Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible trojan infection? SuperAntispyware........ [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There may be a problem with that

If you right click the ISO file you should get the option to burn to cd
Could you do that
  • 0

Advertisements


#17
valleyboy

valleyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 205 posts

Will do it right now...........


  • 0

#18
valleyboy

valleyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 205 posts

Ok. That worked, here's the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by SYSTEM on MININT-TR8AQF9 on 31-05-2015 14:55:15
Running from d:\
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [1008128 2014-04-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\Nick\...\Run: [KekjOzofe] => regsvr32.exe "C:\ProgramData\KekjOzofe\CoyegVelfo.mro"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [456000 2015-05-06] (Amazon Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-02-26] (Broadcom Corporation.)
S3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-06-30] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-08-05] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-02-26] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7545008 2015-02-26] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
S3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 10:59 - 2015-05-31 10:59 - 00806816 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\Nick\Downloads\rufus-2.1.exe
2015-05-31 10:09 - 2015-05-31 10:09 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-05-31 08:08 - 2015-05-31 08:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-31 08:07 - 2015-05-31 12:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-31 08:07 - 2015-05-31 08:55 - 00000000 ____D () C:\Users\Nick\Desktop\mbar
2015-05-31 08:07 - 2015-05-31 08:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-05-31 08:07 - 2015-05-31 08:07 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-05-30 23:30 - 2015-05-30 23:30 - 00000000 ___HD () C:\Users\Nick\AppData\Roaming\466A1A04
2015-05-30 14:09 - 2015-05-31 08:58 - 00000000 __SHD () C:\Users\Nick\AppData\Local\EmieUserList
2015-05-30 14:09 - 2015-05-31 08:58 - 00000000 __SHD () C:\Users\Nick\AppData\Local\EmieSiteList
2015-05-30 14:05 - 2015-05-30 14:07 - 00000000 ____D () C:\ProgramData\KekjOzofe
2015-05-30 14:04 - 2015-05-30 14:04 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nick\Desktop\mbar-1.09.1.1004.exe
2015-05-29 21:16 - 2015-05-29 21:16 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-05-28 20:50 - 2015-05-29 21:38 - 00024028 _____ () C:\Users\Nick\Desktop\Addition.txt
2015-05-28 20:45 - 2015-05-29 21:38 - 00026665 _____ () C:\Users\Nick\Desktop\FRST.txt
2015-05-28 20:43 - 2015-05-30 21:29 - 00000000 ____D () C:\FRST
2015-05-28 20:20 - 2015-05-28 20:20 - 02108928 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2015-05-20 20:10 - 2015-05-20 20:10 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-08 06:42 - 2015-05-08 06:42 - 02181358 _____ () C:\Users\Nick\Desktop\HELP_RESTORE_FILES.bmp
2015-05-08 06:42 - 2015-05-08 06:42 - 00001726 _____ () C:\Users\Nick\Desktop\Save_Files.lnk
2015-05-07 18:39 - 2015-05-08 06:42 - 00247398 _____ () C:\Users\Nick\AppData\Local\log.html
2015-05-07 18:39 - 2015-05-08 06:42 - 00000752 _____ () C:\Users\Nick\AppData\Local\storage.bin
2015-05-06 06:36 - 2015-05-06 06:36 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-05-05 04:24 - 2015-05-29 17:16 - 00000000 ____D () C:\SUPERDelete
2015-05-05 04:23 - 2015-05-31 08:58 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-05 04:23 - 2015-05-29 17:16 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-05-05 04:23 - 2015-05-05 04:23 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-05-05 04:23 - 2015-05-05 04:23 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2015-05-04 19:11 - 2015-05-04 19:26 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Apple Computer
2015-05-04 19:11 - 2015-05-04 19:11 - 00000000 ____D () C:\Users\Nick\AppData\Local\Apple Computer
2015-05-04 19:09 - 2015-05-04 19:09 - 00001776 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-04 19:02 - 2012-10-03 15:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2015-05-04 19:00 - 2015-05-29 17:16 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-04 19:00 - 2015-05-04 19:02 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-04 19:00 - 2015-05-04 19:02 - 00000000 ____D () C:\Program Files\iTunes
2015-05-04 19:00 - 2015-05-04 19:00 - 00000000 ____D () C:\Program Files\iPod
2015-05-04 19:00 - 2015-05-04 19:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-04 18:59 - 2015-05-04 18:59 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-04 18:59 - 2015-05-04 18:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\Apple
2015-05-04 18:59 - 2015-05-04 18:59 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-04 18:57 - 2015-05-04 19:00 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-04 18:57 - 2015-05-04 18:57 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-04 18:57 - 2015-05-04 18:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-05-04 18:55 - 2015-05-29 17:16 - 00000000 ____D () C:\ProgramData\Apple
2015-05-04 17:59 - 2015-05-29 17:16 - 00000000 ____D () C:\ProgramData\ToshibaEurope
2015-05-04 17:41 - 2015-05-04 17:41 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Mozilla
