10:15 - 00000000 ____D () C:\Users\Dave Moss\AppData\Roaming\WSE_Lasaoren
2014-11-09 10:15 - 2014-11-09 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-11-09 10:15 - 2014-11-09 10:15 - 00000000 ____D () C:\Program Files (x86)\WSE_Lasaoren
2014-11-09 10:14 - 2014-11-10 20:40 - 00000000 ____D () C:\Program Files (x86)\BrowseStudio
2014-11-09 10:14 - 2014-11-09 10:15 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-10-16 19:21 - 2014-09-27 22:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-16 19:20 - 2014-09-08 03:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-16 19:20 - 2014-09-08 01:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-16 19:20 - 2014-09-08 01:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-16 19:20 - 2014-09-08 00:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-16 19:20 - 2014-09-08 00:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-16 19:20 - 2014-09-08 00:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-16 19:20 - 2014-09-08 00:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-16 19:20 - 2014-09-08 00:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-16 19:20 - 2014-09-08 00:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-16 19:20 - 2014-09-08 00:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-16 19:20 - 2014-09-07 23:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-16 19:20 - 2014-09-07 23:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-16 19:20 - 2014-09-07 23:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-16 19:20 - 2014-09-07 23:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-16 19:20 - 2014-09-04 00:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-16 19:20 - 2014-09-03 23:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-16 19:20 - 2014-09-03 23:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-16 19:19 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-16 19:19 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-16 19:19 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-16 19:19 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-16 19:19 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-16 19:19 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-16 19:19 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-16 19:19 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-16 19:19 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-16 19:19 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-16 19:19 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-16 19:19 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-16 19:19 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-16 19:19 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-16 19:19 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-16 19:19 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-16 19:19 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-16 19:19 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-16 19:19 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-16 19:19 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-16 19:19 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-16 19:19 - 2014-09-19 00:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-16 19:19 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-16 19:19 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-16 19:19 - 2014-09-19 00:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-16 19:19 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-16 19:19 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-16 19:19 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-16 19:19 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-16 19:19 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-16 19:18 - 2014-09-13 06:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-16 19:18 - 2014-09-13 05:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-16 19:18 - 2014-09-04 00:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-16 19:18 - 2014-09-04 00:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-16 19:18 - 2014-08-16 04:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-16 19:18 - 2014-08-16 04:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-16 19:18 - 2014-08-16 04:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-16 19:18 - 2014-08-16 03:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-16 19:18 - 2014-08-16 03:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-16 19:18 - 2014-08-16 03:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-16 19:18 - 2014-08-16 03:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-16 19:18 - 2014-08-16 03:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-16 19:18 - 2014-08-16 03:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-16 19:18 - 2014-08-16 01:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-16 19:18 - 2014-08-16 01:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-16 19:18 - 2014-08-16 00:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-16 19:18 - 2014-08-16 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-16 19:18 - 2014-08-16 00:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-16 19:18 - 2014-08-16 00:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-16 19:18 - 2014-08-16 00:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-16 19:18 - 2014-08-16 00:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-16 19:18 - 2014-08-16 00:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-16 19:18 - 2014-08-16 00:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-16 19:18 - 2014-08-16 00:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 19:18 - 2014-08-16 00:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-16 19:18 - 2014-08-16 00:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-16 19:18 - 2014-08-16 00:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-16 19:18 - 2014-08-16 00:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 19:18 - 2014-08-16 00:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-16 19:18 - 2014-08-16 00:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-16 19:18 - 2014-08-16 00:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-16 19:18 - 2014-08-16 00:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-16 19:18 - 2014-08-16 00:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-16 19:18 - 2014-08-16 00:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-16 19:18 - 2014-08-16 00:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-16 19:18 - 2014-08-16 00:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-16 19:18 - 2014-08-16 00:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-16 19:18 - 2014-08-16 00:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-16 19:18 - 2014-07-31 23:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-16 19:16 - 2014-10-09 22:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-16 19:16 - 2014-10-08 22:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-16 19:16 - 2014-09-19 01:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-16 19:16 - 2014-09-13 06:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-16 19:16 - 2014-09-13 05:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-16 19:16 - 2014-08-29 01:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-16 19:16 - 2014-08-28 23:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-16 19:16 - 2014-08-28 23:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-12 20:49 - 2014-10-12 20:49 - 03024238 _____ () C:\Users\Dave Moss\Documents\Doc2.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 21:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-10 20:10 - 2013-08-07 13:10 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1388095947-3507186701-1847790041-1001
2014-11-10 19:16 - 2013-11-10 13:46 - 01995479 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-10 17:43 - 2013-09-30 04:11 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-10 17:42 - 2013-11-10 13:55 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2AD24F73-3A95-4578-865F-7E6498E84839}
2014-11-10 17:42 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-10 17:40 - 2013-08-22 13:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-11-10 17:39 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-11-10 17:38 - 2013-08-17 20:55 - 00000000 ____D () C:\ProgramData\Origin
2014-11-10 17:37 - 2013-11-10 13:53 - 00000000 __RDO () C:\Users\Dave Moss\SkyDrive
2014-11-10 17:37 - 2013-08-17 20:55 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-10 17:36 - 2013-11-10 13:31 - 00000000 ____D () C:\Users\Dave Moss
2014-11-10 17:36 - 2013-09-29 20:03 - 00056312 _____ () C:\WINDOWS\PFRO.log
2014-11-10 17:36 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-09 17:07 - 2014-07-28 09:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 16:52 - 2014-07-28 09:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 16:52 - 2013-08-22 15:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-09 11:45 - 2014-07-28 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-09 11:45 - 2013-11-10 14:46 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 11:38 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-09 08:38 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-08 20:43 - 2013-08-17 20:56 - 00000000 ____D () C:\Users\Dave Moss\AppData\Roaming\Origin
2014-11-06 19:04 - 2014-10-05 09:59 - 00003275 _____ () C:\Users\Dave Moss\Documents\My Account.ods
2014-11-04 18:13 - 2013-08-17 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-01 12:56 - 2013-08-17 15:03 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-29 19:02 - 2013-08-17 15:03 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-10-27 20:44 - 2013-08-17 17:48 - 00000000 ____D () C:\Users\Dave Moss\AppData\Roaming\.minecraft
2014-10-17 15:53 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-17 15:10 - 2013-08-22 14:44 - 00410392 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-16 20:16 - 2013-10-15 18:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 20:16 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-16 20:15 - 2013-08-13 08:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 20:13 - 2013-08-07 16:09 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-16 20:12 - 2014-07-10 08:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-16 18:10 - 2013-10-15 19:23 - 00000000 ____D () C:\Users\Dave Moss\Documents\School
2014-10-11 09:24 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-10 19:05

