Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Trojan/Adware (Coupoon/CinemaPlus)


  • This topic is locked This topic is locked
19 replies to this topic

#1 Ben_Shumate

Ben_Shumate

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 24 May 2015 - 12:34 PM

Yesterday I was messing around with torrents for a game my buddy was telling me about (I deserve this, I know) and something slipped though my McAfee protection. I started getting several pop up ads, my google chrome was replaced by a different app, and my computer had become so slow that I couldn't access the internet. My strategy yesterday was to run McAfee scans and try to uninstall the programs that had been added. The scans detected problems and told me that had been fixed, but there were several programs that I could not uninstall, they would either simply remain in the list or prompt me with more adware. IT is clear to me now that McAfee is not capable of removing this by itself. I was only able to access the internet through Windows 8 safe mode. I am using a Dell laptop.

 

If I could have some help I would appreciate it. Years ago I came here to get help for an infected computer and I got great results. 

 

Thanks,

 

Ben 



BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:35 AM

Posted 24 May 2015 - 07:02 PM

Hi Ben_Shumate,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-
     

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
     

Let's get started....



You need to read this and provide the logs here before we can help you:
 
Preparation guide for use before using malware removal tools and requesting help

Can you tell me if you read this and applied what you can?  Also, is your system a 64bit Windows 8 or ??
 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 Ben_Shumate

Ben_Shumate
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 25 May 2015 - 02:29 PM

I followed the instructions from the page you linked me to. Also, I am running 64 bit windowsarrow-10x10.png 8

 