2015-05-04 17:41 - 2015-05-04 17:41 - 00000000 ____D () C:\Users\Nick\AppData\Local\Mozilla
2015-05-04 17:28 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2015-05-04 17:21 - 2015-05-29 17:16 - 00000000 ____D () C:\Users\Nick\.swt
2015-05-04 17:21 - 2015-05-04 17:21 - 00001817 _____ () C:\Users\Public\Desktop\Vuze.lnk
2015-05-04 17:20 - 2015-05-07 19:55 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Azureus
2015-05-04 17:19 - 2015-05-04 17:20 - 00000000 ____D () C:\Program Files\Vuze
2015-05-04 17:16 - 2015-05-31 09:13 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F9FF822C-0040-496B-AFAC-33AEBC7E4EF4}
2015-05-04 17:15 - 2015-05-04 17:15 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2015-05-04 17:08 - 2015-05-04 17:08 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Macromedia
2015-05-04 17:07 - 2015-05-31 13:51 - 00000000 ___RD () C:\Users\Nick\OneDrive
2015-05-04 17:06 - 2015-05-31 09:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3762328459-3212051721-594648359-1001
2015-05-04 17:05 - 2015-03-03 13:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-05-04 17:04 - 2015-05-04 17:04 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-04 17:04 - 2015-05-04 17:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-05-04 17:02 - 2015-05-04 17:02 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-04 17:02 - 2015-05-04 17:02 - 00000000 ____D () C:\Users\Nick\AppData\Local\TOSHIBA
2015-05-04 16:59 - 2015-05-04 17:04 - 00000000 ____D () C:\Users\Nick\AppData\Local\Packages
2015-05-04 16:59 - 2015-05-04 16:59 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Adobe
2015-05-04 16:59 - 2015-05-04 16:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\VirtualStore
2015-05-04 16:53 - 2015-05-31 12:57 - 00000000 ____D () C:\users\Nick
2015-05-04 16:53 - 2015-05-04 16:53 - 00000020 ___SH () C:\Users\Nick\ntuser.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 13:52 - 2015-02-26 00:33 - 00465220 _____ () C:\Users\Public\CAFADEBUG.log
2015-05-31 13:52 - 2015-02-26 00:03 - 02020502 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 13:52 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 13:50 - 2014-09-09 23:39 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 13:50 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\sru
2015-05-31 13:45 - 2013-08-22 14:46 - 00025898 _____ () C:\Windows\setupact.log
2015-05-31 13:15 - 2014-09-09 23:39 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 12:58 - 2014-05-06 07:45 - 00738132 _____ () C:\Windows\System32\perfh01D.dat
2015-05-31 12:58 - 2014-05-06 07:45 - 00156256 _____ () C:\Windows\System32\perfc01D.dat
2015-05-31 12:58 - 2014-05-06 07:24 - 00454216 _____ () C:\Windows\System32\perfh014.dat
2015-05-31 12:58 - 2014-05-06 07:24 - 00081138 _____ () C:\Windows\System32\perfc014.dat
2015-05-31 12:58 - 2014-05-06 07:03 - 00439822 _____ () C:\Windows\System32\perfh00B.dat
2015-05-31 12:58 - 2014-05-06 07:03 - 00085674 _____ () C:\Windows\System32\perfc00B.dat
2015-05-31 12:58 - 2014-05-06 06:43 - 00469124 _____ () C:\Windows\System32\perfh006.dat
2015-05-31 12:58 - 2014-05-06 06:43 - 00083646 _____ () C:\Windows\System32\perfc006.dat
2015-05-31 12:58 - 2014-03-18 15:25 - 03290732 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-31 12:58 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2015-05-31 12:54 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2015-05-31 12:53 - 2014-03-18 08:13 - 00049032 _____ () C:\Windows\PFRO.log
2015-05-31 12:46 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-31 09:12 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-31 08:56 - 2013-08-22 14:45 - 00000000 ____D () C:\Windows\Setup
2015-05-29 17:16 - 2015-02-26 00:43 - 00000000 ____D () C:\ProgramData\WildTangent
2015-05-29 17:16 - 2015-02-26 00:33 - 00000000 ____D () C:\ProgramData\Temp
2015-05-29 17:16 - 2015-02-26 00:33 - 00000000 ____D () C:\ProgramData\install_clap
2015-05-29 17:16 - 2015-02-26 00:33 - 00000000 ____D () C:\ProgramData\CyberLink
2015-05-29 17:16 - 2015-02-26 00:14 - 00000000 ____D () C:\ProgramData\SRS Labs
2015-05-29 17:16 - 2015-02-26 00:11 - 00000000 ____D () C:\ProgramData\Conexant
2015-05-29 17:16 - 2015-02-26 00:06 - 00000000 ____D () C:\ProgramData\Intel
2015-05-29 17:16 - 2015-02-26 00:06 - 00000000 ____D () C:\Intel
2015-05-29 17:16 - 2014-09-10 23:40 - 00000000 ____D () C:\Toshiba
2015-05-29 17:16 - 2014-09-09 23:41 - 00000000 ____D () C:\ProgramData\WinZip
2015-05-29 17:16 - 2014-09-09 23:40 - 00000000 ____D () C:\ProgramData\Skype
2015-05-29 17:16 - 2014-09-09 23:25 - 00000000 ____D () C:\ProgramData\TOSHIBA
2015-05-29 15:38 - 2015-02-26 00:36 - 00000000 ____D () C:\Users\Public\CyberLink
2015-05-29 15:38 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-20 20:11 - 2014-09-09 23:39 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-06 18:06 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\migwiz
2015-05-04 20:27 - 2015-02-26 00:53 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-04 17:52 - 2015-02-26 00:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-04 17:29 - 2015-02-26 00:53 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-05-04 17:28 - 2013-08-22 15:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-04 16:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\restore
2015-05-04 16:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2015-05-29 13:44:56
Restore point made on: 2015-05-30 14:03:01
Restore point made on: 2015-05-31 08:54:48