==================== End Of Log ============================



#5 say-no-2-trojans

say-no-2-trojans

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 10 November 2014 - 03:06 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Dave Moss at 2014-11-10 21:02:30
Running from C:\Users\Dave Moss\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - MediaTechSoft Inc.) <==== ATTENTION
BT NetProtect Plus (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
dealpeak (HKLM-x32\...\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}) (Version:  - "")
Dual-Band Wi-Fi Dongle 600 (HKLM\...\British Telecom Wireless Utility) (Version: 6.30.165.11 - BT Group plc)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.2 - PC Utilities Software Limited) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
SuperManCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - SuperManCoupon) <==== ATTENTION
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.2.16.10 - Electronic Arts Inc.)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WSE_Lasaoren (HKLM-x32\...\WSE_Lasaoren) (Version:  - WSE_Lasaoren)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

22-10-2014 17:16:08 Scheduled Checkpoint
01-11-2014 18:40:22 Scheduled Checkpoint
08-11-2014 20:35:54 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {002E35E6-153E-4195-A85D-D8B425EF7A26} - \BitGuard No Task File <==== ATTENTION
Task: {0B95697C-9972-44C9-B7DD-EAC2CE7A4DE3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
Task: {82E06436-7F25-4D2C-A267-A830C12F6078} - System32\Tasks\WSE_Lasaoren => C:\Users\Dave Moss\AppData\Roaming\WSE_Lasaoren\UpdateProc\UpdateTask.exe [2014-11-09] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\WSE_Lasaoren.job => C:\Users\DAVEMO~1\AppData\Roaming\WSE_LA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-03-28 21:31 - 2013-03-28 21:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-14 16:24 - 2013-08-14 16:24 - 00087552 _____ () C:\Program Files\British Telecom\British Telecom 802.11 Network Adapter\CppWindowsService.exe
2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-09 11:18 - 2014-11-10 17:38 - 00526064 _____ () C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe
2014-11-09 11:19 - 2014-11-10 05:32 - 00353008 _____ () C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.PurBrowse64.exe
2014-11-09 06:21 - 2014-11-10 17:43 - 00526064 _____ () C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe
2014-11-09 17:45 - 2014-11-10 18:39 - 00123632 _____ () C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe
2014-09-10 15:37 - 2014-09-10 15:37 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-11-09 10:15 - 2014-11-09 10:15 - 03113040 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-04-20 18:12 - 2014-11-04 18:13 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-04-20 18:12 - 2014-11-04 18:13 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-04-20 18:12 - 2014-11-04 18:13 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-04-20 18:12 - 2014-11-04 18:13 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-04-20 18:12 - 2014-11-04 18:13 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-04-20 18:12 - 2014-11-04 18:13 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-04-20 18:12 - 2014-11-04 18:13 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-04-20 18:12 - 2014-11-04 18:13 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Dave Moss\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1388095947-3507186701-1847790041-500 - Administrator - Disabled)
Dave Moss (S-1-5-21-1388095947-3507186701-1847790041-1001 - Administrator - Enabled) => C:\Users\Dave Moss
Guest (S-1-5-21-1388095947-3507186701-1847790041-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1388095947-3507186701-1847790041-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2014 10:08:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (11/09/2014 11:40:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x1624
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (11/09/2014 11:39:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process ID: 0x6e0
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report ID: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5