Here is my FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Ben (administrator) on BENLAPTOP on 25-05-2015 13:15:37
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2918200 2012-09-20] (Synaptics Incorporated)
HKLM\...\Run: [DellWPF] => C:\Program Files\Synaptics\SynTP\DellTouchpad.exe [4875576 2012-09-20] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2015-02-27] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKLM-x32\...\Run: [Hawker] => C:\Program Files (x86)\Hawker\VersionControl.exe [3187520 2015-05-11] (Hawker)
HKLM-x32\...\Run: [gmsd_us_608] => C:\Program Files (x86)\gmsd_us_608\gmsd_us_608.exe [3981768 2015-05-21] ()
HKLM-x32\...\RunOnce: [upgmsd_us_608.exe] => C:\Users\Ben\AppData\Local\gmsd_us_608\upgmsd_us_608.exe [3296712 2015-05-21] ()
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKLM-x32\...\RunOnce: [Update] => C:\Users\Ben\AppData\Roaming\ASPackage\ASPackage.exe /runonce
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\...\Run: [PCPrivacyDock] => "C:\Program Files (x86)\PC Privacy Dock\PCPrivacyDock.exe" /minimized
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\...\Run: [Hawker] => C:\Program Files (x86)\Hawker\VersionControl.exe [3187520 2015-05-11] (Hawker)
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\...\MountPoints2: {9b02d179-e428-11e2-be70-9c2a701e794e} - "E:\ootp16setup.exe" 
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: c:\programdata\flashbeat\flashbeat32.dll => c:\programdata\flashbeat\flashbeat32.dll [809472 2015-05-22] (FlashBeat)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24065&r=2015/05/23&hid=2289565879797771274&lg=EN&cc=US&unqvl=88
SearchScopes: HKU\S-1-5-21-1895326297-792529850-1853505580-1001 -> {62DF8E01-A082-4909-AD7D-1324868C0EDB} URL = 
SearchScopes: HKU\S-1-5-21-1895326297-792529850-1853505580-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24065&r=2015/05/23&hid=2289565879797771274&lg=EN&cc=US&unqvl=88
SearchScopes: HKU\S-1-5-21-1895326297-792529850-1853505580-1001 -> {E9DDAC30-96D0-448C-8F91-76ABEC310C5B} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20150203&p={searchTerms}
BHO: No Name -> {2395B860-45E4-42fd-96E6-50BA597C1C42} ->  No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-08-08] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: No Name -> {2395B860-45E4-42fd-96E6-50BA597C1C42} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: Hawker -> {853130B6-1A29-4D9D-9513-2A461287651E} -> C:\Program Files (x86)\Hawker\Hawker.dll [2015-05-11] (Hawker)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: Edu App 1.0.0.7 -> {ebfbdd44-c0e0-4f63-a8e6-ee5f34765238} -> C:\Program Files (x86)\Edu App\EduAppbho.dll [2015-05-23] (Edu App)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-04-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8F72FDB9-1387-483F-AB29-94CA8FB75A6A}: [NameServer] 82.163.143.131,82.163.142.133
Tcpip\..\Interfaces\{E40A65D0-5F7F-4107-966F-35D2CEC95924}: [NameServer] 82.163.143.131,82.163.142.133
Tcpip\..\Interfaces\{FD2E62C4-5846-4CFB-92BE-FAB75E2E8272}: [NameServer] 82.163.143.131,82.163.142.133
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-03]
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-01-08]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-23]
CHR Extension: (SiteAdvisor) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-04-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
S2 gyrovono; C:\Users\Ben\AppData\Roaming\4C4C4544-1432417875-5810-8047-B8C04F465731\nsiBB23.tmp [166912 2015-05-24] () []
S2 hofuxefu; C:\Users\Ben\AppData\Roaming\4C4C4544-1432417875-5810-8047-B8C04F465731\hnsb74A6.tmp [364032 2015-05-23] () []
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) []
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 josoryzi; C:\Users\Ben\AppData\Roaming\4C4C4544-1432417875-5810-8047-B8C04F465731\jnsh5BFC.tmp [131072 2015-05-23] () []
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 MediaService; C:\Users\Ben\AppData\Roaming\TWV\MediaService.exe [115712 2015-05-21] (eLink Industry, Inc.) []
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S2 Update Edu App; C:\Program Files (x86)\Edu App\updateEduApp.exe [646888 2015-05-24] ()
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-05-24] ()
S2 Util Edu App; C:\Program Files (x86)\Edu App\bin\utilEduApp.exe [646888 2015-05-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros) []
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-07-08] (Disc Soft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-20] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-25 13:15 - 2015-05-25 13:16 - 00021342 _____ () C:\Users\Ben\Desktop\FRST.txt
2015-05-25 13:09 - 2015-05-25 13:15 - 00000000 ____D () C:\FRST
2015-05-25 13:08 - 2015-05-25 13:08 - 02108928 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2015-05-24 11:09 - 2015-05-24 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-24 01:05 - 2015-05-24 11:01 - 00000000 ____D () C:\Program Files (x86)\Edu App
2015-05-24 00:40 - 2015-05-24 00:40 - 00000000 ____D () C:\ProgramData\9075e14000006f7d
2015-05-24 00:34 - 2015-05-24 00:34 - 00000000 ___RD () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-24 00:33 - 2015-05-24 00:33 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-05-24 00:20 - 2015-05-24 00:20 - 00002064 _____ () C:\Users\Ben\Desktop\Continue GamesDesktop Uninstaller.lnk
2015-05-24 00:16 - 2015-05-24 00:18 - 00002308 _____ () C:\Users\Ben\Desktop\Chrome App Launcher.lnk
2015-05-24 00:16 - 2015-05-24 00:16 - 00002118 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-23 18:34 - 2015-05-24 00:40 - 00000000 ____D () C:\Program Files (x86)\Super Optimizer
2015-05-23 18:33 - 2015-05-24 06:33 - 00000356 _____ () C:\windows\Tasks\Periodic Synchronize Task.job
2015-05-23 18:33 - 2015-05-24 06:33 - 00000000 ____D () C:\ProgramData\{38f62c90-0bdc-46f1-38f6-62c900bdb240}
2015-05-23 18:33 - 2015-05-23 18:33 - 00003240 _____ () C:\windows\System32\Tasks\Periodic Synchronize Task
2015-05-23 18:32 - 2015-05-23 18:32 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Desktop Search
2015-05-23 18:32 - 2015-05-23 18:32 - 00000000 ____D () C:\ProgramData\DesktopSearch
2015-05-23 18:26 - 2015-05-24 10:55 - 00000112 _____ () C:\ProgramData\EYKWl04.dat
2015-05-23 18:21 - 2015-05-24 11:01 - 00000000 ____D () C:\ProgramData\abc
2015-05-23 18:20 - 2015-05-24 09:35 - 00000000 ____D () C:\Users\Ben\AppData\Local\gmsd_us_608
2015-05-23 18:20 - 2015-05-23 18:20 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_608
2015-05-23 18:19 - 2015-05-24 01:03 - 00000000 ____D () C:\Program Files (x86)\Coupoon
2015-05-23 18:18 - 2015-05-24 00:50 - 00000000 ____D () C:\Program Files\shopperz
2015-05-23 18:18 - 2015-05-23 18:18 - 00000000 _____ () C:\windows\SysWOW64\Number of results
2015-05-23 17:46 - 2015-05-24 11:00 - 05111555 _____ () C:\windows\SysWOW64\debug.log
2015-05-23 17:28 - 2015-05-24 00:32 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-23 16:41 - 2015-05-23 16:41 - 00003464 _____ () C:\windows\System32\Tasks\Hesnicleori
2015-05-23 16:41 - 2015-05-23 16:41 - 00000000 ____D () C:\ProgramData\Hesnicleori
2015-05-23 16:35 - 2015-05-24 00:21 - 00000045 _____ () C:\user.js
2015-05-23 16:35 - 2015-05-23 16:35 - 00631296 _____ () C:\windows\kyq.dat
2015-05-23 16:35 - 2015-05-23 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-05-23 16:35 - 2015-05-23 16:35 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-23 16:34 - 2015-05-23 17:35 - 00000378 _____ () C:\windows\Tasks\APSnotifierPP1.job
2015-05-23 16:34 - 2015-05-23 16:36 - 00002804 _____ () C:\windows\System32\Tasks\APSnotifierPP1
2015-05-23 16:34 - 2015-05-23 16:34 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-05-23 16:30 - 2015-05-23 16:34 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-05-23 16:30 - 2015-05-23 16:30 - 00000000 __SHD () C:\Users\Ben\AppData\Roaming\AnyProtectEx
2015-05-23 16:29 - 2015-05-24 10:29 - 00003154 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-6.job
2015-05-23 16:29 - 2015-05-24 10:29 - 00002462 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5_user.job
2015-05-23 16:29 - 2015-05-24 10:29 - 00002462 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5.job
2015-05-23 16:29 - 2015-05-23 16:29 - 00006158 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-6
2015-05-23 16:29 - 2015-05-23 16:29 - 00005466 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5
2015-05-23 16:28 - 2015-05-24 10:59 - 00002128 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-10_user.job
2015-05-23 16:28 - 2015-05-24 10:57 - 00005534 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-6.job
2015-05-23 16:28 - 2015-05-24 10:29 - 00003154 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-7.job
2015-05-23 16:28 - 2015-05-24 10:28 - 00005198 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-7.job
2015-05-23 16:28 - 2015-05-24 10:28 - 00004174 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-3.job
2015-05-23 16:28 - 2015-05-23 18:20 - 00000000 ____D () C:\Program Files (x86)\CinemaPlus-3.2cV23.05
2015-05-23 16:28 - 2015-05-23 16:29 - 00006158 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-7
2015-05-23 16:28 - 2015-05-23 16:28 - 00008538 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-6
2015-05-23 16:28 - 2015-05-23 16:28 - 00008202 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-7
2015-05-23 16:28 - 2015-05-23 16:28 - 00007178 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-3
2015-05-23 16:28 - 2015-05-23 16:28 - 00000000 ____D () C:\Program Files (x86)\131a2647-0059-427d-bb99-bafe692d96f9
2015-05-23 16:26 - 2015-05-23 16:26 - 00003218 _____ () C:\windows\System32\Tasks\MaxComputerCleaner_Start
2015-05-23 16:26 - 2015-05-23 16:26 - 00000000 ____D () C:\Users\Ben\Documents\MaxComputerCleaner
2015-05-23 16:26 - 2015-05-23 16:26 - 00000000 ____D () C:\Users\Ben\AppData\Local\Max_Computer_Cleaner
2015-05-23 16:26 - 2015-05-23 16:26 - 00000000 ____D () C:\Users\Ben\AppData\Local\Crossbrowse
2015-05-23 16:23 - 2015-05-24 10:38 - 00000000 ____D () C:\Users\Ben\AppData\Local\SmartWeb
2015-05-23 16:23 - 2015-05-24 01:03 - 00004028 _____ () C:\windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-05-23 16:23 - 2015-05-24 00:32 - 00000346 _____ () C:\windows\Tasks\GPZMERTTIY1.job
2015-05-23 16:23 - 2015-05-23 18:34 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-05-23 16:23 - 2015-05-23 16:23 - 00002860 _____ () C:\windows\System32\Tasks\GPZMERTTIY1
2015-05-23 16:23 - 2015-05-23 16:23 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-23 15:54 - 2015-05-23 15:55 - 00000000 ____D () C:\Users\Ben\AppData\Local\4C4C4544-1432396499-5810-8047-B8C04F465731
2015-05-23 15:54 - 2015-05-23 15:54 - 00003650 _____ () C:\windows\System32\Tasks\IE_ERR4WDR
2015-05-23 15:54 - 2015-05-23 15:54 - 00003626 _____ () C:\windows\System32\Tasks\HDNINSTSCHD
2015-05-23 15:54 - 2015-05-23 15:54 - 00003492 _____ () C:\windows\System32\Tasks\UPDTEXE4_WDR
2015-05-23 15:53 - 2015-05-23 15:57 - 00000000 ____D () C:\Program Files (x86)\Portable WeatherApp
2015-05-23 15:51 - 2015-05-24 10:34 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\4C4C4544-1432417875-5810-8047-B8C04F465731
2015-05-23 15:51 - 2015-05-23 15:51 - 00000000 ____D () C:\Program Files (x86)\app_setup
2015-05-23 15:51 - 2013-08-22 07:25 - 00000824 _____ () C:\windows\system32\Drivers\etc\hp.bak
2015-05-23 15:50 - 2015-05-24 10:54 - 00000165 _____ () C:\windows\verson_hawker.txt
2015-05-23 15:50 - 2015-05-23 16:29 - 00000008 _____ () C:\end
2015-05-23 15:50 - 2015-05-23 15:53 - 00000000 ____D () C:\Users\Ben\Documents\PCPrivacyDock
2015-05-23 15:50 - 2015-05-23 15:50 - 00000000 ____D () C:\Users\Ben\AppData\Local\PC_Privacy_Dock
2015-05-23 15:50 - 2015-05-23 15:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-23 15:50 - 2015-05-23 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hawker
2015-05-23 15:50 - 2015-05-23 15:50 - 00000000 ____D () C:\Program Files (x86)\Hawker
2015-05-23 15:49 - 2015-05-23 15:57 - 00000000 ____D () C:\Program Files (x86)\PCP
2015-05-23 15:48 - 2015-05-23 15:56 - 00000000 ____D () C:\Program Files (x86)\CloudScout Parental Control
2015-05-23 15:47 - 2015-05-23 15:48 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\TWV
2015-05-23 15:46 - 2015-05-23 15:46 - 01546256 _____ (Dummy, Ltd.) C:\Users\Ben\Downloads\out.of.the.park.baseball.15.tinyiso_10924_i11252701_il345.exe
2015-05-23 14:05 - 2015-05-23 14:05 - 00000000 ____D () C:\MATS
2015-05-23 14:04 - 2015-05-23 14:04 - 00347816 _____ (Microsoft Corporation) C:\Users\Ben\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run (1).exe
2015-05-23 14:01 - 2015-05-23 14:01 - 00347816 _____ (Microsoft Corporation) C:\Users\Ben\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe
2015-05-23 13:54 - 2015-05-23 13:55 - 00000000 ____D () C:\Program Files (x86)\PRaIaceMinues
2015-05-23 13:54 - 2015-05-23 13:54 - 00000000 ____D () C:\ProgramData\klgpjkigonepmgippaaaihmmfnjabjhc
2015-05-23 13:52 - 2015-05-23 13:52 - 02050048 _____ () C:\Users\Ben\Downloads\Out of the Park Baseball 16-SKIDROW.exe
2015-05-23 13:50 - 2015-05-23 16:59 - 00000200 _____ () C:\Users\Ben\Downloads\OOTP Baseball PC Cracked Torre Downloader.zip
2015-05-23 12:26 - 2015-05-23 12:27 - 00000000 ____D () C:\Program Files (x86)\Absolute Radio Live Scores
2015-05-23 12:25 - 2015-05-23 12:27 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
2015-05-23 12:25 - 2015-05-23 12:26 - 00000000 ____D () C:\Program Files (x86)\PriceMinus
2015-05-23 12:24 - 2015-05-23 13:54 - 00000000 ____D () C:\ProgramData\494587764422358786
2015-05-23 12:24 - 2015-05-23 12:25 - 00000000 ____D () C:\Program Files (x86)\PriCeMiNuss
2015-05-23 12:24 - 2015-05-23 12:24 - 00000000 ____D () C:\ProgramData\nmlbfokoblpgmnphfpajkenaaoecnjae
2015-05-23 12:23 - 2015-05-24 00:30 - 00000412 _____ () C:\windows\Tasks\Bidaily Synchronize Task[pr].job
2015-05-23 12:23 - 2015-05-24 00:23 - 00000000 ____D () C:\ProgramData\{7ed652d0-e098-0680-7ed6-652d0e094b43}
2015-05-23 12:23 - 2015-05-23 12:23 - 02048512 _____ () C:\Users\Ben\Downloads\Out of the Park Baseball 16 Key Generator.exe
2015-05-23 12:23 - 2015-05-23 12:23 - 00003296 _____ () C:\windows\System32\Tasks\Bidaily Synchronize Task[pr]
2015-05-23 12:10 - 2015-05-23 12:10 - 00000000 ____D () C:\ProgramData\eSellerate
2015-05-23 12:09 - 2015-05-23 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Out of the Park Developments
2015-05-23 12:08 - 2015-05-23 16:16 - 00000000 ____D () C:\Program Files (x86)\Out of the Park Developments
2015-05-23 11:44 - 2015-05-23 11:53 - 00000000 ____D () C:\Users\Ben\Downloads\Out.of.the.Park.Baseball.16-SKIDROW
2015-05-23 11:44 - 2015-05-23 11:44 - 00038875 _____ () C:\Users\Ben\Downloads\Out.of.the.Park.Baseball.16-SKIDROW-[rarbg.com].torrent
2015-05-19 17:12 - 2015-05-19 17:12 - 00196592 _____ () C:\Users\Ben\Documents\transcriptrequest.oxps
2015-05-18 15:53 - 2015-05-18 15:54 - 00009002 _____ () C:\Users\Ben\Downloads\201505172n5fdv
2015-05-16 05:14 - 2015-04-09 18:34 - 02256896 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-16 05:14 - 2015-04-09 18:11 - 01943040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-05-16 05:14 - 2015-04-01 16:22 - 02985984 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
2015-05-16 05:14 - 2015-04-01 16:20 - 04417536 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2015-05-16 05:14 - 2015-03-31 21:45 - 01491456 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll
2015-05-16 05:14 - 2015-03-31 20:31 - 01207296 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll
2015-05-16 05:14 - 2015-03-19 19:56 - 00080384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-05-16 05:14 - 2015-03-17 11:26 - 00467776 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2015-05-16 05:14 - 2015-03-08 20:02 - 00057856 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthhfenum.sys
2015-05-16 05:14 - 2015-03-03 19:32 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Input.Inking.dll
2015-05-16 05:14 - 2015-03-03 19:12 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-16 05:14 - 2015-01-29 18:53 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2015-05-16 05:13 - 2015-04-24 15:32 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-16 05:13 - 2015-04-02 18:35 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\PhotoMetadataHandler.dll
2015-05-16 05:13 - 2015-04-02 18:14 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-16 05:13 - 2015-03-12 22:03 - 00239424 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2015-05-16 05:13 - 2015-03-12 22:03 - 00154432 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2015-05-16 05:13 - 2015-03-12 20:02 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2015-05-16 05:13 - 2015-03-12 19:11 - 02162176 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
2015-05-16 05:13 - 2015-03-12 18:39 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
2015-05-16 05:13 - 2015-03-12 18:29 - 00410017 _____ () C:\windows\system32\ApnDatabase.xml
2015-05-16 05:13 - 2015-03-10 19:49 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-16 05:13 - 2015-03-10 19:09 - 00021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-16 05:13 - 2015-03-05 21:08 - 02067968 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-16 05:13 - 2015-03-05 20:47 - 01696256 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
2015-05-16 05:13 - 2015-03-05 20:43 - 01969664 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-16 05:13 - 2015-03-04 17:09 - 01429504 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-16 05:13 - 2015-02-17 17:19 - 00186368 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2015-05-15 12:40 - 2015-04-30 14:35 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 12:40 - 2015-04-30 14:35 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 10:55 - 2015-04-21 11:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-15 10:55 - 2015-04-21 10:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-15 10:55 - 2015-04-21 10:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-15 10:55 - 2015-04-21 10:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-15 10:55 - 2015-04-21 10:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-15 10:55 - 2015-04-21 10:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-15 10:55 - 2015-04-21 10:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-15 10:55 - 2015-04-21 10:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-15 10:55 - 2015-04-21 10:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-05-15 10:55 - 2015-04-21 10:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-15 10:55 - 2015-04-21 10:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-15 10:55 - 2015-04-21 10:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-15 10:55 - 2015-04-21 10:07 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-05-15 10:55 - 2015-04-21 10:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-15 10:55 - 2015-04-21 10:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-15 10:55 - 2015-04-21 09:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-05-15 10:55 - 2015-04-21 09:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-15 10:55 - 2015-04-21 09:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-05-15 10:55 - 2015-04-21 09:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-15 10:55 - 2015-04-21 09:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-15 10:55 - 2015-04-21 09:49 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-15 10:55 - 2015-04-21 09:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-15 10:55 - 2015-04-21 09:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-15 10:55 - 2015-04-21 09:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-15 10:55 - 2015-04-21 09:37 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-05-15 10:55 - 2015-04-21 09:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-15 10:55 - 2015-04-21 09:32 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-05-15 10:55 - 2015-04-21 09:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-15 10:55 - 2015-04-21 09:28 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-05-15 10:55 - 2015-04-21 09:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-15 10:55 - 2015-04-21 09:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-15 10:55 - 2015-04-21 09:26 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-15 10:55 - 2015-04-21 09:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-15 10:55 - 2015-04-21 09:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-15 10:55 - 2015-04-21 09:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-15 10:55 - 2015-04-21 09:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-15 10:55 - 2015-04-21 09:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-15 10:55 - 2015-04-21 08:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-15 10:55 - 2015-04-21 08:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-15 10:53 - 2015-04-30 17:05 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-15 10:53 - 2015-04-30 16:48 - 00358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-15 10:53 - 2015-04-13 16:48 - 04180480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-15 10:53 - 2015-04-09 19:00 - 01996800 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-15 10:53 - 2015-04-09 18:50 - 01387008 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-15 10:53 - 2015-04-09 18:26 - 01560576 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-15 10:52 - 2015-04-08 16:55 - 00410128 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-15 10:52 - 2015-03-29 23:47 - 00561928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-05-15 10:52 - 2015-03-26 21:27 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-15 10:52 - 2015-03-26 20:50 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-15 10:52 - 2015-03-26 20:48 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-04 18:08 - 2015-05-04 18:16 - 00000000 ____D () C:\Users\Ben\Desktop\Ivy logos
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-24 11:01 - 2014-09-24 01:03 - 00118344 _____ () C:\windows\PFRO.log
2015-05-24 10:59 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-24 10:16 - 2015-01-01 18:36 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{701EA437-274B-4D24-B14C-9B670BDC80A7}
2015-05-24 10:05 - 2013-06-12 14:56 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 10:00 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
2015-05-24 09:51 - 2014-12-18 23:04 - 02035589 _____ () C:\windows\WindowsUpdate.log
2015-05-24 05:40 - 2012-07-26 01:59 - 00000000 ____D () C:\windows\CbsTemp
2015-05-24 00:54 - 2013-06-12 14:58 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1895326297-792529850-1853505580-1001
2015-05-24 00:41 - 2013-01-08 10:31 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-24 00:33 - 2013-06-12 14:56 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 00:31 - 2013-08-22 08:46 - 00323795 _____ () C:\windows\setupact.log
2015-05-24 00:31 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-05-24 00:31 - 2013-01-08 10:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-24 00:16 - 2013-06-12 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-23 19:24 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\GroupPolicy
2015-05-23 17:53 - 2014-09-24 01:15 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-23 16:28 - 2013-01-08 10:33 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-05-23 15:59 - 2013-07-08 21:14 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\BitTorrent
2015-05-23 05:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
2015-05-22 14:15 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-05-21 15:24 - 2013-08-14 01:14 - 00000157 _____ () C:\windows\SysWOW64\SystemPreferences.xml
2015-05-19 14:29 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\rescache
2015-05-19 11:24 - 2014-10-27 19:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-18 15:15 - 2015-02-12 18:53 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-05-18 11:40 - 2014-12-18 22:45 - 00000000 ____D () C:\Users\Ben
2015-05-18 08:31 - 2013-08-22 08:44 - 00492000 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-18 08:31 - 2013-08-01 18:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-18 08:31 - 2013-08-01 18:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-17 23:09 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2015-05-17 23:09 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-16 12:45 - 2013-08-13 18:35 - 00000000 ____D () C:\windows\system32\MRT
2015-05-16 12:41 - 2013-06-17 00:14 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-15 12:37 - 2013-08-01 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 12:34 - 2014-09-24 00:53 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 11:00 - 2013-06-12 14:56 - 00003898 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 11:00 - 2013-06-12 14:56 - 00003662 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 09:14 - 2015-02-12 18:53 - 00003908 _____ () C:\windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-05-05 11:59 - 2014-09-24 03:55 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 11:59 - 2014-09-24 03:55 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-05-23 18:26 - 2015-05-24 10:55 - 0000112 _____ () C:\ProgramData\EYKWl04.dat
2013-01-08 10:27 - 2013-01-08 10:28 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-01-08 10:23 - 2013-01-08 10:24 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-01-08 10:24 - 2013-01-08 10:26 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-01-08 10:23 - 2013-01-08 10:23 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-01-08 10:26 - 2013-01-08 10:27 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Files to move or delete:
====================
C:\ProgramData\EYKWl04.dat
 
 
Some files in TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\3212.exe
C:\Users\Ben\AppData\Local\Temp\5213.exe
C:\Users\Ben\AppData\Local\Temp\5677.exe
C:\Users\Ben\AppData\Local\Temp\8673.exe
C:\Users\Ben\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Ben\AppData\Local\Temp\setup.exe
C:\Users\Ben\AppData\Local\Temp\setup_644.exe
C:\Users\Ben\AppData\Local\Temp\setup_648.exe
C:\Users\Ben\AppData\Local\Temp\setup_649.exe
C:\Users\Ben\AppData\Local\Temp\supoptsetup.exe
C:\Users\Ben\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-18 11:55
 
==================== End of log ============================

Attached Files



#4 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:35 AM

Posted 26 May 2015 - 10:00 PM

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Absolute Radio Live Scores
Amazon Browser App
bestadblocker
CinemaPlus-3.2cV23.05Coupoon version 1.0
Edu App
GamesDesktop 025.608
Google Chrome
SmartWeb
PRaIaceMinues


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>


Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [gmsd_us_608] => C:\Program Files (x86)\gmsd_us_608\gmsd_us_608.exe [3981768 2015-05-21] ()
HKLM-x32\...\RunOnce: [upgmsd_us_608.exe] => C:\Users\Ben\AppData\Local\gmsd_us_608\upgmsd_us_608.exe [3296712 2015-05-21] ()
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM-x32\...\Run: [Hawker] => C:\Program Files (x86)\Hawker\VersionControl.exe [3187520 2015-05-11] (Hawker)
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\...\Run: [Hawker] => C:\Program Files (x86)\Hawker\VersionControl.exe [3187520 2015-05-11] (Hawker)
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\...\MountPoints2: {9b02d179-e428-11e2-be70-9c2a701e794e} - "E:\ootp16setup.exe"
HKU\S-1-5-18\...\Run: [] => [X]
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: c:\programdata\flashbeat\flashbeat32.dll => c:\programdata\flashbeat\flashbeat32.dll [809472 2015-05-22] (FlashBeat)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24065&r=2015/05/23&hid=2289565879797771274&lg=EN&cc=US&unqvl=88
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24065&r=2015/05/23&hid=2289565879797771274&lg=EN&cc=US&unqvl=88
SearchScopes: HKU\S-1-5-21-1895326297-792529850-1853505580-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3334188&octid=EB_ORIGINAL_CTID&ISID=I80D4FDCA-7D4E-4FB8-BFD1-CBE49B9A42F4&SearchSource=58&CUI=&UM=8&UP=SP90B9ADAD-1EAD-4C5F-AA9F-098A9674DF8C&D=052415&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1895326297-792529850-1853505580-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3334188&octid=EB_ORIGINAL_CTID&ISID=I80D4FDCA-7D4E-4FB8-BFD1-CBE49B9A42F4&SearchSource=58&CUI=&UM=8&UP=SP90B9ADAD-1EAD-4C5F-AA9F-098A9674DF8C&D=052415&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1895326297-792529850-1853505580-1001 -> {62DF8E01-A082-4909-AD7D-1324868C0EDB} URL =
SearchScopes: HKU\S-1-5-21-1895326297-792529850-1853505580-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24065&r=2015/05/23&hid=2289565879797771274&lg=EN&cc=US&unqvl=88
BHO: No Name -> {2395B860-45E4-42fd-96E6-50BA597C1C42} -> No File
BHO-x32: No Name -> {2395B860-45E4-42fd-96E6-50BA597C1C42} -> No File
BHO-x32: Hawker -> {853130B6-1A29-4D9D-9513-2A461287651E} -> C:\Program Files (x86)\Hawker\Hawker.dll [2015-05-11] (Hawker)
BHO-x32: Edu App 1.0.0.7 -> {ebfbdd44-c0e0-4f63-a8e6-ee5f34765238} -> C:\Program Files (x86)\Edu App\EduAppbho.dll [2015-05-23] (Edu App)
Tcpip\..\Interfaces\{8F72FDB9-1387-483F-AB29-94CA8FB75A6A}: [NameServer] 82.163.143.131,82.163.142.133
Tcpip\..\Interfaces\{E40A65D0-5F7F-4107-966F-35D2CEC95924}: [NameServer] 82.163.143.131,82.163.142.133
Tcpip\..\Interfaces\{FD2E62C4-5846-4CFB-92BE-FAB75E2E8272}: [NameServer] 82.163.143.131,82.163.142.133
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 gyrovono; C:\Users\Ben\AppData\Roaming\4C4C4544-1432417875-5810-8047-B8C04F465731\nsiBB23.tmp [166912 2015-05-24] () []
S2 hofuxefu; C:\Users\Ben\AppData\Roaming\4C4C4544-1432417875-5810-8047-B8C04F465731\hnsb74A6.tmp [364032 2015-05-23] () []
S2 josoryzi; C:\Users\Ben\AppData\Roaming\4C4C4544-1432417875-5810-8047-B8C04F465731\jnsh5BFC.tmp [131072 2015-05-23] () []
S2 MediaService; C:\Users\Ben\AppData\Roaming\TWV\MediaService.exe [115712 2015-05-21] (eLink Industry, Inc.) []
S2 Update Edu App; C:\Program Files (x86)\Edu App\updateEduApp.exe [646888 2015-05-24] ()
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-05-24] ()
S2 Util Edu App; C:\Program Files (x86)\Edu App\bin\utilEduApp.exe [646888 2015-05-24] ()
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
Task: {012CA3ED-874E-4FBC-9B05-B3A2334D1BB8} - System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-10.exe [2015-05-23] (Cinema PlusV23.05) <==== ATTENTION
Task: {02147CF1-CE58-4796-ABCE-E48CBE4A260D} - System32\Tasks\Hesnicleori => C:\ProgramData\Hesnicleori\1.0.1.0\ibokniir.exe [2015-05-23] ()
Task: {1143206A-F7EF-4E15-9715-9976472C6C31} - System32\Tasks\HDNINSTSCHD => C:\windows\PCBHDNW\hdnInstaller.exe
Task: {14AB3289-6E0C-4E4C-BFFB-10DECEA771FE} - System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-6 => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-6.exe [2015-05-23] (Cinema PlusV23.05) <==== ATTENTION
Task: {1E95A819-7EA7-4B5F-948D-97343A74C9A1} - System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-6.exe <==== ATTENTION
Task: {2010F97E-EDBD-4FE9-9D2F-6964470FE5C6} - System32\Tasks\MaxComputerCleaner_Start => C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe
Task: {34F8AE2E-34E1-40F0-9C63-5BD4DDE31729} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{7ed652d0-e098-0680-7ed6-652d0e094b43}\out of the park baseball 16 key generator.exe [2014-05-23] () <==== ATTENTION
Task: {3ABB38EF-DA19-4E40-8C09-3F39EBC80FDE} - System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-7.exe <==== ATTENTION
Task: {79AE4519-008E-4B2B-B89A-78025AF6B2E2} - System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-3 => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-3.exe <==== ATTENTION
Task: {97A5E936-0DF1-4816-AF7D-3833E231AC19} - System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-7 => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-7.exe <==== ATTENTION
Task: {98F22945-0B1B-4FA2-A3F4-0E202C21E7D6} - System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5.exe <==== ATTENTION
Task: {A22A7C3E-F9C5-434D-A651-37F5C9BA2950} - System32\Tasks\Periodic Synchronize Task => c:\programdata\{38f62c90-0bdc-46f1-38f6-62c900bdb240}\hqghumeaylnlf.exe [2014-05-23] (Super PC Tools Ltd)
Task: {B7DB4C2E-A431-42E7-8595-9DF39201FFC6} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe
Task: {B879DD3F-0B9F-407E-957B-5D71AF89C984} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Ben\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {C1009520-202D-4D89-9017-5E7F724A4A63} - System32\Tasks\GPZMERTTIY1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-05-22] (FlashBeat) <==== ATTENTION
Task: {D4FEA70E-331A-4491-8E5C-207125E6BBD3} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe
Task: {DEB33CCF-6B65-4CFE-A782-8344AA292F2A} - System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5 => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5.exe <==== ATTENTION
Task: {FBCBFF85-0C55-4C35-BA0E-065E37A0334A} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-24] (AnyProtect.com) <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{7ed652d0-e098-0680-7ed6-652d0e094b43}\out of the park baseball 16 key generator.exe <==== ATTENTION
Task: C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-6.exe <==== ATTENTION
Task: C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-7.exe <==== ATTENTION
Task: C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-10.exe <==== ATTENTION
Task: C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-3.exe <==== ATTENTION
Task: C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5.exe <==== ATTENTION
Task: C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5.exe <==== ATTENTION
Task: C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-6.exe <==== ATTENTION
Task: C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV23.05\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-7.exe <==== ATTENTION
Task: C:\windows\Tasks\GPZMERTTIY1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\windows\Tasks\Periodic Synchronize Task.job => c:\programdata\{38f62c90-0bdc-46f1-38f6-62c900bdb240}\hqghumeaylnlf.exe
FirewallRules: [{50CA6EDD-2ED6-46BC-8541-C989519249B0}] => (Allow) C:\Users\Ben\AppData\Roaming\TWV\TWV.exe
FirewallRules: [{E4574F56-8611-4BCA-9AF4-19650808BBCC}] => (Allow) C:\Users\Ben\AppData\Roaming\TWV\upd.exe
2015-05-24 01:05 - 2015-05-24 11:01 - 00000000 ____D () C:\Program Files (x86)\Edu App
2015-05-23 18:34 - 2015-05-24 00:40 - 00000000 ____D () C:\Program Files (x86)\Super Optimizer
2015-05-23 18:33 - 2015-05-24 06:33 - 00000356 _____ () C:\windows\Tasks\Periodic Synchronize Task.job
2015-05-23 18:33 - 2015-05-24 06:33 - 00000000 ____D () C:\ProgramData\{38f62c90-0bdc-46f1-38f6-62c900bdb240}
2015-05-23 18:33 - 2015-05-23 18:33 - 00003240 _____ () C:\windows\System32\Tasks\Periodic Synchronize Task
2015-05-23 18:32 - 2015-05-23 18:32 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Desktop Search
2015-05-23 18:32 - 2015-05-23 18:32 - 00000000 ____D () C:\ProgramData\DesktopSearch
2015-05-23 18:26 - 2015-05-24 10:55 - 00000112 _____ () C:\ProgramData\EYKWl04.dat
2015-05-23 18:21 - 2015-05-24 11:01 - 00000000 ____D () C:\ProgramData\abc
2015-05-23 18:20 - 2015-05-24 09:35 - 00000000 ____D () C:\Users\Ben\AppData\Local\gmsd_us_608
2015-05-23 18:20 - 2015-05-23 18:20 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_608
2015-05-23 18:19 - 2015-05-24 01:03 - 00000000 ____D () C:\Program Files (x86)\Coupoon
2015-05-23 18:18 - 2015-05-24 00:50 - 00000000 ____D () C:\Program Files\shopperz
2015-05-23 18:18 - 2015-05-23 18:18 - 00000000 _____ () C:\windows\SysWOW64\Number of results
2015-05-23 16:35 - 2015-05-23 16:35 - 00631296 _____ () C:\windows\kyq.dat
2015-05-23 16:35 - 2015-05-23 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-05-23 16:35 - 2015-05-23 16:35 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-23 16:34 - 2015-05-23 17:35 - 00000378 _____ () C:\windows\Tasks\APSnotifierPP1.job
2015-05-23 16:34 - 2015-05-23 16:36 - 00002804 _____ () C:\windows\System32\Tasks\APSnotifierPP1
2015-05-23 16:34 - 2015-05-23 16:34 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-05-23 16:30 - 2015-05-23 16:34 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-05-23 16:30 - 2015-05-23 16:30 - 00000000 __SHD () C:\Users\Ben\AppData\Roaming\AnyProtectEx
2015-05-23 16:29 - 2015-05-24 10:29 - 00003154 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-6.job
2015-05-23 16:29 - 2015-05-24 10:29 - 00002462 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5_user.job
2015-05-23 16:29 - 2015-05-24 10:29 - 00002462 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5.job
2015-05-23 16:29 - 2015-05-23 16:29 - 00006158 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-6
2015-05-23 16:29 - 2015-05-23 16:29 - 00005466 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-5
2015-05-23 16:28 - 2015-05-24 10:59 - 00002128 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-10_user.job
2015-05-23 16:28 - 2015-05-24 10:57 - 00005534 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-6.job
2015-05-23 16:28 - 2015-05-24 10:29 - 00003154 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-7.job
2015-05-23 16:28 - 2015-05-24 10:28 - 00005198 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-7.job
2015-05-23 16:28 - 2015-05-24 10:28 - 00004174 _____ () C:\windows\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-3.job
2015-05-23 16:28 - 2015-05-23 18:20 - 00000000 ____D () C:\Program Files (x86)\CinemaPlus-3.2cV23.05
2015-05-23 16:28 - 2015-05-23 16:29 - 00006158 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-1-7
2015-05-23 16:28 - 2015-05-23 16:28 - 00008538 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-6
2015-05-23 16:28 - 2015-05-23 16:28 - 00008202 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-7
2015-05-23 16:28 - 2015-05-23 16:28 - 00007178 _____ () C:\windows\System32\Tasks\c134f716-a21a-4b0d-a4d0-d32b7b1ca543-3
2015-05-23 16:28 - 2015-05-23 16:28 - 00000000 ____D () C:\Program Files (x86)\131a2647-0059-427d-bb99-bafe692d96f9
2015-05-23 16:26 - 2015-05-23 16:26 - 00003218 _____ () C:\windows\System32\Tasks\MaxComputerCleaner_Start
2015-05-23 16:26 - 2015-05-23 16:26 - 00000000 ____D () C:\Users\Ben\Documents\MaxComputerCleaner
2015-05-23 16:26 - 2015-05-23 16:26 - 00000000 ____D () C:\Users\Ben\AppData\Local\Max_Computer_Cleaner
2015-05-23 16:26 - 2015-05-23 16:26 - 00000000 ____D () C:\Users\Ben\AppData\Local\Crossbrowse
2015-05-23 16:23 - 2015-05-24 10:38 - 00000000 ____D () C:\Users\Ben\AppData\Local\SmartWeb
2015-05-23 16:23 - 2015-05-24 01:03 - 00004028 _____ () C:\windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-05-23 16:23 - 2015-05-24 00:32 - 00000346 _____ () C:\windows\Tasks\GPZMERTTIY1.job
2015-05-23 16:23 - 2015-05-23 18:34 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-05-23 16:23 - 2015-05-23 16:23 - 00002860 _____ () C:\windows\System32\Tasks\GPZMERTTIY1
2015-05-23 16:23 - 2015-05-23 16:23 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-23 15:54 - 2015-05-23 15:55 - 00000000 ____D () C:\Users\Ben\AppData\Local\4C4C4544-1432396499-5810-8047-B8C04F465731
2015-05-23 15:54 - 2015-05-23 15:54 - 00003650 _____ () C:\windows\System32\Tasks\IE_ERR4WDR
2015-05-23 15:54 - 2015-05-23 15:54 - 00003626 _____ () C:\windows\System32\Tasks\HDNINSTSCHD
2015-05-23 15:54 - 2015-05-23 15:54 - 00003492 _____ () C:\windows\System32\Tasks\UPDTEXE4_WDR
2015-05-23 15:53 - 2015-05-23 15:57 - 00000000 ____D () C:\Program Files (x86)\Portable WeatherApp
2015-05-23 15:51 - 2015-05-24 10:34 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\4C4C4544-1432417875-5810-8047-B8C04F465731
2015-05-23 15:51 - 2015-05-23 15:51 - 00000000 ____D () C:\Program Files (x86)\app_setup
2015-05-23 15:51 - 2013-08-22 07:25 - 00000824 _____ () C:\windows\system32\Drivers\etc\hp.bak
2015-05-23 15:50 - 2015-05-24 10:54 - 00000165 _____ () C:\windows\verson_hawker.txt
2015-05-23 15:50 - 2015-05-23 16:29 - 00000008 _____ () C:\end
2015-05-23 15:50 - 2015-05-23 15:53 - 00000000 ____D () C:\Users\Ben\Documents\PCPrivacyDock
2015-05-23 15:50 - 2015-05-23 15:50 - 00000000 ____D () C:\Users\Ben\AppData\Local\PC_Privacy_Dock
2015-05-23 15:50 - 2015-05-23 15:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-23 15:50 - 2015-05-23 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hawker
2015-05-23 15:50 - 2015-05-23 15:50 - 00000000 ____D () C:\Program Files (x86)\Hawker
2015-05-23 15:49 - 2015-05-23 15:57 - 00000000 ____D () C:\Program Files (x86)\PCP
2015-05-23 15:48 - 2015-05-23 15:56 - 00000000 ____D () C:\Program Files (x86)\CloudScout Parental Control
2015-05-23 15:47 - 2015-05-23 15:48 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\TWV
2015-05-23 15:46 - 2015-05-23 15:46 - 01546256 _____ (Dummy, Ltd.) C:\Users\Ben\Downloads\out.of.the.park.baseball.15.tinyiso_10924_i11252701_il345.exe
2015-05-23 13:54 - 2015-05-23 13:55 - 00000000 ____D () C:\Program Files (x86)\PRaIaceMinues
2015-05-23 13:54 - 2015-05-23 13:54 - 00000000 ____D () C:\ProgramData\klgpjkigonepmgippaaaihmmfnjabjhc
2015-05-23 13:52 - 2015-05-23 13:52 - 02050048 _____ () C:\Users\Ben\Downloads\Out of the Park Baseball 16-SKIDROW.exe
2015-05-23 13:50 - 2015-05-23 16:59 - 00000200 _____ () C:\Users\Ben\Downloads\OOTP Baseball PC Cracked Torre Downloader.zip
2015-05-23 12:26 - 2015-05-23 12:27 - 00000000 ____D () C:\Program Files (x86)\Absolute Radio Live Scores
2015-05-23 12:25 - 2015-05-23 12:27 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
2015-05-23 12:25 - 2015-05-23 12:26 - 00000000 ____D () C:\Program Files (x86)\PriceMinus
2015-05-23 12:24 - 2015-05-23 13:54 - 00000000 ____D () C:\ProgramData\494587764422358786
2015-05-23 12:24 - 2015-05-23 12:25 - 00000000 ____D () C:\Program Files (x86)\PriCeMiNuss
2015-05-23 12:24 - 2015-05-23 12:24 - 00000000 ____D () C:\ProgramData\nmlbfokoblpgmnphfpajkenaaoecnjae
2015-05-23 12:23 - 2015-05-24 00:30 - 00000412 _____ () C:\windows\Tasks\Bidaily Synchronize Task[pr].job
2015-05-23 12:23 - 2015-05-24 00:23 - 00000000 ____D () C:\ProgramData\{7ed652d0-e098-0680-7ed6-652d0e094b43}
2015-05-23 12:23 - 2015-05-23 12:23 - 02048512 _____ () C:\Users\Ben\Downloads\Out of the Park Baseball 16 Key Generator.exe
2015-05-23 12:23 - 2015-05-23 12:23 - 00003296 _____ () C:\windows\System32\Tasks\Bidaily Synchronize Task[pr]
2015-05-23 12:10 - 2015-05-23 12:10 - 00000000 ____D () C:\ProgramData\eSellerate
2015-05-23 12:09 - 2015-05-23 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Out of the Park Developments
2015-05-23 12:08 - 2015-05-23 16:16 - 00000000 ____D () C:\Program Files (x86)\Out of the Park Developments
2015-05-23 11:44 - 2015-05-23 11:53 - 00000000 ____D () C:\Users\Ben\Downloads\Out.of.the.Park.Baseball.16-SKIDROW
2015-05-23 11:44 - 2015-05-23 11:44 - 00038875 _____ () C:\Users\Ben\Downloads\Out.of.the.Park.Baseball.16-SKIDROW-[rarbg.com].torrent
2015-05-18 15:53 - 2015-05-18 15:54 - 00009002 _____ () C:\Users\Ben\Downloads\201505172n5fdv
2015-05-23 18:26 - 2015-05-24 10:55 - 0000112 _____ () C:\ProgramData\EYKWl04.dat
C:\Users\Ben\AppData\Local\Temp\3212.exe
C:\Users\Ben\AppData\Local\Temp\5213.exe
C:\Users\Ben\AppData\Local\Temp\5677.exe
C:\Users\Ben\AppData\Local\Temp\8673.exe
C:\Users\Ben\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Ben\AppData\Local\Temp\setup.exe
C:\Users\Ben\AppData\Local\Temp\setup_644.exe
C:\Users\Ben\AppData\Local\Temp\setup_648.exe
C:\Users\Ben\AppData\Local\Temp\setup_649.exe
C:\Users\Ben\AppData\Local\Temp\supoptsetup.exe
C:\Users\Ben\AppData\Local\Temp\Uninstall.exe
C:\ProgramData\Hesnicleori
C:\windows\PCBHDNW
C:\Program Files (x86)\Max Computer Cleaner
c:\programdata\{7ed652d0-e098-0680-7ed6-652d0e094b43}
C:\Program Files (x86)\CinemaPlus-3.2cV23.05
c:\programdata\{38f62c90-0bdc-46f1-38f6-62c900bdb240}
C:\Program Files (x86)\Portable WeatherApp
C:\Users\Ben\AppData\Local\SmartWeb
C:\ProgramData\FlashBeat
C:\Program Files (x86)\AnyProtectEx
C:\Windows\system32\DRIVERS\btath_lwflt.sys
C:\Windows\system32\drivers\cherimoya.sys
C:\Windows\system32\drivers\innfd_1_10_0_14.sys
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

Chrome -> The malware has changed the version of Chrome to a less secure type. The only way to fix this is to uninstall Chrome and re-install it.

64 bit: Reboot your machine and then go to [a href="http://www.google.com/chrome/eula.html?standalone=1&platform=win64"]here[/a] and download a fresh installer for Chrome.

Double click on the downloaded file to install the latest version of Chrome. Your settings and extensions should be added automatically; please let me know if there are any errors with this.
 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#5 Ben_Shumate

Ben_Shumate
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 27 May 2015 - 12:30 AM

I'm still having trouble uninstalling all of the programs listed in your first step. Cinema plus prompts me with a window giving me the option to uninstall or uninstall and install another program. The option to simply uninstall does not remove the program from my list. Now it looks like a few other programs (search protect, infonaut, eppink, reimage protector) have been added to list after having uninstalled the ones you asked for. I haven't moved on to the second step because I still have cinemaplus installed.

Thanks

#6 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:35 AM

Posted 27 May 2015 - 02:00 AM

Try and run the uninstallers BUT do not get hung up on them not working properly.  Most malware is poorly written when it comes to the installer / uninstaller part. 

 

Try the uninstall; if it works, good; if not, move to the next one on the list. 

 

When you are done with the list, move on to the second part instruction (Fixlist script run).  The Fixlist script will handle the malware even if the uninstall did not.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#7 Ben_Shumate

Ben_Shumate
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 27 May 2015 - 09:14 AM

I"m having trouble pasting the fixlog in to the comment box. It causes the page to crash in both the new version of chrome and internet explorer. I attached the fixlog.txt instead of pasting it, I hope that works too.

 

Thanks

Attached Files



#8 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:35 AM

Posted 27 May 2015 - 09:44 AM

Yes, that was a fairly large Fixlog file.  You did fine in attaching it.
 
Can you boot the system into normal mode now?
 


AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#9 Ben_Shumate

Ben_Shumate
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 27 May 2015 - 12:24 PM

Normal mode seems to be working a little better now 

 

here is the log from the adwcleaner:

 

# AdwCleaner v4.205 - Logfile created 27/05/2015 at 11:16:25
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Ben - BENLAPTOP
# Running from : C:\Users\Ben\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : CltMngSvc
[#] Service Deleted : ReimageRealTimeProtector
Service Deleted : SPPD
[#] Service Deleted : innfd_1_10_0_14
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Reimage Protector
Folder Deleted : C:\ProgramData\9075e14000006f7d
Folder Deleted : C:\Program Files (x86)\LinkSwift
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Infonaut_1.10.0.14
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\Program Files\Reimage
Folder Deleted : C:\Users\Ben\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Ben\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
File Deleted : C:\windows\apppatch\apppatch64\vcldr64.dll
File Deleted : C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Deleted : C:\windows\AppPatch\nbin\VC32Loader.dll
File Deleted : C:\windows\Reimage.ini
File Deleted : C:\windows\System32\drivers\SPPD.sys
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.linkswift.co_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.linkswift.co_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.linkswift.co_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.linkswift.co_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.linkswift.co_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : ReimageUpdater
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKCU\Software\Classes\PepperZip
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PCPrivacyDock]
Key Deleted : HKLM\SOFTWARE\10a7999f-260d-7e23-1da9-62ef35a05f76
Key Deleted : HKLM\SOFTWARE\c6bb0217-dc00-463b-9dd6-681ffcd425ee
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\GAMESDESKTOP
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKCU\Software\Crossbrowse
Key Deleted : HKCU\Software\YorkNewCin
Key Deleted : HKCU\Software\HighDefAction
Key Deleted : HKCU\Software\ArenaHD
Key Deleted : HKCU\Software\MaxComputerCleanerLanguage
Key Deleted : HKCU\Software\Hawker
Key Deleted : HKCU\Software\PCPrivacyDockLanguage
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\LinkSwift
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\coupoon
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\HighDefAction
Key Deleted : HKLM\SOFTWARE\ArenaHD
Key Deleted : HKLM\SOFTWARE\Hawker
Key Deleted : HKLM\SOFTWARE\Infonaut_1.10.0.14
Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Infonaut_1.10.0.14
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v43.0.2357.81
 
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=21689&r=2015/05/23&hid=2289565879797771274&lg=EN&cc=US&unqvl=88
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333529&octid=EB_ORIGINAL_CTID&ISID=MF5A613C7-A26F-4018-A4C7-63D5AB5FBF19&SearchSource=58&CUI=&UM=8&UP=SPF1B6057B-A140-4C78-B7BE-B9D68AC33DE0&D=052715&q={searchTerms}&SSPV=SP22340TA_sp_ch
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3333529&octid=EB_ORIGINAL_CTID&ISID=MF5A613C7-A26F-4018-A4C7-63D5AB5FBF19&SearchSource=55&CUI=&UM=8&UP=SPF1B6057B-A140-4C78-B7BE-B9D68AC33DE0&D=052715&SSPV=SP22340TA_sp_ch
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 2294608A106762E8710123F60063A6F1D08DC2B4BC475953C69D1B206A302CBE"},"software_reporter":{"prompt_reason":"0C4D5735108CFD451738905489FF66A8C813E3FD023D69DF98DCD22FCE2C9AD0","prompt_seed":"CB899A9B126FD3ABCF184241CBEA8B8F88C8D42841A46E61D695041AEC481FFC","prompt_version":"02D81C3995118E415FF6B9DB9B7119C367848C114F138FD73A52F496C790135A"},"sync":{"remaining_rollback_tries":"289920CAD8EBE551EA475212A97D66B533CAB46668398BA2586B19F24E392C7E"}},"super_mac":"83FE49281DA03C87ECD6F96B9DBBA6EDBF30C35761419CC2ED51EB6E89F4CEDB"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3333529&octid=EB_ORIGINAL_CTID&ISID=MF5A613C7-A26F-4018-A4C7-63D5AB5FBF19&SearchSource=55&CUI=&UM=8&UP=SPF1B6057B-A140-4C78-B7BE-B9D68AC33DE0&D=052715&SSPV=SP22340TA_sp_ch
 
*************************
 
AdwCleaner[R0].txt - [11259 bytes] - [27/05/2015 11:14:06]
AdwCleaner[S0].txt - [10731 bytes] - [27/05/2015 11:16:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10791  bytes] ##########
 


#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:35 AM

Posted 27 May 2015 - 05:53 PM

You may have to disable McAfee just to get this installed (just to warn you ahead of time); please install only the Free version as this will not interfer with the running of McAfee.


Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from here .

Double Click on the mbam-setup.exe file to install the application.

Do not check on the Trial of Professional version. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"
Detection%20Settings_zpsaviydqil.png

Once the settings have been configured, select the Dashboard tab to return to the Main screen and select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.
mbam21-scaninprogress_zps38w26yvt.jpg

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

Please make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
386d1e7f-0e85-4425-b4dc-fa8ad24a4855_zps

The report screen will open.
a50e2fb7-0c07-4ff6-917c-19e7329dab8a_zps

At the bottom click on Export and select as txt file, save the file to your desktop and click OK. When the export is complete, select OPEN.
ExportSaved_zpsac3a71eb.png

The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 Ben_Shumate

Ben_Shumate
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 28 May 2015 - 11:55 AM

Here us my MBAM  log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/28/2015
Scan Time: 10:06:36 AM
Logfile: mbamlog.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.28.05
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ben
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374543
Time Elapsed: 38 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 15
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [43c287124446e4521fd6b5b24eb7bc44], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [0302cfca4f3b241246ae6ef9679e30d0], 
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV23.05, Quarantined, [53b2178257331c1af60e22d6c43fb54b], 
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV23.05-nv, Quarantined, [917421782e5cba7caa5a698f2ed52cd4], 
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV23.05-nv-ie, Quarantined, [09fcd1c8a2e8aa8ca85c8c6c0bf830d0], 
PUP.Optional.GigaClicks.C, HKLM\SOFTWARE\WOW6432NODE\GigaClicks, Quarantined, [b2533a5f07835fd74be9875cc24120e0], 
PUP.Optional.MonsterSavings.A, HKLM\SOFTWARE\WOW6432NODE\Monster Savings, Quarantined, [32d33267701abc7a0ffb080e15ef34cc], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [927377223258ce68a8f94a97a55e936d], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, Quarantined, [1fe6dbbed3b72b0b06c5ed8db94c5ea2], 
PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INSVC_1.10.0.14, Quarantined, [1ee7c6d338521e1835ae502820e5a957], 
PUP.Optional.Shopperz.A, HKU\S-1-5-19\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [0ef712873b4f9e986e571acdf0136b95], 
PUP.Optional.Shopperz.A, HKU\S-1-5-20\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [a36211882d5dc5710cb93cab3bc81fe1], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1895326297-792529850-1853505580-1001\SOFTWARE\CinemaPlus-3.2cV23.05, Quarantined, [c73eb7e2642693a31de8c632b74c9f61], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1895326297-792529850-1853505580-1001\SOFTWARE\CinemaPlus-3.2cV23.05-nv, Quarantined, [867fcacf197151e5cb3ad5234ab97e82], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1895326297-792529850-1853505580-1001\SOFTWARE\CinemaPlus-3.2cV23.05-nv-ie, Quarantined, [bd48b0e990fa1f1745c024d454afae52], 
 
Registry Values: 1
PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\insvc_1.10.0.14|ImagePath, "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe", Quarantined, [1ee7c6d338521e1835ae502820e5a957]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 4
PUP.Optional.MultiPlug.Gen, C:\Users\Ben\AppData\Roaming\4C4C4544-1432703535-5810-8047-B8C04F465731, Quarantined, [6e9718817515f24413e775fe35d09c64], 
PUP.Optional.MonsterSavings.A, C:\Users\Ben\AppData\Local\Monster Savings, Quarantined, [60a53e5b1d6d96a0be837548c2419a66], 
PUP.Optional.SearchProtect.A, C:\Users\Ben\AppData\Local\avabvbxvh, Quarantined, [8e77782126640e286f88766314eff40c], 
PUP.Optional.Trovi.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.trovi.com_0, Quarantined, [9b6a8c0db6d4d363a037588329daa25e], 
 
Files: 26
PUP.Optional.Nova.A, C:\Program Files (x86)\Amazon\1023bfc7-1f9d-47a4-8b6a-95fcd76ff382.dll, Quarantined, [fa0b3e5b652536006c29cc4771918b75], 
PUP.Optional.FullSpectrumAdmin, C:\Users\Ben\Downloads\uplayermediaplayer-setup.exe, Quarantined, [a263badf0b7f6accfdf606c4a263b54b], 
PUP.Downware, C:\Users\Ben\Downloads\video-media-download_setup (1).exe, Quarantined, [ca3b4e4bacdea88efa1893a8c73a31cf], 
PUP.Downware, C:\Users\Ben\Downloads\video-media-download_setup.exe, Quarantined, [fe07cdccee9c6bcba072a794f60bdd23], 
PUP.Optional.IBryte.A, C:\Users\Ben\Downloads\Chrome_Setup.exe, Quarantined, [27de732614760630927589b4ac55d030], 
MSIL.Solimba, C:\Users\Ben\Downloads\PluginInstall.exe, Quarantined, [4bbabbde1575d660eb4e4909e41dab55], 
PUP.Optional.OpenCandy, C:\Users\Ben\Downloads\DTLite4471-0335.exe, Quarantined, [b5508a0f37530c2a202188ccf4129f61], 
PUP.Optional.OpenCandy, C:\Users\Ben\Downloads\PhotoScape_V3.6.5.exe, Quarantined, [52b35049395174c259e8173d0ff703fd], 
PUP.Optional.SearchProtect, C:\Users\Ben\AppData\Local\avabvbxvh\avabvbxvh.exe, Quarantined, [32d3c3d6a0ea270f9d161f00dd25d12f], 
PUP.Optional.SearchProtect.A, C:\Users\Ben\AppData\Local\avabvbxvh\pbqrmvbub, Quarantined, [4cb9b8e1e0aa56e00ff9b30e867b48b8], 
PUP.Optional.SndVol.A, C:\Windows\SysWOW64\config\systemprofile\sndvol.exe, Quarantined, [7b8a3168f892f93d4bbea13fe51e51af], 
PUP.Optional.PricePeep.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Quarantined, [34d1b5e47812072f0bf2ce120ff4ba46], 
PUP.Optional.PricePeep.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [2dd8dabf32585dd90df0d50b778c8779], 
PUP.Optional.SearchProtect.A, C:\Windows\Tasks\avabvbxvh.job, Quarantined, [51b4772263270e28e5117c6e53b07d83], 
PUP.Optional.BoostSaves.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Quarantined, [2fd65b3e96f451e538c1787cae559a66], 
PUP.Optional.BoostSaves.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Quarantined, [10f56d2c69216acc54a5668e12f1649c], 
PUP.Optional.AZLyrics.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [7d884d4c94f6f5412231886e2cd77c84], 
PUP.Optional.AZLyrics.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [d332fa9f9ceed561510224d22ad9cd33], 
PUP.Optional.CrossRider.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pcbcdbngpmilkbmlmpdpkbloinghfmlj_0.localstorage-journal, Quarantined, [887d475227633ff7e633f608689b5ca4], 
PUP.Optional.SelectNGo.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [4abb544571192412c9cfa770c1431ae6], 
PUP.Optional.SelectNGo.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Quarantined, [bc49fd9c95f5de58ddbbba5d26de916f], 
PUP.Optional.ReMarkable.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [0afbdebbdeac0630c64ce29133d2cc34], 
PUP.Optional.ReMarkable.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [16efa9f0a5e5a294ed251e5561a4d927], 
PUP.Optional.MultiPlug.Gen, C:\Users\Ben\AppData\Roaming\4C4C4544-1432703535-5810-8047-B8C04F465731\vnsf9436.tmp, Quarantined, [6e9718817515f24413e775fe35d09c64], 
PUP.Optional.MultiPlug.Gen, C:\Users\Ben\AppData\Roaming\4C4C4544-1432703535-5810-8047-B8C04F465731\Uninstall.exe, Quarantined, [6e9718817515f24413e775fe35d09c64], 
PUP.Optional.Trovi.A, C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.trovi.com_0\20, Quarantined, [9b6a8c0db6d4d363a037588329daa25e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:35 AM

Posted 29 May 2015 - 02:12 AM

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead.  ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner  <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below.  Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file.  Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please.  Thanks.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#13 Ben_Shumate

Ben_Shumate
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 30 May 2015 - 01:03 AM

attachedarrow-10x10.pngis the log you requested

Attached Files

  • Attached File  eset.txt   10.29KB   2 downloads


#14 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:35 AM

Posted 30 May 2015 - 02:20 PM


Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\bundle_353[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\rTb7HuoNl7vo75ArlMOEZeoFc5lmD4UYk0G5yfd6IaLj36wy[1].swf
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\setup[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\setup[3].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\Stub[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\AnyProtect[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\OrbiterInstaller[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\Setup[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\setup_gmsd_us[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\policyname[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\ReimagePackage1814x64a[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\ReimageRepair[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\SearchProtect_1611[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\SearchUpdater[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\sgwr[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\VOsrv[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\AnyProtect[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\rvwr[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\setup_362[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\sprz[1].exe
C:\Users\Ben\AppData\Roaming\Eppink\Uninstall.exe
C:\Users\Ben\Downloads\WinZip175.exe
C:\Windows\Installer\3fcf5fa.msi
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#15 Ben_Shumate

Ben_Shumate
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 31 May 2015 - 12:01 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Ben at 2015-05-31 10:53:11 Run:2
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Ben\AppData\Local MICROSOFT\Windows\INetCache\IE\HFX754RH\bundle_353[1].exe
C:\Users\Ben\AppData\Local MICROSOFT\Windows\INetCache\IE\HFX754RH\rTb7HuoNl7vo75ArlMOEZeoFc5lmD4UYk0G5yfd6IaLj36wy[1].swf
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\setup[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\setup[3].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\Stub[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\AnyProtect[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\OrbiterInstaller[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\Setup[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\setup_gmsd_us[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\policyname[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\ReimagePackage1814x64a[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA REIMAGEREPAIR[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\SearchProtect_1611[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\SearchUpdater[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\sgwr[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\VOsrv[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\AnyProtect[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\rvwr[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\setup_362[1].exe
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\sprz[1].exe
C:\Users\Ben\AppData\Roaming\Eppink\Uninstall.exe
C:\Users\Ben\Downloads\WinZip175.exe
C:\Windows\Installer\3fcf5fa.msi
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
REBOOT:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\Users\Ben\AppData\Local MICROSOFT\Windows\INetCache\IE\HFX754RH\bundle_353[1].exe" => File/Folder not found.
"C:\Users\Ben\AppData\Local MICROSOFT\Windows\INetCache\IE\HFX754RH\rTb7HuoNl7vo75ArlMOEZeoFc5lmD4UYk0G5yfd6IaLj36wy[1].swf" => File/Folder not found.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\setup[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\setup[3].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\HFX754RH\Stub[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\AnyProtect[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\OrbiterInstaller[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\Setup[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\POQWFQBK\setup_gmsd_us[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\policyname[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\ReimagePackage1814x64a[1].exe => Moved successfully.
"C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA REIMAGEREPAIR[1].exe" => File/Folder not found.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\SearchProtect_1611[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\SearchUpdater[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\sgwr[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\YPFX4CUA\VOsrv[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\AnyProtect[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\rvwr[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\setup_362[1].exe => Moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\ZB92OS2V\sprz[1].exe => Moved successfully.
C:\Users\Ben\AppData\Roaming\Eppink\Uninstall.exe => Moved successfully.
C:\Users\Ben\Downloads\WinZip175.exe => Moved successfully.
C:\Windows\Installer\3fcf5fa.msi => Moved successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {0CD62A09-D8CA-4C70-9473-D673E3FC7487}.
Unable to cancel {A9B67A7B-E212-4786-A931-9F8062C0D705}.
{6745BF15-0FD5-4AAA-8C93-5A45CD0BE645} canceled.
{EE843BFA-27D5-4A8C-BC8C-5B3D9B30758B} canceled.
{CC1A0932-D8F4-400B-8402-1177B95EB337} canceled.
{EF8D61E6-EF1B-45E0-8320-503537E5464A} canceled.
{FFECDB8C-B8BD-4BEE-9E30-8240A7706A09} canceled.
{827EF8A4-1015-45B7-997F-A34419595CEA} canceled.
6 out of 8 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-1895326297-792529850-1853505580-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => Removed 7.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:56:13 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users