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3978.94 MB
Available physical RAM: 3207.74 MB
Total Pagefile: 3978.94 MB
Available Pagefile: 3219.5 MB
Total Virtual: 131072 MB
Available Virtual: 131071.88 MB

==================== Drives ================================

Drive c: (TI31381700A) (Fixed) (Total:686.59 GB) (Free:572.79 GB) NTFS
Drive d: (May 31 2015) (CDROM) (Total:0.69 GB) (Free:0.33 GB) UDF
Drive e: (System) (Fixed) (Total:1 GB) (Free:0.61 GB) NTFS
Drive f: () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
Drive g: (Recovery) (Fixed) (Total:10.82 GB) (Free:0.97 GB) NTFS
Drive h: (System) (Fixed) (Total:1 GB) (Free:0.61 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2015-05-31 09:26

==================== End of log ============================


  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if this can rise from the dead :)
 
Download the attached fixlist.txt and save to the same CD as FRST
Attached File  fixlist.txt   591bytes   98 downloads
Run FRST as before from the recovery console but this time press fix.
On completion a log will be generated, copy that to the CD
Reboot to normal mode and run a fresh FRST scan and post the fix log from the CD
  • 0

#20
valleyboy

valleyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 205 posts

Heres the fix log, scan is still running, will post the scan log shortly:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by SYSTEM at 2015-05-31 15:26:08 Run:3
Running from d:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKU\Nick\...\Run: [KekjOzofe] => regsvr32.exe "C:\ProgramData\KekjOzofe\CoyegVelfo.mro"
C:\ProgramData\KekjOzofe
2015-05-30 23:30 - 2015-05-30 23:30 - 00000000 ___HD () C:\Users\Nick\AppData\Roaming\466A1A04
2015-05-30 14:09 - 2015-05-31 08:58 - 00000000 __SHD () C:\Users\Nick\AppData\Local\EmieUserList
2015-05-30 14:09 - 2015-05-31 08:58 - 00000000 __SHD () C:\Users\Nick\AppData\Local\EmieSiteList
2015-05-30 14:05 - 2015-05-30 14:07 - 00000000 ____D () C:\ProgramData\KekjOzofe
2015-05-08 06:42 - 2015-05-08 06:42 - 02181358 _____ () C:\Users\Nick\Desktop\HELP_RESTORE_FILES.bmp

*****************

HKU\Nick\Software\Microsoft\Windows\CurrentVersion\Run\\KekjOzofe => value Removed successfully
C:\ProgramData\KekjOzofe => Moved successfully.
C:\Users\Nick\AppData\Roaming\466A1A04 => Moved successfully.
C:\Users\Nick\AppData\Local\EmieUserList => Moved successfully.
C:\Users\Nick\AppData\Local\EmieSiteList => Moved successfully.
"C:\ProgramData\KekjOzofe" => File/Folder not found.
C:\Users\Nick\Desktop\HELP_RESTORE_FILES.bmp => Moved successfully.