Error: (11/09/2014 11:39:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x688
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report ID: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5

Error: (11/09/2014 11:31:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x1570
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (11/09/2014 11:29:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x1528
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (11/09/2014 11:12:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0xa74
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (11/09/2014 11:12:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x19e4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report ID: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (11/09/2014 10:31:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process ID: 0x708
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report ID: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5

Error: (11/09/2014 10:30:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process ID: 0x684
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report ID: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5

System errors:
=============
Error: (11/10/2014 08:42:27 PM) (Source: DCOM) (EventID: 10000) (User: LUKEMOSS)
Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}

Error: (11/10/2014 05:42:27 PM) (Source: DCOM) (EventID: 10000) (User: LUKEMOSS)
Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}

Error: (11/10/2014 05:36:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:23:07 on ‎09/‎11/‎2014 was unexpected.

Error: (11/09/2014 09:55:58 PM) (Source: DCOM) (EventID: 10000) (User: LUKEMOSS)
Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}

Error: (11/09/2014 05:20:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update BrowseStudio service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/09/2014 05:20:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Util BrowseStudio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/09/2014 05:20:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update BrowseStudio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/09/2014 05:03:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update BrowseStudio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/09/2014 05:03:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update BrowseStudio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/09/2014 05:02:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update BrowseStudio service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (11/09/2014 10:08:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (11/09/2014 11:40:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd162401cffc1203bfe4f3C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll41ba5e8a-6805-11e4-bf73-60a44c3dbd16

Error: (11/09/2014 11:39:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a6e001cffc11cd5b2943C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe14003ac6-6805-11e4-bf73-60a44c3dbd16

Error: (11/09/2014 11:39:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd68801cffc11c3e8c387C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll0b02f030-6805-11e4-bf73-60a44c3dbd16

Error: (11/09/2014 11:31:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd157001cffc10afc4fbfdC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlled941327-6803-11e4-bf72-60a44c3dbd16

Error: (11/09/2014 11:29:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd152801cffc105bf7eeecC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll99ed0533-6803-11e4-bf72-60a44c3dbd16

Error: (11/09/2014 11:12:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fda7401cffc0e1c2f2ab8C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll59f4a6c0-6801-11e4-bf72-60a44c3dbd16

Error: (11/09/2014 11:12:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd19e401cffc0dff9ffc17C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll3d6f946c-6801-11e4-bf72-60a44c3dbd16

Error: (11/09/2014 10:31:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a70801cffc0839e814bcC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe8090818c-67fb-11e4-bf72-60a44c3dbd16

Error: (11/09/2014 10:30:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd68401cffc0830a81622C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll778fdbcb-67fb-11e4-bf72-60a44c3dbd16

==================== Memory info ===========================

Processor: AMD A10-5800K APU with Radeon™ HD Graphics
Percentage of memory in use: 27%
Total physical RAM: 8136.93 MB
Available physical RAM: 5919.92 MB
Total Pagefile: 9416.93 MB
Available Pagefile: 6713.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:836.06 GB) NTFS
Drive d: (Sims4_2) (CDROM) (Total:0.48 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 50355C41)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 November 2014 - 04:21 PM

You have a lot going on,lets run these programs, I am providing instructions for downloading , installing and running the latest version of Malwarebytes, if its still on your system uninstall the old version first before you proceed.

 

 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 say-no-2-trojans

    say-no-2-trojans

      Authentic Member

    • Authentic Member
    • PipPip
    • 108 posts

    Posted 11 November 2014 - 02:21 PM

    # AdwCleaner v4.101 - Report created 11/11/2014 at 19:51:34
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-11.1 [Live]
    # Operating System : Windows 8.1  (64 bits)
    # Username : Dave Moss - LUKEMOSS
    # Running from : C:\Users\Dave Moss\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : 70e6ca8c
    [#] Service Deleted : Update BrowseStudio
    [#] Service Deleted : Util BrowseStudio
    Service Deleted : {75afa305-1b32-4464-a5e2-f606c80b73a4}Gw64
    Service Deleted : {75afa305-1b32-4464-a5e2-f606c80b73a4}w64
    Service Deleted : {8fe19c8e-7524-443d-b4e0-39594b611d24}Gw64

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\BitGuard
    Folder Deleted : C:\ProgramData\dealpeak
    Folder Deleted : C:\ProgramData\SuperManCoupon
    Folder Deleted : C:\ProgramData\8101400d266d14b8
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
    Folder Deleted : C:\Program Files (x86)\Delta
    Folder Deleted : C:\Program Files (x86)\Optimizer Pro
    Folder Deleted : C:\Program Files (x86)\WSE_Lasaoren
    Folder Deleted : C:\Program Files (x86)\BrowseStudio
    Folder Deleted : C:\Users\DAVEMO~1\AppData\Local\Temp\BrowseStudio
    Folder Deleted : C:\Users\Dave Moss\AppData\Roaming\WSE_Lasaoren
    Folder Deleted : C:\Users\Dave Moss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
    File Deleted : C:\WINDOWS\System32\\drivers\{75afa305-1b32-4464-a5e2-f606c80b73a4}Gw64.sys
    File Deleted : C:\WINDOWS\System32\\drivers\{75afa305-1b32-4464-a5e2-f606c80b73a4}w64.sys
    File Deleted : C:\WINDOWS\System32\\drivers\{8fe19c8e-7524-443d-b4e0-39594b611d24}Gw64.sys

    ***** [ Scheduled Tasks ] *****

    Task Deleted : BitGuard
    Task Deleted : WSE_Lasaoren

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
    Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update BrowseStudio
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util BrowseStudio
    Key Deleted : HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateBrowseStudio.exe
    Key Deleted : HKCU\Software\52558c8dbd6eb840
    Key Deleted : HKLM\SOFTWARE\52558c8dbd6eb840
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{b8f74fd2-41c2-4e1c-8941-d70b0bc59ff0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKCU\Software\BABSOLUTION
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\filescout
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\WSE_Lasaoren
    Key Deleted : HKCU\Software\BrowseStudio
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\Delta
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\BrowseStudio
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Lasaoren
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\news.en.softonic.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweetkiss.me
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\uk.ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vshare.eu
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.sweetkiss.me

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344

    *************************

    AdwCleaner[R0].txt - [8305 octets] - [11/11/2014 19:50:20]
    AdwCleaner[S0].txt - [7512 octets] - [11/11/2014 19:51:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7572 octets] ##########



    #8 say-no-2-trojans

    say-no-2-trojans

      Authentic Member

    • Authentic Member
    • PipPip
    • 108 posts

    Posted 11 November 2014 - 02:22 PM

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.7 (11.08.2014:1)
    OS: Windows 8.1 x64
    Ran by Dave Moss on 11/11/2014 at 20:00:08.09
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

     

    ~~~ Registry Keys

     

    ~~~ Files

    Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

     

    ~~~ Folders

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11/11/2014 at 20:02:09.72
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    #9 say-no-2-trojans

    say-no-2-trojans

      Authentic Member

    • Authentic Member
    • PipPip
    • 108 posts

    Posted 11 November 2014 - 02:22 PM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/11/2014
    Scan Time: 20:12:44
    Logfile:
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.11.08
    Rootkit Database: v2014.11.11.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Dave Moss