==== End of Fixlog 15:26:09 ====


  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it killed the folder and run key, so if it reappears then we are looking at a deep rooted file
  • 0

#22
valleyboy

valleyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 205 posts

Here you go:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Nick (administrator) on NICKSLAPTOP on 31-05-2015 15:28:52
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available Profiles: Nick)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [1008128 2014-04-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/symbaloo_c
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.c...ebhp?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-3762328459-3212051721-594648359-1001 -> DefaultScope {63E2904B-EA60-46EE-BA82-A65CCAC33CBA} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3762328459-3212051721-594648359-1001 -> {19A71D89-8005-4F92-B690-6C8E8FD395BF} URL =
SearchScopes: HKU\S-1-5-21-3762328459-3212051721-594648359-1001 -> {63E2904B-EA60-46EE-BA82-A65CCAC33CBA} URL = https://uk.search.ya...p={searchTerms}
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-02-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [456000 2015-05-06] (Amazon Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-02-26] (Broadcom Corporation.)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-06-30] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-08-05] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-02-26] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7545008 2015-02-26] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 15:27 - 2015-05-31 15:27 - 00000000 __SHD () C:\Users\Nick\AppData\Local\EmieUserList
2015-05-31 15:27 - 2015-05-31 15:27 - 00000000 __SHD () C:\Users\Nick\AppData\Local\EmieSiteList
2015-05-31 11:59 - 2015-05-31 11:59 - 00806816 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\Nick\Downloads\rufus-2.1.exe
2015-05-31 11:09 - 2015-05-31 11:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-05-31 09:08 - 2015-05-31 09:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-31 09:07 - 2015-05-31 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-31 09:07 - 2015-05-31 09:55 - 00000000 ____D () C:\Users\Nick\Desktop\mbar
2015-05-31 09:07 - 2015-05-31 09:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 09:07 - 2015-05-31 09:07 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-30 15:04 - 2015-05-30 15:04 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nick\Desktop\mbar-1.09.1.1004.exe
2015-05-29 22:16 - 2015-05-29 22:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-05-29 15:59 - 2015-05-29 16:00 - 00002164 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2015-05-28 21:50 - 2015-05-29 22:38 - 00024028 _____ () C:\Users\Nick\Desktop\Addition.txt
2015-05-28 21:45 - 2015-05-31 15:28 - 00013143 _____ () C:\Users\Nick\Desktop\FRST.txt
2015-05-28 21:43 - 2015-05-31 15:28 - 00000000 ____D () C:\FRST
2015-05-28 21:20 - 2015-05-28 21:20 - 02108928 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2015-05-20 21:10 - 2015-05-20 21:10 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-08 07:42 - 2015-05-08 07:42 - 00001726 _____ () C:\Users\Nick\Desktop\Save_Files.lnk
2015-05-07 19:39 - 2015-05-08 07:42 - 00247398 _____ () C:\Users\Nick\AppData\Local\log.html
2015-05-07 19:39 - 2015-05-08 07:42 - 00000752 _____ () C:\Users\Nick\AppData\Local\storage.bin
2015-05-06 07:36 - 2015-05-06 07:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-05-05 05:24 - 2015-05-29 18:16 - 00000000 ____D () C:\SUPERDelete
2015-05-05 05:23 - 2015-05-31 09:58 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-05 05:23 - 2015-05-29 18:16 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-05-05 05:23 - 2015-05-05 05:23 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-05-05 05:23 - 2015-05-05 05:23 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2015-05-05 05:23 - 2015-05-05 05:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-05-04 20:11 - 2015-05-04 20:26 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Apple Computer
2015-05-04 20:11 - 2015-05-04 20:11 - 00000000 ____D () C:\Users\Nick\AppData\Local\Apple Computer
2015-05-04 20:09 - 2015-05-04 20:09 - 00001776 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-04 20:09 - 2015-05-04 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-04 20:02 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-05-04 20:00 - 2015-05-29 18:16 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-04 20:00 - 2015-05-04 20:02 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-04 20:00 - 2015-05-04 20:02 - 00000000 ____D () C:\Program Files\iTunes
2015-05-04 20:00 - 2015-05-04 20:00 - 00000000 ____D () C:\Program Files\iPod
2015-05-04 20:00 - 2015-05-04 20:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-04 19:59 - 2015-05-04 19:59 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-04 19:59 - 2015-05-04 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-04 19:59 - 2015-05-04 19:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\Apple
2015-05-04 19:59 - 2015-05-04 19:59 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-04 19:57 - 2015-05-04 20:00 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-04 19:57 - 2015-05-04 19:57 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-04 19:57 - 2015-05-04 19:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-05-04 19:55 - 2015-05-29 18:16 - 00000000 ____D () C:\ProgramData\Apple
2015-05-04 18:59 - 2015-05-29 18:16 - 00000000 ____D () C:\ProgramData\ToshibaEurope
2015-05-04 18:41 - 2015-05-04 18:41 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Mozilla
2015-05-04 18:41 - 2015-05-04 18:41 - 00000000 ____D () C:\Users\Nick\AppData\Local\Mozilla
2015-05-04 18:28 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-05-04 18:21 - 2015-05-29 18:16 - 00000000 ____D () C:\Users\Nick\.swt