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 318052
    Time Elapsed: 6 min, 39 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 1
    PUP.Optional.MaintainerSvc.A, C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe, 1552, , [8cf8ca703d3f4de96ef3439ce31e9868]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc4.52.864054, , [8cf8ca703d3f4de96ef3439ce31e9868],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 3
    PUP.Optional.MaintainerSvc.A, C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe, , [8cf8ca703d3f4de96ef3439ce31e9868],
    PUP.Optional.BrowseStudio.A, C:\$Recycle.Bin\S-1-5-21-1388095947-3507186701-1847790041-1001\$RQKXRUK.dll, , [e3a18fabd6a6aa8c1d2ac21f14edd729],
    PUP.Optional.BPlug, C:\Users\Dave Moss\AppData\Local\Temp\is1488139799\0B6C1EBA_stp.EXE, , [8afad5655d1f0a2c75acc2012ad739c7],

    Physical Sectors: 0
    (No malicious items detected)

    (end)



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 November 2014 - 02:29 PM

    :thumbup:

     

     

    Go ahead and run a new scan with FRST, be sure to Checkmark Additions and post both logs and lets see where we stand



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 say-no-2-trojans

    say-no-2-trojans

      Authentic Member

    • Authentic Member
    • PipPip
    • 108 posts

    Posted 11 November 2014 - 04:14 PM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
    Ran by Dave Moss (administrator) on LUKEMOSS on 11-11-2014 22:13:10
    Running from C:\Users\Dave Moss\Desktop
    Loaded Profile: Dave Moss (Available profiles: Dave Moss)
    Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    () C:\Program Files\British Telecom\British Telecom 802.11 Network Adapter\CppWindowsService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Config.Msi\509ef6.rbf
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-1388095947-3507186701-1847790041-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-11-04] (Electronic Arts)
    HKU\S-1-5-21-1388095947-3507186701-1847790041-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
    Startup: C:\Users\Dave Moss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9438E4CD4B97CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    BHO: dealpeak -> {5ba1e2c0-1a0a-4493-aabb-b9b3887b40e3} -> C:\ProgramData\dealpeak\TN3Rj6fyBRQYpw.x64.dll No File
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-08-17]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-10]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-10]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
    R2 BT_WPS_Service; C:\Program Files\British Telecom\British Telecom 802.11 Network Adapter\CppWindowsService.exe [87552 2013-08-14] () [File not signed]
    R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
    S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)
    S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-29] (Advanced Micro Devices, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2013-08-14] (CACE Technologies, Inc.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-11 21:16 - 2014-10-23 05:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
    2014-11-11 21:16 - 2014-10-23 05:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
    2014-11-11 20:28 - 2014-11-11 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-11-11 20:10 - 2014-11-11 20:10 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-11-11 20:09 - 2014-11-11 20:09 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-11 20:09 - 2014-11-11 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-11 20:09 - 2014-11-11 20:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-11 20:09 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-11-11 20:09 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-11-11 20:09 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-11-11 20:07 - 2014-11-11 20:07 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Dave Moss\Desktop\mbam-setup-2.0.3.1025.exe
    2014-11-11 20:02 - 2014-11-11 20:02 - 00000675 _____ () C:\Users\Dave Moss\Desktop\JRT.txt
    2014-11-11 20:00 - 2014-11-11 20:00 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-11-11 19:55 - 2014-11-11 19:55 - 01706808 _____ (Thisisu) C:\Users\Dave Moss\Desktop\JRT.exe
    2014-11-11 19:52 - 2014-11-11 19:52 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-11-11 19:50 - 2014-11-11 19:51 - 00000000 ____D () C:\AdwCleaner
    2014-11-11 19:49 - 2014-11-11 19:49 - 02140160 _____ () C:\Users\Dave Moss\Desktop\AdwCleaner.exe
    2014-11-11 19:15 - 2014-11-11 19:15 - 00022528 _____ () C:\Users\Dave Moss\AppData\Local\92328750dsisetup923335462.exe
    2014-11-11 19:15 - 2014-11-11 19:15 - 00000001 _____ () C:\Users\Dave Moss\AppData\Local\DSI.DAT
    2014-11-10 21:01 - 2014-11-11 22:13 - 00014528 _____ () C:\Users\Dave Moss\Desktop\FRST.txt
    2014-11-10 21:01 - 2014-11-11 22:13 - 00000000 ____D () C:\FRST
    2014-11-10 21:00 - 2014-11-10 21:00 - 02116096 _____ (Farbar) C:\Users\Dave Moss\Desktop\FRST64.exe
    2014-11-10 20:58 - 2014-11-10 20:58 - 00002306 _____ () C:\Users\Dave Moss\Desktop\aswMBR.txt
    2014-11-10 20:58 - 2014-11-10 20:58 - 00000512 _____ () C:\Users\Dave Moss\Desktop\MBR.dat
    2014-11-10 19:23 - 2014-11-10 19:23 - 05194752 _____ (AVAST Software) C:\Users\Dave Moss\Desktop\aswMBR.exe
    2014-11-10 19:20 - 2014-11-10 19:20 - 05194752 _____ (AVAST Software) C:\Users\Dave Moss\Downloads\aswMBR.exe
    2014-11-09 18:51 - 2014-11-11 20:23 - 00000000 ____D () C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7
    2014-11-09 11:15 - 2014-11-11 19:15 - 00000136 _____ () C:\Users\Dave Moss\AppData\Roaming\WB.CFG
    2014-10-16 19:21 - 2014-09-27 22:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-10-16 19:20 - 2014-09-08 03:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2014-10-16 19:20 - 2014-09-08 01:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2014-10-16 19:20 - 2014-09-08 01:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2014-10-16 19:20 - 2014-09-08 00:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2014-10-16 19:20 - 2014-09-08 00:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2014-10-16 19:20 - 2014-09-08 00:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2014-10-16 19:20 - 2014-09-08 00:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2014-10-16 19:20 - 2014-09-08 00:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2014-10-16 19:20 - 2014-09-08 00:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2014-10-16 19:20 - 2014-09-08 00:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2014-10-16 19:20 - 2014-09-07 23:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2014-10-16 19:20 - 2014-09-07 23:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2014-10-16 19:20 - 2014-09-07 23:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2014-10-16 19:20 - 2014-09-07 23:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2014-10-16 19:20 - 2014-09-04 00:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2014-10-16 19:20 - 2014-09-03 23:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-10-16 19:20 - 2014-09-03 23:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2014-10-16 19:19 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-10-16 19:19 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-10-16 19:19 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-10-16 19:19 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-10-16 19:19 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-10-16 19:19 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-10-16 19:19 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-10-16 19:19 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-10-16 19:19 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-10-16 19:19 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-10-16 19:19 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-10-16 19:19 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-10-16 19:19 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-10-16 19:19 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-10-16 19:19 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-10-16 19:19 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-10-16 19:19 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-10-16 19:19 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-10-16 19:19 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-10-16 19:19 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-10-16 19:19 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-10-16 19:19 - 2014-09-19 00:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-10-16 19:19 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-10-16 19:19 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-10-16 19:19 - 2014-09-19 00:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-10-16 19:19 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-10-16 19:19 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-10-16 19:19 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-10-16 19:19 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-10-16 19:19 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-10-16 19:18 - 2014-09-04 00:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2014-10-16 19:18 - 2014-09-04 00:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2014-10-16 19:18 - 2014-08-16 04:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-10-16 19:18 - 2014-08-16 04:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2014-10-16 19:18 - 2014-08-16 04:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2014-10-16 19:18 - 2014-08-16 03:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2014-10-16 19:18 - 2014-08-16 03:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-10-16 19:18 - 2014-08-16 03:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-10-16 19:18 - 2014-08-16 03:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-10-16 19:18 - 2014-08-16 03:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2014-10-16 19:18 - 2014-08-16 03:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2014-10-16 19:18 - 2014-08-16 01:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2014-10-16 19:18 - 2014-08-16 01:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
    2014-10-16 19:18 - 2014-08-16 00:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2014-10-16 19:18 - 2014-08-16 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
    2014-10-16 19:18 - 2014-08-16 00:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2014-10-16 19:18 - 2014-08-16 00:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2014-10-16 19:18 - 2014-08-16 00:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
    2014-10-16 19:18 - 2014-08-16 00:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
    2014-10-16 19:18 - 2014-08-16 00:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2014-10-16 19:18 - 2014-08-16 00:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
    2014-10-16 19:18 - 2014-08-16 00:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-10-16 19:18 - 2014-08-16 00:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2014-10-16 19:18 - 2014-08-16 00:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-10-16 19:18 - 2014-08-16 00:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2014-10-16 19:18 - 2014-08-16 00:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-10-16 19:18 - 2014-08-16 00:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-10-16 19:18 - 2014-08-16 00:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2014-10-16 19:18 - 2014-08-16 00:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
    2014-10-16 19:18 - 2014-08-16 00:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2014-10-16 19:18 - 2014-08-16 00:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2014-10-16 19:18 - 2014-08-16 00:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
    2014-10-16 19:18 - 2014-08-16 00:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
    2014-10-16 19:18 - 2014-08-16 00:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-10-16 19:18 - 2014-08-16 00:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2014-10-16 19:18 - 2014-08-16 00:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
    2014-10-16 19:18 - 2014-07-31 23:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-10-16 19:16 - 2014-10-09 22:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2014-10-16 19:16 - 2014-10-08 22:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2014-10-16 19:16 - 2014-09-19 01:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2014-10-16 19:16 - 2014-09-13 06:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2014-10-16 19:16 - 2014-09-13 05:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2014-10-16 19:16 - 2014-08-29 01:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2014-10-16 19:16 - 2014-08-28 23:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-10-16 19:16 - 2014-08-28 23:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-10-12 20:49 - 2014-10-12 20:49 - 03024238 _____ () C:\Users\Dave Moss\Documents\Doc2.odt

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-11 22:05 - 2013-11-10 13:46 - 01495036 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-11-11 21:53 - 2013-10-15 18:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-11 21:53 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-11-11 21:51 - 2013-08-13 08:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-11 21:50 - 2013-08-07 16:09 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-11-11 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-11-11 20:49 - 2013-08-07 13:10 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1388095947-3507186701-1847790041-1001
    2014-11-11 20:27 - 2013-09-30 04:11 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-11-11 20:24 - 2013-11-10 13:53 - 00000000 __RDO () C:\Users\Dave Moss\SkyDrive
    2014-11-11 20:24 - 2013-08-17 20:55 - 00000000 ____D () C:\Program Files (x86)\Origin
    2014-11-11 20:23 - 2013-09-29 20:03 - 00058714 _____ () C:\WINDOWS\PFRO.log
    2014-11-11 20:23 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-11-11 20:23 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
    2014-11-11 20:06 - 2013-08-17 20:55 - 00000000 ____D () C:\ProgramData\Origin
    2014-11-11 20:04 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-11-11 18:57 - 2013-11-10 13:55 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2AD24F73-3A95-4578-865F-7E6498E84839}
    2014-11-11 18:51 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-11-10 17:40 - 2013-08-22 13:25 - 00000194 _____ () C:\WINDOWS\win.ini
    2014-11-10 17:39 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
    2014-11-10 17:36 - 2013-11-10 13:31 - 00000000 ____D () C:\Users\Dave Moss
    2014-11-09 16:52 - 2013-08-22 15:36 - 00000000 __RSD () C:\WINDOWS\Media
    2014-11-09 08:38 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-11-08 20:43 - 2013-08-17 20:56 - 00000000 ____D () C:\Users\Dave Moss\AppData\Roaming\Origin
    2014-11-06 19:04 - 2014-10-05 09:59 - 00003275 _____ () C:\Users\Dave Moss\Documents\My Account.ods
    2014-11-04 18:13 - 2013-08-17 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2014-11-01 12:56 - 2013-08-17 15:03 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2014-10-30 00:55 - 2013-08-22 15:38 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-10-30 00:55 - 2013-08-22 15:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-29 19:02 - 2013-08-17 15:03 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2014-10-27 20:44 - 2013-08-17 17:48 - 00000000 ____D () C:\Users\Dave Moss\AppData\Roaming\.minecraft
    2014-10-17 15:53 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-10-17 15:10 - 2013-08-22 14:44 - 00410392 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
    2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
    2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-10-16 21:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-10-16 20:12 - 2014-07-10 08:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-10-16 18:10 - 2013-10-15 19:23 - 00000000 ____D () C:\Users\Dave Moss\Documents\School

    Some content of TEMP:
    ====================
    C:\Users\Dave Moss\AppData\Local\Temp\Quarantine.exe
    C:\Users\Dave Moss\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-11-11 20:49

    ==================== End Of Log ============================



    #12 say-no-2-trojans

    say-no-2-trojans

      Authentic Member

    • Authentic Member
    • PipPip
    • 108 posts

    Posted 11 November 2014 - 04:15 PM

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
    Ran by Dave Moss at 2014-11-11 22:13:40
    Running from C:\Users\Dave Moss\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    BT NetProtect Plus (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
    Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
    Dual-Band Wi-Fi Dongle 600 (HKLM\...\British Telecom Wireless Utility) (Version: 6.30.165.11 - BT Group plc)
    Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
    Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
    SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
    The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
    The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
    The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
    The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
    The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
    The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
    The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
    The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
    The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
    The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
    The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
    The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
    The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
    The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
    The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
    The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
    The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
    The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
    The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.2.16.10 - Electronic Arts Inc.)
    The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points  =========================

    22-10-2014 17:16:08 Scheduled Checkpoint
    01-11-2014 18:40:22 Scheduled Checkpoint
    08-11-2014 20:35:54 Scheduled Checkpoint
    11-11-2014 21:48:39 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {5C8499DD-F1EF-4F5A-AB1C-6AF7CD32E1B6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-11] (Microsoft Corporation)

    ==================== Loaded Modules (whitelisted) =============

    2013-03-28 21:31 - 2013-03-28 21:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
    2012-09-23 12:53 - 2012-09-23 12:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
    2012-09-23 12:53 - 2012-09-23 12:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
    2013-08-14 16:24 - 2013-08-14 16:24 - 00087552 _____ () C:\Program Files\British Telecom\British Telecom 802.11 Network Adapter\CppWindowsService.exe
    2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2014-04-20 18:12 - 2014-11-04 18:13 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
    2014-04-20 18:12 - 2014-11-04 18:13 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
    2014-04-20 18:12 - 2014-11-04 18:13 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
    2014-04-20 18:12 - 2014-11-04 18:13 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
    2014-04-20 18:12 - 2014-11-04 18:13 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
    2014-04-20 18:12 - 2014-11-04 18:13 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
    2014-04-20 18:12 - 2014-11-04 18:13 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
    2014-04-20 18:12 - 2014-11-04 18:13 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Dave Moss\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1388095947-3507186701-1847790041-500 - Administrator - Disabled)
    Dave Moss (S-1-5-21-1388095947-3507186701-1847790041-1001 - Administrator - Enabled) => C:\Users\Dave Moss
    Guest (S-1-5-21-1388095947-3507186701-1847790041-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1388095947-3507186701-1847790041-1004 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (11/11/2014 09:44:25 PM) (Source: DCOM) (EventID: 10000) (User: LUKEMOSS)
    Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD A10-5800K APU with Radeon™ HD Graphics
    Percentage of memory in use: 22%
    Total physical RAM: 8136.93 MB
    Available physical RAM: 6273.83 MB
    Total Pagefile: 9416.93 MB
    Available Pagefile: 7408.28 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.17 GB) (Free:834.93 GB) NTFS
    Drive d: (Sims4_2) (CDROM) (Total:0.48 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 50355C41)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #13 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 November 2014 - 04:41 PM

    Thanks for the logs, how are you liking windows 8 ?   Tell you a funny story, last year when win 8 just came out a friend of mine bought a new HP all in one desktop with Win 8 and after a few weeks he managed to infect it, I went over and was totally lost, I couldnt even find windows notepad :(   But I love challengers and got a new Dell all in One with win 8 and so far I am really loving it

     

    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
     
    Start
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
    BHO: dealpeak -> {5ba1e2c0-1a0a-4493-aabb-b9b3887b40e3} -> C:\ProgramData\dealpeak\TN3Rj6fyBRQYpw.x64.dll No File
    C:\ProgramData\dealpeak
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

     



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #14 say-no-2-trojans

    say-no-2-trojans

      Authentic Member

    • Authentic Member
    • PipPip
    • 108 posts

    Posted 12 November 2014 - 03:05 AM

    This is my son's PC - I get totally lost on Windows 8: I'm still running XP!!! 

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
    Ran by Dave Moss at 2014-11-12 08:55:27 Run:1
    Running from C:\Users\Dave Moss\Desktop
    Loaded Profile: Dave Moss (Available profiles: Dave Moss)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
    BHO: dealpeak -> {5ba1e2c0-1a0a-4493-aabb-b9b3887b40e3} -> C:\ProgramData\dealpeak\TN3Rj6fyBRQYpw.x64.dll No File
    C:\ProgramData\dealpeak
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}" => Key deleted successfully.
    "HKCR\CLSID\{A25AC313-DD19-4238-ACA2-401D6BEE4321}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ba1e2c0-1a0a-4493-aabb-b9b3887b40e3}" => Key deleted successfully.
    "HKCR\CLSID\{5ba1e2c0-1a0a-4493-aabb-b9b3887b40e3}" => Key deleted successfully.
    "C:\ProgramData\dealpeak" => File/Directory not found.

    =========  ipconfig /flushdns =========

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 2.8 GB temporary data.

    The system needed a reboot.

    ==== End of Fixlog ====



    #15 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 12 November 2014 - 05:21 AM

    Great, how is your system behaving now ??



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users