2015-05-04 18:21 - 2015-05-04 18:21 - 00001817 _____ () C:\Users\Public\Desktop\Vuze.lnk
2015-05-04 18:21 - 2015-05-04 18:21 - 00001817 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-05-04 18:20 - 2015-05-07 20:55 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Azureus
2015-05-04 18:19 - 2015-05-04 18:20 - 00000000 ____D () C:\Program Files\Vuze
2015-05-04 18:16 - 2015-05-31 10:13 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F9FF822C-0040-496B-AFAC-33AEBC7E4EF4}
2015-05-04 18:15 - 2015-05-04 18:15 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2015-05-04 18:08 - 2015-05-04 18:08 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Macromedia
2015-05-04 18:07 - 2015-05-31 15:27 - 00000000 ___RD () C:\Users\Nick\OneDrive
2015-05-04 18:06 - 2015-05-31 10:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3762328459-3212051721-594648359-1001
2015-05-04 18:05 - 2015-03-03 14:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-04 18:04 - 2015-05-04 18:04 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-04 18:04 - 2015-05-04 18:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-05-04 18:02 - 2015-05-04 18:02 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-04 18:02 - 2015-05-04 18:02 - 00000000 ____D () C:\Users\Nick\AppData\Local\TOSHIBA
2015-05-04 17:59 - 2015-05-04 18:04 - 00000000 ____D () C:\Users\Nick\AppData\Local\Packages
2015-05-04 17:59 - 2015-05-04 17:59 - 00001453 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-04 17:59 - 2015-05-04 17:59 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Adobe
2015-05-04 17:59 - 2015-05-04 17:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\VirtualStore
2015-05-04 17:53 - 2015-05-31 13:57 - 00000000 ____D () C:\Users\Nick
2015-05-04 17:53 - 2015-05-04 17:53 - 00000020 ___SH () C:\Users\Nick\ntuser.ini
2015-05-04 17:53 - 2014-09-10 00:05 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-04 17:53 - 2014-09-09 23:54 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-04 17:53 - 2014-03-18 16:34 - 00000369 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-04 17:53 - 2014-03-18 16:34 - 00000369 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-04 17:53 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-04 17:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 15:27 - 2014-09-10 00:39 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 15:27 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 14:52 - 2015-02-26 01:33 - 00472636 _____ () C:\Users\Public\CAFADEBUG.log
2015-05-31 14:52 - 2015-02-26 01:03 - 02028526 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 14:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-31 14:45 - 2013-08-22 15:46 - 00025898 _____ () C:\Windows\setupact.log
2015-05-31 14:15 - 2014-09-10 00:39 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 13:58 - 2014-05-06 08:45 - 00738132 _____ () C:\Windows\system32\perfh01D.dat
2015-05-31 13:58 - 2014-05-06 08:45 - 00156256 _____ () C:\Windows\system32\perfc01D.dat
2015-05-31 13:58 - 2014-05-06 08:24 - 00454216 _____ () C:\Windows\system32\perfh014.dat
2015-05-31 13:58 - 2014-05-06 08:24 - 00081138 _____ () C:\Windows\system32\perfc014.dat
2015-05-31 13:58 - 2014-05-06 08:03 - 00439822 _____ () C:\Windows\system32\perfh00B.dat
2015-05-31 13:58 - 2014-05-06 08:03 - 00085674 _____ () C:\Windows\system32\perfc00B.dat
2015-05-31 13:58 - 2014-05-06 07:43 - 00469124 _____ () C:\Windows\system32\perfh006.dat
2015-05-31 13:58 - 2014-05-06 07:43 - 00083646 _____ () C:\Windows\system32\perfc006.dat
2015-05-31 13:58 - 2014-03-18 16:25 - 03290732 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-31 13:58 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-31 13:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-31 13:53 - 2014-03-18 09:13 - 00049032 _____ () C:\Windows\PFRO.log
2015-05-31 13:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-31 10:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-31 09:56 - 2013-08-22 15:45 - 00000000 ____D () C:\Windows\Setup
2015-05-29 18:16 - 2015-02-26 01:43 - 00000000 ____D () C:\ProgramData\WildTangent
2015-05-29 18:16 - 2015-02-26 01:33 - 00000000 ____D () C:\ProgramData\Temp
2015-05-29 18:16 - 2015-02-26 01:33 - 00000000 ____D () C:\ProgramData\install_clap
2015-05-29 18:16 - 2015-02-26 01:33 - 00000000 ____D () C:\ProgramData\CyberLink
2015-05-29 18:16 - 2015-02-26 01:14 - 00000000 ____D () C:\ProgramData\SRS Labs
2015-05-29 18:16 - 2015-02-26 01:11 - 00000000 ____D () C:\ProgramData\Conexant
2015-05-29 18:16 - 2015-02-26 01:06 - 00000000 ____D () C:\ProgramData\Intel
2015-05-29 18:16 - 2015-02-26 01:06 - 00000000 ____D () C:\Intel
2015-05-29 18:16 - 2014-09-11 00:40 - 00000000 ____D () C:\Toshiba
2015-05-29 18:16 - 2014-09-10 00:41 - 00000000 ____D () C:\ProgramData\WinZip
2015-05-29 18:16 - 2014-09-10 00:40 - 00000000 ____D () C:\ProgramData\Skype
2015-05-29 18:16 - 2014-09-10 00:25 - 00000000 ____D () C:\ProgramData\TOSHIBA
2015-05-29 16:38 - 2015-02-26 01:36 - 00000000 ____D () C:\Users\Public\CyberLink
2015-05-29 16:38 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-20 21:11 - 2014-09-10 00:39 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-10 14:08 - 2014-09-10 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 19:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-05-04 21:27 - 2015-02-26 01:53 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-04 18:52 - 2015-02-26 01:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-04 18:29 - 2015-02-26 01:53 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-05-04 18:28 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-04 17:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore
2015-05-04 17:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2015-05-07 19:39 - 2015-05-08 07:42 - 0247398 _____ () C:\Users\Nick\AppData\Local\log.html
2015-05-07 19:39 - 2015-05-08 07:42 - 0000752 _____ () C:\Users\Nick\AppData\Local\storage.bin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-31 10:26

==================== End of log ============================


  • 0

#23
valleyboy

valleyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 205 posts

Scan ran much faster that time!


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
And there it was... Gone :)

How is the computer behaving now ?
  • 0

#25
valleyboy

valleyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 205 posts

Phew!

 

Wall that was a bit of a ball ache wasn't it.

 

I haven't rebooted yet but all seems well and the web browser seems to be behaving itself at the moment. Very grateful thank you!

 

There's 116 windows updates waiting to be installed so I should probably get them sorted now that the laptop is running well hey?


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye install the updates, once done let me know how it is behaving and if all is well we will tidy up
  • 0

#27
valleyboy

valleyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 205 posts

Ok, great.


  • 0

#28
valleyboy

valleyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 205 posts

All updates now configured. No major issues but IE really didn't want to start at all, after several attempts it has got itself going and working well though.

 

Not sure if it's related but I uninstalled superantispyware before installing updates etc.


  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now remove my rubbish and then see how the computer behaves

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#30
valleyboy

valleyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 205 posts

Evening, I've just switched the computer on to sort the clean up but something still isn't right with it.

 

All seems well immediately after startup but on running IE a couple of tabs fire up, one blank (was super anti spyware), the other is google which is the default home page. Both of these time-out. If I start a new tab and goto the page for this topic the page doesn't completely load because of a 'long running script'.

 

On top of that, the track pad is playing up and not functioning. 

 

Can you help further please? 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP