Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jabuticaba ads removal and links redirecting


  • This topic is locked This topic is locked
50 replies to this topic

#1 astrofaninkc

astrofaninkc

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 17 August 2015 - 08:14 PM

I'm using Google Chrome version 44.0.2403.155 and Windows 7 64-bit. I was being careless and tried to download a game from a less than reputable website that then loaded me up with all kinds of adware, malware, etc. I've since gone through and run removal tools from Add/Remove Programs within Control Panel and scanned and deleted almost everything using Malwarebytes, AdAware, Panda Security and Hitman Pro, but I can't seem to get rid of these redirect ads and Jabuticaba. I've even uninstalled Chrome and then reinstalled it after removing extensions. Nothing has worked.

 

I have downloaded and run FarBar and these are the contents of the FRST.txt file
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Clint (administrator) on CLINT_LAPTOP (17-08-2015 19:50:48)
Running from C:\Users\Clint\Downloads
Loaded Profiles: Clint (Available Profiles: Clint)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\...\Run: [GoogleChromeAutoLaunch_51CE2B88C742889136C08789AFBF8817] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863560 2015-08-07] (Google Inc.)
AppInit_DLLs: C:\ProgramData\RemoteSaver\ihjmsygx.dll => C:\ProgramData\RemoteSaver\ihjmsygx.dll [146944 2015-08-04] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyScripts-x32: Group Policy detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {44A22A81-D7B6-414C-8471-03EF061147AD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {44A22A81-D7B6-414C-8471-03EF061147AD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> {44A22A81-D7B6-414C-8471-03EF061147AD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> {7F393223-AAAC-40D3-A91E-32A2F2AEB5BD} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> {9646C010-DACC-45D9-A162-0CC6F2CD73FF} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Toolbar: HKLM-x32 - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
Toolbar: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/commonActiveX/smsx.cab
DPF: HKLM-x32 {354D91A8-E3C9-491F-BB89-0FB27DEEED86} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXTwain61.cab
DPF: HKLM-x32 {45EEDB84-57BC-4FBD-8065-7AB8E971B545} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXDialog61.cab
DPF: HKLM-x32 {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgX61.cab
DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/viewers/crystalreportviewers/ActiveXControls/PrintControl.cab
DPF: HKLM-x32 {B2D168E0-5597-101D-843A-DA16297B4C87} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/rm2.cab
DPF: HKLM-x32 {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1CDB10D0-0453-4447-9AC8-A4449249F3D8}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{1CDB10D0-0453-4447-9AC8-A4449249F3D8}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{66D5A46D-8467-4D62-90BB-5B83236AB377}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{F4DAEDFD-B12D-46E9-BA70-398E6A80680F}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2371941955-605578686-2567650883-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Clint\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2371941955-605578686-2567650883-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Clint\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
 
Chrome: 
=======
CHR Profile: C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27]
CHR Extension: (Google Drive) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (YouTube) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (ESPN Fantasy Baseball Plus) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdpkcilphoagajilmpeecdeobohfbcb [2015-05-15]
CHR Extension: (Adblock Plus) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-27]
CHR Extension: (Pickemfirst Fantasy Sports) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnnckoodldcbgegkmlgponhofcngihnp [2014-08-27]
CHR Extension: (Google Search) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (SiteAdvisor) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-08-04]
CHR Extension: (AdBlock) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-02]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-08-27]
CHR Extension: (Adblock Super) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-08-09]
CHR Extension: (Hangouts) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-03-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09]
CHR Extension: (Sniper Team 2) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndnehecocipmfgieoedaiojcekhlcfm [2014-10-07]
CHR Extension: (Reddit Preload GIFs) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghfcbekdkjbeichjmohlojmpikchibd [2014-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-08]
CHR Extension: (Adblock Pro) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-08-27]
CHR Extension: (FantasyLink) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\pghfoglbgdeknkjcmilhkidfdkgenfdi [2014-08-27]
CHR Extension: (Gmail) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpywareNew\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-01-26] (Advanced Micro Devices, Inc.) [File not signed]
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-09-03] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [291336 2015-05-19] (Visicom Media Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 HPSLPSVC; C:\Users\Clint\AppData\Local\Temp\7zS6B81\hpslpsvc64.dll [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [X]
S2 mcpltsvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McProxy; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 RemoteSaver; C:\ProgramData\RemoteSaver\RemoteSaver [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31360 2012-01-18] (Advanced Micro Devices, Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [189760 2012-02-05] (AppEx Networks Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [68160 2011-08-12] (Fresco Logic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163576 2015-06-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpywareNew\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpywareNew\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S1 cewd64f; \??\C:\Windows\system32\Drivers\cewd64f.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 cpuz134; \??\C:\Users\Clint\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 19:50 - 2015-08-17 19:51 - 00026441 _____ C:\Users\Clint\Downloads\FRST.txt
2015-08-17 19:50 - 2015-08-17 19:50 - 02173440 _____ (Farbar) C:\Users\Clint\Downloads\FRST64.exe
2015-08-17 19:50 - 2015-08-17 19:50 - 00000000 ____D C:\FRST
2015-08-17 19:33 - 2015-08-17 19:33 - 00001256 _____ C:\Users\Clint\Desktop\fixlist.txt
2015-08-14 20:39 - 2015-08-14 20:39 - 00002960 _____ C:\Users\Clint\Downloads\0c30bdcd-56b0-47c2-bd72-9a8942e3981d.TXT
2015-08-14 20:29 - 2015-08-14 20:29 - 00003358 _____ C:\Users\Clint\Downloads\41dc67a2-9044-4aad-a6be-28358d802f5f.TXT
2015-08-14 20:05 - 2015-08-14 20:05 - 00003290 _____ C:\Users\Clint\Downloads\2cdf4c32-35d1-4b36-9a8d-a33e077ea744.TXT
2015-08-09 14:25 - 2015-08-14 20:09 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-09 14:25 - 2015-08-09 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-09 14:24 - 2015-08-17 19:31 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 14:24 - 2015-08-17 19:29 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 14:24 - 2015-08-09 14:24 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-09 14:24 - 2015-08-09 14:24 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-09 14:09 - 2015-08-16 22:45 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2CDDE80F-8752-4DEB-8872-4226D6B7E844}
2015-08-07 15:13 - 2015-08-09 14:05 - 00002046 _____ C:\Windows\system32\.crusader
2015-08-07 15:01 - 2015-08-07 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-07 15:01 - 2015-08-07 15:01 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-07 14:52 - 2015-08-09 14:05 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-07 14:52 - 2015-08-07 14:53 - 11032736 _____ (SurfRight B.V.) C:\Users\Clint\Downloads\HitmanPro_x64.exe
2015-08-07 14:49 - 2015-08-07 14:49 - 10113976 _____ (SurfRight B.V.) C:\Users\Clint\Downloads\HitmanPro.exe
2015-08-07 14:45 - 2015-08-07 14:46 - 02248704 _____ C:\Users\Clint\Downloads\adwcleaner_4.208 (1).exe
2015-08-05 00:53 - 2015-08-05 00:53 - 00003592 _____ C:\Windows\System32\Tasks\{AE9BCFBB-DA47-4BBD-B530-2AE2248F22D6}
2015-08-05 00:51 - 2015-08-05 00:51 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-08-05 00:47 - 2015-08-05 00:47 - 00000000 ____D C:\Users\Clint\AppData\Roaming\WinRAR
2015-08-05 00:46 - 2015-08-05 00:46 - 01941744 _____ C:\Users\Clint\Downloads\winrar-x64-521.exe
2015-08-04 20:01 - 2015-08-04 20:01 - 02248704 _____ C:\Users\Clint\Desktop\adwcleaner_4.208.exe
2015-08-04 13:56 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-08-04 13:16 - 2015-08-04 13:16 - 00001282 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-08-04 13:15 - 2015-08-04 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-08-04 13:13 - 2015-08-04 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-08-04 13:12 - 2015-08-16 22:45 - 00000000 ____D C:\ProgramData\panda_url_filtering
2015-08-04 13:12 - 2015-08-04 13:12 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2015-08-04 13:11 - 2015-08-09 14:05 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2015-08-04 13:11 - 2015-08-04 13:11 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Panda Security
2015-08-04 13:10 - 2015-08-04 13:15 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-08-04 13:10 - 2015-08-04 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-08-04 13:07 - 2015-08-04 13:12 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-04 13:07 - 2015-08-04 13:07 - 01582848 _____ C:\Users\Clint\Downloads\PANDAFREEAV.exe
2015-08-04 13:02 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-08-04 12:51 - 2015-08-04 13:08 - 00000000 ____D C:\Quarantine
2015-08-04 12:50 - 2015-08-04 13:55 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-08-04 12:50 - 2015-02-17 14:36 - 00250672 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-08-04 12:48 - 2015-08-04 12:49 - 07720664 _____ (McAfee, Inc.) C:\Users\Clint\Downloads\McAfeeSetup-Serial.exe
2015-08-04 00:27 - 2015-08-07 14:42 - 00000024 _____ C:\Users\Clint\AppData\Roaming\appdataFr25.bin
2015-08-04 00:21 - 2015-08-04 00:21 - 00002381 _____ C:\Windows\SysWOW64\findit.xml
2015-08-04 00:19 - 2015-08-07 15:13 - 00000000 ____D C:\ProgramData\RemoteSaver
2015-08-04 00:19 - 2015-08-04 00:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-04 00:18 - 2015-08-04 12:53 - 00000000 ____D C:\Users\Clint\AppData\Local\HPNetwork
2015-08-04 00:18 - 2015-08-04 12:51 - 00000000 ____D C:\Users\Clint\AppData\Local\WindowsPresentation
2015-08-04 00:17 - 2015-08-04 11:29 - 00000000 ____D C:\Program Files (x86)\7af43c85-630a-4ced-8b56-816f28f8dbd9
2015-08-04 00:15 - 2015-08-04 00:15 - 00000045 _____ C:\user.js
2015-08-04 00:15 - 2015-08-04 00:15 - 00000000 ____D C:\Windows\system32\raur
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-08-04 00:05 - 2015-08-04 00:05 - 00000000 ____D C:\Program Files (x86)\Autofill IRCTC Tatkal FormPlugin  Extension
2015-08-03 23:53 - 2015-08-03 23:53 - 00000000 ____D C:\SUPERDelete
2015-08-03 23:40 - 2015-08-03 23:40 - 00000782 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-08-03 23:20 - 2015-08-04 11:27 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-03 23:15 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-03 23:13 - 2015-08-03 23:13 - 00000000 ____D C:\Users\Clint\AppData\Local\CrashRpt
2015-08-03 23:01 - 2015-08-04 11:34 - 00000000 ____D C:\Program Files (x86)\IncludeFunc
2015-08-03 23:00 - 2015-08-04 11:29 - 00000000 ____D C:\Program Files (x86)\FoxyProxy Standard
2015-08-03 22:52 - 2015-08-03 22:52 - 00244574 _____ C:\Users\Clint\Downloads\Command.zip
2015-08-03 18:01 - 2015-08-03 18:01 - 00985600 _____ C:\Users\Clint\Downloads\MicrosoftFixit50123.msi
2015-08-03 17:58 - 2015-08-03 17:58 - 00085504 ___SH C:\Users\Clint\Desktop\Thumbs.db
2015-08-03 13:05 - 2015-08-03 13:09 - 00000000 ____D C:\Users\Clint\Downloads\AccessChk
2015-08-03 13:04 - 2015-08-03 13:04 - 00204425 _____ C:\Users\Clint\Downloads\AccessChk.zip
2015-08-03 12:58 - 2015-08-03 12:58 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2015-08-03 12:57 - 2015-08-03 12:58 - 00379392 _____ C:\Users\Clint\Downloads\subinacl.msi
2015-08-03 12:47 - 2015-08-03 12:48 - 00302011 _____ C:\Users\Clint\Downloads\WindowsUpdateDiagnostic.diagcab
2015-08-03 12:47 - 2015-08-03 12:47 - 06609608 _____ (Piriform Ltd) C:\Users\Clint\Downloads\ccsetup508.exe
2015-08-02 14:52 - 2015-08-02 14:52 - 00000000 ____D C:\Users\Clint\AppData\Local\{B42B9965-F137-454B-AEB2-45E363F51EA2}
2015-08-01 21:56 - 2015-08-03 18:39 - 00000000 __SHD C:\Recovery
2015-08-01 18:11 - 2015-08-01 18:11 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-08-01 18:08 - 2015-08-09 14:07 - 00005016 _____ C:\Windows\setupact.log
2015-08-01 18:08 - 2015-08-03 14:16 - 00000987 _____ C:\Windows\setuperr.log
2015-08-01 14:42 - 2015-08-03 14:22 - 00002271 _____ C:\Windows\DtcInstall.log
2015-08-01 14:39 - 2015-08-03 14:19 - 00004704 _____ C:\Windows\comsetup.log
2015-08-01 14:34 - 2015-08-03 14:16 - 00008479 _____ C:\Windows\diagerr.xml
2015-08-01 14:34 - 2015-08-03 14:16 - 00005718 _____ C:\Windows\diagwrn.xml
2015-07-28 19:19 - 2015-08-03 18:32 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-28 14:47 - 2015-07-25 13:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 14:47 - 2015-07-25 13:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 14:47 - 2015-07-25 13:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 14:47 - 2015-07-25 13:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 14:47 - 2015-07-25 13:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 14:47 - 2015-07-25 13:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 14:47 - 2015-07-25 13:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 14:47 - 2015-07-25 12:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-23 16:04 - 2015-07-14 22:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-23 16:04 - 2015-07-14 22:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-23 16:04 - 2015-07-14 22:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-23 16:04 - 2015-07-14 22:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-23 16:04 - 2015-07-14 21:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-23 16:04 - 2015-07-14 21:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-23 16:04 - 2015-07-14 21:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-23 16:04 - 2015-07-14 21:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-23 16:04 - 2015-07-14 20:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-23 16:04 - 2015-07-14 20:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 19:39 - 2013-01-16 17:54 - 01581287 _____ C:\Windows\WindowsUpdate.log
2015-08-17 19:36 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-17 19:36 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-17 19:31 - 2012-03-22 20:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-16 22:47 - 2013-01-20 16:51 - 00000000 ____D C:\Users\Clint\AppData\Roaming\SoftGrid Client
2015-08-09 14:24 - 2013-01-16 18:45 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-09 14:10 - 2013-07-10 15:27 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Mozilla
2015-08-09 14:10 - 2013-01-16 18:45 - 00000000 ____D C:\Users\Clint\AppData\Local\Google
2015-08-09 14:07 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 13:52 - 2014-08-27 14:47 - 00000000 ____D C:\AdwCleaner
2015-08-07 15:15 - 2014-07-19 17:23 - 00255134 _____ C:\Windows\PFRO.log
2015-08-07 14:52 - 2014-05-27 16:20 - 00000000 ____D C:\Program Files (x86)\Midland LifeSolutions
2015-08-07 14:52 - 2012-03-22 20:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-05 15:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2015-08-05 13:12 - 2014-08-21 12:13 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-05 01:00 - 2013-01-16 17:57 - 00000000 ____D C:\Users\Clint\AppData\Local\VirtualStore
2015-08-04 21:01 - 2013-01-16 17:58 - 00001029 _____ C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-04 14:54 - 2009-07-14 00:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-04 13:55 - 2013-05-04 23:17 - 00000000 ____D C:\Program Files\McAfee
2015-08-04 13:55 - 2013-05-04 23:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-08-04 13:55 - 2013-02-24 19:15 - 00000000 ____D C:\ProgramData\McAfee
2015-08-04 13:55 - 2009-07-13 23:45 - 00517184 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-04 13:11 - 2013-01-16 17:59 - 00123152 _____ C:\Users\Clint\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-04 11:34 - 2013-04-06 18:26 - 00000000 ____D C:\Windows\Minidump
2015-08-04 00:24 - 2015-03-02 13:29 - 00000000 __SHD C:\Users\Clint\AppData\Local\EmieBrowserModeList
2015-08-04 00:24 - 2014-05-13 12:37 - 00000000 __SHD C:\Users\Clint\AppData\Local\EmieUserList
2015-08-04 00:24 - 2014-05-13 12:37 - 00000000 __SHD C:\Users\Clint\AppData\Local\EmieSiteList
2015-08-04 00:15 - 2012-03-22 19:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-04 00:15 - 2012-03-22 19:45 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-04 00:02 - 2014-08-21 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-04 00:02 - 2014-08-21 12:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-03 23:25 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-03 18:32 - 2015-07-16 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-03 18:32 - 2015-04-21 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-03 18:32 - 2015-01-30 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-03 18:32 - 2014-08-07 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-03 18:32 - 2014-08-06 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-03 18:32 - 2014-02-17 20:35 - 00000000 ____D C:\Windows\SysWOW64\GPBAK
2015-08-03 18:32 - 2013-11-11 19:57 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2015-08-03 18:32 - 2013-06-28 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-03 18:32 - 2013-03-20 18:51 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-08-03 18:32 - 2013-03-13 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-03 18:32 - 2013-02-10 04:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-08-03 18:32 - 2013-01-25 22:59 - 00000000 ____D C:\Program Files\IDT
2015-08-03 18:32 - 2013-01-16 17:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-08-03 18:32 - 2013-01-16 17:54 - 00000000 ____D C:\Users\Clint
2015-08-03 18:32 - 2012-08-06 16:38 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-03 18:32 - 2012-08-06 15:57 - 00000000 ____D C:\Windows\system32\nn-NO
2015-08-03 18:32 - 2012-08-06 15:53 - 00000000 ____D C:\Program Files\AMD
2015-08-03 18:32 - 2012-08-06 15:51 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-08-03 18:32 - 2012-03-22 20:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-08-03 18:32 - 2012-03-22 20:39 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-08-03 18:32 - 2012-03-22 20:37 - 00000000 ____D C:\Windows\en
2015-08-03 18:32 - 2012-03-22 20:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-03 18:32 - 2012-03-22 20:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-08-03 18:32 - 2012-03-22 20:32 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-08-03 18:32 - 2012-03-22 20:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-03 18:32 - 2012-03-22 20:15 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-08-03 18:32 - 2011-10-12 19:57 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-08-03 18:32 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-03 18:32 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-03 17:58 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-03 14:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2015-08-03 14:15 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther
2015-08-03 12:48 - 2013-06-28 12:35 - 00000000 ____D C:\Program Files\CCleaner
2015-08-02 17:22 - 2009-07-14 00:08 - 00032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-02 17:21 - 2014-08-27 14:30 - 00000000 ____D C:\Windows\pss
2015-08-02 14:24 - 2013-01-16 20:25 - 00000000 ___RD C:\Users\Clint\Dropbox
2015-08-02 14:24 - 2013-01-16 20:24 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Dropbox
2015-08-02 14:23 - 2014-07-14 13:36 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Spotify
2015-08-02 14:21 - 2014-07-14 13:39 - 00000000 ____D C:\Users\Clint\AppData\Local\Spotify
2015-08-01 19:19 - 2013-05-04 23:32 - 00262144 _____ C:\Windows\system32\config\ELAM
2015-08-01 13:29 - 2015-07-16 16:08 - 00000000 ____D C:\Program Files\SUPERAntiSpywareNew
2015-08-01 13:24 - 2015-06-14 15:22 - 00000000 ____D C:\ProgramData\CovenantEyes
2015-07-29 00:41 - 2015-06-14 16:02 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-29 00:41 - 2015-06-14 15:23 - 00003896 _____ C:\Windows\SysWOW64\CovenantEyesProxyOff.ini
2015-07-28 21:25 - 2015-05-01 13:12 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-28 21:21 - 2015-05-01 13:12 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-28 21:21 - 2014-04-22 23:48 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-21 19:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2015-08-04 00:27 - 2015-08-07 14:42 - 0000024 _____ () C:\Users\Clint\AppData\Roaming\appdataFr25.bin
2015-01-17 15:18 - 2015-01-17 15:18 - 0000000 _____ () C:\Users\Clint\AppData\Local\{C4ABA1BE-2A34-4035-9A52-00A321E76671}
2014-01-30 14:09 - 2014-01-30 14:09 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-23 12:39 - 2014-05-29 14:00 - 0025101 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Clint\AppData\Local\Temp\Extract.exe
C:\Users\Clint\AppData\Local\Temp\Quarantine.exe
C:\Users\Clint\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2012-03-22 19:45] - [2015-08-04 00:15] - 0357888 ____A (Microsoft Corporation) 8026E3CC0C63F0C2F0921DE29B05A1C4
 
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-02 19:02
 
==================== End of log ============================
 
Thanks for your help.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:43 AM

Posted 19 August 2015 - 04:25 AM

Hello and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)

Please allow me some time to look over your logs and I will be back with instructions.

#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:43 AM

Posted 19 August 2015 - 06:45 PM

Hello Clint,
 
Before we begin, there are a few things I want to make sure you know:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
Shall we begin then?
 
===

We will need to address quite a few things, so please read the instructions carefully.

:step1: Farbar Recovery Scan Tool location

You are running FRST from C:\Users\Clint\Downloads - Please move FRST64.exe to your Desktop.

===

:step2: Malwarebytes Anti-Malware scan log

Please retrieve the latest scan log from Malwarebytes Anti-Malware using these instructions and attach them in your next reply.

===

Looking at your logs I noticed that you have remnants of McAfee Security Center installed. We will need to remove it to avoid conflict with Panda Antivirus, and also removing Panda Cloud Cleaner because it is redundant.

:step3: Uninstalling Programs

Click the Start orb on the taskbar, and then click the Control Panel button.
  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting Remove:

McAfee Security Center
Panda Cloud Cleaner


Additional instructions can be found here if needed.

If you run into any issues, please let me know.

===

:step4: VirusTotal file analysis

Please go to VirusTotal and upload the following file for analysis:

C:\Windows\system32\dnsapi.dll
After that please copy and paste the link of the result in your next post.

===

:step5: Fix with Farbar Recovery Scan Tool
  • Press the Windows key + R, type in notepad in the box and press Enter. Notepad will open.
  • Copy and paste the contents of the following codebox into Notepad:
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    AppInit_DLLs: C:\ProgramData\RemoteSaver\ihjmsygx.dll => C:\ProgramData\RemoteSaver\ihjmsygx.dll [146944 2015-08-04] ()
    S2 RemoteSaver; C:\ProgramData\RemoteSaver\RemoteSaver [X]
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyScripts-x32: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Task: {07F42939-ADF4-486C-8080-C2CDB5FA1D3E} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {0F22B737-E29C-49BB-B050-27D8018C9DEB} - \bea40a79-2d7d-4932-bba7-7661717c74ab-3 -> No File <==== ATTENTION
    Task: {1736F6C3-8FD3-4064-8BB9-69F94198CE21} - \{DE430FDC-E05E-4AAE-824D-30D86489121A} -> No File <==== ATTENTION
    Task: {2531FEE0-5430-408A-B173-CCF8CFD7387F} - \MirageAgent -> No File <==== ATTENTION
    Task: {26D7B5B2-214B-4D53-A38A-4608212D8B8A} - \{2F0311FF-3D5E-4548-9A3E-7592159D5565} -> No File <==== ATTENTION
    Task: {29945EE6-345A-4F1F-8CB2-7DF4DA909076} - \{3EB97C12-4A3C-4838-9C7B-9E146C3350AF} -> No File <==== ATTENTION
    Task: {2C34D0CC-55D9-498F-88DC-FF2CEF148443} - \Ehcks -> No File <==== ATTENTION
    Task: {2C46C829-D543-4628-9C8C-6D2DB4664095} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
    Task: {2D7586EF-D92E-4D27-8F75-39D81309A9FD} - \Super Optimizer Schedule -> No File <==== ATTENTION
    Task: {2DC91AEC-FF96-4983-AE1E-288154D33054} - \Chromium -> No File <==== ATTENTION
    Task: {31FAE398-11A0-4D0F-9220-8FEA0B79A30D} - \Adobe Flash Player Updater -> No File <==== ATTENTION
    Task: {33154A21-85BD-45C7-965C-F62E9EAAD258} - \Optscan -> No File <==== ATTENTION
    Task: {355BA5BB-699B-479F-A120-A7B24353BE8B} - \{82716475-FD84-43B4-893E-214CC352FD95} -> No File <==== ATTENTION
    Task: {4B97E379-95C8-4CC5-A6A2-AC88D693EE94} - \Windows Presentation Foundation Font 1.0.4 -> No File <==== ATTENTION
    Task: {5FF33BD3-60A1-4774-B529-2837535026E3} - \bea40a79-2d7d-4932-bba7-7661717c74ab-10_user -> No File <==== ATTENTION
    Task: {60CA1407-DDB9-4B67-8B9D-A1B44575EDCA} - \{F1BC190F-6C8D-4C31-B469-ABC4654531B0} -> No File <==== ATTENTION
    Task: {635099EB-E4B4-4BC6-B4A6-C64D87421339} - \SMW_UpdateTask_Time_3135303634373233382d2323782a32455b4134572d32 -> No File <==== ATTENTION
    Task: {6CEE2454-37A2-4C2A-B531-0EC6C1FA1152} - \{F85A75C6-4B8C-406E-8627-2F559089D4A0} -> No File <==== ATTENTION
    Task: {74925EC6-3769-42AC-AEEB-0A320CBEA710} - \CCleanerSkipUAC -> No File <==== ATTENTION
    Task: {7DAC75C5-58CF-4E22-B6EC-F3D33C0577E2} - \bea40a79-2d7d-4932-bba7-7661717c74ab-6 -> No File <==== ATTENTION
    Task: {827AF143-D408-44CA-B0EE-CFDF252F6CB6} - \snf -> No File <==== ATTENTION
    Task: {86351669-8820-483A-ADCB-ADA4160030B2} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {8DADEA55-9DCC-4574-9EBA-93A26B28181A} - \bea40a79-2d7d-4932-bba7-7661717c74ab-1-7 -> No File <==== ATTENTION
    Task: {AF3E75C0-44B8-423F-A901-0AF97DFA4AAE} - \{909562D2-22BF-4B9A-BBC4-7039DFF5A2FE} -> No File <==== ATTENTION
    Task: {B1711178-4614-400D-AF80-3329DB71DEAD} - \McAfee Remediation (Prepare) -> No File <==== ATTENTION
    Task: {C9C7137C-1357-49EF-B020-347CA7AFAC56} - \snp -> No File <==== ATTENTION
    Task: {CBDDFB55-A4A6-4253-9062-7D7E51B33B39} - \SMWUpd -> No File <==== ATTENTION
    Task: {D092D14D-EF47-4276-ACAC-CD27C8AB30EA} - \{581C29D1-86B1-47CA-8A23-B658E5520F93} -> No File <==== ATTENTION
    Task: {D6267F8F-C872-4E2B-A4BB-6D5D45FC7D4D} - \bea40a79-2d7d-4932-bba7-7661717c74ab-5 -> No File <==== ATTENTION
    Task: {DEF3F9B9-D309-4217-8E8C-D5FDA69D7331} - \bea40a79-2d7d-4932-bba7-7661717c74ab-1-6 -> No File <==== ATTENTION
    Task: {E28087D7-CB31-43C1-86F4-A0C281115894} - \Crossbrowse -> No File <==== ATTENTION
    Task: {EBB0B39E-C61B-4382-A692-3EC196C8B5E7} - \bea40a79-2d7d-4932-bba7-7661717c74ab-5_user -> No File <==== ATTENTION
    Task: {EBFEC3DA-5916-4E23-81EB-C4E08D740AF6} - \{79E83374-92CD-4D5B-AEC8-48A435EE556F} -> No File <==== ATTENTION
    Task: {F89C4040-D5D7-491A-BF38-8AB8914ADED2} - \bea40a79-2d7d-4932-bba7-7661717c74ab-7 -> No File <==== ATTENTION
    Task: {F901E408-809E-4A68-BF25-EA31D3445C52} - \{62C391BA-66BA-42B1-8684-639F3FC30186} -> No File <==== ATTENTION
    Task: {FF5599BF-BD04-4564-AC7B-A2A1ED4FE713} - \{4CB81C44-6D18-4FF8-97C4-2E9B3FA76EAF} -> No File <==== ATTENTION
    
  • Save the file as fixlist.txt to the Desktop.
    Note: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply
To recap, I will need the following information in your next reply:
  • Confirmation that you have moved FRST64.exe to the Desktop;
  • Attached scan log from Malwarebytes Anti-Malware;
  • The uninstallation of McAfee Security Center and Panda Cloud Cleaner;
  • The result link from VirusTotal for dnsapi.dll;
  • Contents of Fixlog.txt.
Regards,
Alex 

#4 astrofaninkc

astrofaninkc
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 19 August 2015 - 09:45 PM

Alex, thanks for your help.

 

I moved FRST.exe to the desktop.

I have attached the latest scan log from Malware Bytes. Attached File  protection-log-2015-08-19.xml   906bytes   4 downloads
 

I uninstalled both McAfee Security Center and Panda Cloud Cleaner

The result link from VirusTotal is https://www.virustotal.com/en/file/57fb3c1fefbb15ce4e4db1476c6122e896997f2632646ce55b945fcea3f7268d/analysis/1440037712/

 

Fixlog.txt is as follows:
 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Clint (2015-08-19 21:31:25) Run:1
Running from C:\Users\Clint\Desktop
Loaded Profiles: Clint (Available Profiles: Clint)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\ProgramData\RemoteSaver\ihjmsygx.dll => C:\ProgramData\RemoteSaver\ihjmsygx.dll [146944 2015-08-04] ()
S2 RemoteSaver; C:\ProgramData\RemoteSaver\RemoteSaver [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyScripts-x32: Group Policy detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Policies\Microsoft\Internet Explorer:
Policy restriction <======= ATTENTION
Task: {07F42939-ADF4-486C-8080-C2CDB5FA1D3E} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {0F22B737-E29C-49BB-B050-27D8018C9DEB} - \bea40a79-2d7d-4932-bba7-7661717c74ab-3 -> No File <==== ATTENTION
Task: {1736F6C3-8FD3-4064-8BB9-69F94198CE21} - \{DE430FDC-E05E-4AAE-824D-30D86489121A} -> No File <==== ATTENTION
Task: {2531FEE0-5430-408A-B173-CCF8CFD7387F} - \MirageAgent -> No File <==== ATTENTION
Task: {26D7B5B2-214B-4D53-A38A-4608212D8B8A} - \{2F0311FF-3D5E-4548-9A3E-7592159D5565} -> No File <==== ATTENTION
Task: {29945EE6-345A-4F1F-8CB2-7DF4DA909076} - \{3EB97C12-4A3C-4838-9C7B-9E146C3350AF} -> No File <==== ATTENTION
Task: {2C34D0CC-55D9-498F-88DC-FF2CEF148443} - \Ehcks -> No File <==== ATTENTION
Task: {2C46C829-D543-4628-9C8C-6D2DB4664095} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {2D7586EF-D92E-4D27-8F75-39D81309A9FD} - \Super Optimizer
Schedule -> No File <==== ATTENTION
Task: {2DC91AEC-FF96-4983-AE1E-288154D33054} - \Chromium -> No File <==== ATTENTION
Task: {31FAE398-11A0-4D0F-9220-8FEA0B79A30D} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {33154A21-85BD-45C7-965C-F62E9EAAD258} - \Optscan -> No File <==== ATTENTION
Task: {355BA5BB-699B-479F-A120-A7B24353BE8B} - \{82716475-FD84-43B4-893E-214CC352FD95} -> No File <==== ATTENTION
Task: {4B97E379-95C8-4CC5-A6A2-AC88D693EE94} - \Windows Presentation Foundation Font 1.0.4 -> No File <==== ATTENTION
Task: {5FF33BD3-60A1-4774-B529-2837535026E3} - \bea40a79-2d7d-4932-bba7-7661717c74ab-10_user -> No File <==== ATTENTION
Task: {60CA1407-DDB9-4B67-8B9D-A1B44575EDCA} - \{F1BC190F-6C8D-4C31-B469-ABC4654531B0} -> No File <==== ATTENTION
Task: {635099EB-E4B4-4BC6-B4A6-C64D87421339} - \SMW_UpdateTask_Time_3135303634373233382d2323782a32455b4134572d32 -> No File <==== ATTENTION
Task:
{6CEE2454-37A2-4C2A-B531-0EC6C1FA1152} - \{F85A75C6-4B8C-406E-8627-2F559089D4A0} -> No File <==== ATTENTION
Task: {74925EC6-3769-42AC-AEEB-0A320CBEA710} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {7DAC75C5-58CF-4E22-B6EC-F3D33C0577E2} - \bea40a79-2d7d-4932-bba7-7661717c74ab-6 -> No File <==== ATTENTION
Task: {827AF143-D408-44CA-B0EE-CFDF252F6CB6} - \snf -> No File <==== ATTENTION
Task: {86351669-8820-483A-ADCB-ADA4160030B2} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {8DADEA55-9DCC-4574-9EBA-93A26B28181A} - \bea40a79-2d7d-4932-bba7-7661717c74ab-1-7 -> No File <==== ATTENTION
Task: {AF3E75C0-44B8-423F-A901-0AF97DFA4AAE} - \{909562D2-22BF-4B9A-BBC4-7039DFF5A2FE} -> No File <==== ATTENTION
Task: {B1711178-4614-400D-AF80-3329DB71DEAD} - \McAfee Remediation (Prepare) -> No File <==== ATTENTION
Task: {C9C7137C-1357-49EF-B020-347CA7AFAC56} - \snp -> No File <==== ATTENTION
Task:
{CBDDFB55-A4A6-4253-9062-7D7E51B33B39} - \SMWUpd -> No File <==== ATTENTION
Task: {D092D14D-EF47-4276-ACAC-CD27C8AB30EA} - \{581C29D1-86B1-47CA-8A23-B658E5520F93} -> No File <==== ATTENTION
Task: {D6267F8F-C872-4E2B-A4BB-6D5D45FC7D4D} - \bea40a79-2d7d-4932-bba7-7661717c74ab-5 -> No File <==== ATTENTION
Task: {DEF3F9B9-D309-4217-8E8C-D5FDA69D7331} - \bea40a79-2d7d-4932-bba7-7661717c74ab-1-6 -> No File <==== ATTENTION
Task: {E28087D7-CB31-43C1-86F4-A0C281115894} - \Crossbrowse -> No File <==== ATTENTION
Task: {EBB0B39E-C61B-4382-A692-3EC196C8B5E7} - \bea40a79-2d7d-4932-bba7-7661717c74ab-5_user -> No File <==== ATTENTION
Task: {EBFEC3DA-5916-4E23-81EB-C4E08D740AF6} - \{79E83374-92CD-4D5B-AEC8-48A435EE556F} -> No File <==== ATTENTION
Task: {F89C4040-D5D7-491A-BF38-8AB8914ADED2} - \bea40a79-2d7d-4932-bba7-7661717c74ab-7 -> No File <==== ATTENTION
Task: {F901E408-809E-4A68-BF25-EA31D3445C52} - \{62C391BA-66BA-42B1-8684-639F3FC30186}
-> No File <==== ATTENTION
Task: {FF5599BF-BD04-4564-AC7B-A2A1ED4FE713} - \{4CB81C44-6D18-4FF8-97C4-2E9B3FA76EAF} -> No File <==== ATTENTION
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
"C:\ProgramData\RemoteSaver\ihjmsygx.dll" => Value data removed successfully.
RemoteSaver => service removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: => Error: No automatic fix found for this entry.
Policy restriction <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07F42939-ADF4-486C-8080-C2CDB5FA1D3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07F42939-ADF4-486C-8080-C2CDB5FA1D3E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F22B737-E29C-49BB-B050-27D8018C9DEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F22B737-E29C-49BB-B050-27D8018C9DEB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bea40a79-2d7d-4932-bba7-7661717c74ab-3 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1736F6C3-8FD3-4064-8BB9-69F94198CE21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1736F6C3-8FD3-4064-8BB9-69F94198CE21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE430FDC-E05E-4AAE-824D-30D86489121A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2531FEE0-5430-408A-B173-CCF8CFD7387F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2531FEE0-5430-408A-B173-CCF8CFD7387F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MirageAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26D7B5B2-214B-4D53-A38A-4608212D8B8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26D7B5B2-214B-4D53-A38A-4608212D8B8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F0311FF-3D5E-4548-9A3E-7592159D5565}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29945EE6-345A-4F1F-8CB2-7DF4DA909076}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29945EE6-345A-4F1F-8CB2-7DF4DA909076}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3EB97C12-4A3C-4838-9C7B-9E146C3350AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C34D0CC-55D9-498F-88DC-FF2CEF148443}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C34D0CC-55D9-498F-88DC-FF2CEF148443}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ehcks => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C46C829-D543-4628-9C8C-6D2DB4664095}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C46C829-D543-4628-9C8C-6D2DB4664095}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D7586EF-D92E-4D27-8F75-39D81309A9FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D7586EF-D92E-4D27-8F75-39D81309A9FD}" => key removed successfully
Schedule -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DC91AEC-FF96-4983-AE1E-288154D33054}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DC91AEC-FF96-4983-AE1E-288154D33054}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31FAE398-11A0-4D0F-9220-8FEA0B79A30D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31FAE398-11A0-4D0F-9220-8FEA0B79A30D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33154A21-85BD-45C7-965C-F62E9EAAD258}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33154A21-85BD-45C7-965C-F62E9EAAD258}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optscan => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{355BA5BB-699B-479F-A120-A7B24353BE8B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{355BA5BB-699B-479F-A120-A7B24353BE8B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{82716475-FD84-43B4-893E-214CC352FD95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B97E379-95C8-4CC5-A6A2-AC88D693EE94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B97E379-95C8-4CC5-A6A2-AC88D693EE94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Presentation Foundation Font 1.0.4" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FF33BD3-60A1-4774-B529-2837535026E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FF33BD3-60A1-4774-B529-2837535026E3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bea40a79-2d7d-4932-bba7-7661717c74ab-10_user => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60CA1407-DDB9-4B67-8B9D-A1B44575EDCA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60CA1407-DDB9-4B67-8B9D-A1B44575EDCA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F1BC190F-6C8D-4C31-B469-ABC4654531B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{635099EB-E4B4-4BC6-B4A6-C64D87421339}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{635099EB-E4B4-4BC6-B4A6-C64D87421339}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3135303634373233382d2323782a32455b4134572d32 => key not found. 
Task: => Error: No automatic fix found for this entry.
{6CEE2454-37A2-4C2A-B531-0EC6C1FA1152} - \{F85A75C6-4B8C-406E-8627-2F559089D4A0} -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74925EC6-3769-42AC-AEEB-0A320CBEA710}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74925EC6-3769-42AC-AEEB-0A320CBEA710}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DAC75C5-58CF-4E22-B6EC-F3D33C0577E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DAC75C5-58CF-4E22-B6EC-F3D33C0577E2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bea40a79-2d7d-4932-bba7-7661717c74ab-6 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{827AF143-D408-44CA-B0EE-CFDF252F6CB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{827AF143-D408-44CA-B0EE-CFDF252F6CB6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snf => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86351669-8820-483A-ADCB-ADA4160030B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86351669-8820-483A-ADCB-ADA4160030B2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DADEA55-9DCC-4574-9EBA-93A26B28181A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DADEA55-9DCC-4574-9EBA-93A26B28181A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bea40a79-2d7d-4932-bba7-7661717c74ab-1-7 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF3E75C0-44B8-423F-A901-0AF97DFA4AAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF3E75C0-44B8-423F-A901-0AF97DFA4AAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{909562D2-22BF-4B9A-BBC4-7039DFF5A2FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1711178-4614-400D-AF80-3329DB71DEAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1711178-4614-400D-AF80-3329DB71DEAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9C7137C-1357-49EF-B020-347CA7AFAC56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9C7137C-1357-49EF-B020-347CA7AFAC56}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp => key not found. 
Task: => Error: No automatic fix found for this entry.
{CBDDFB55-A4A6-4253-9062-7D7E51B33B39} - \SMWUpd -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D092D14D-EF47-4276-ACAC-CD27C8AB30EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D092D14D-EF47-4276-ACAC-CD27C8AB30EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{581C29D1-86B1-47CA-8A23-B658E5520F93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6267F8F-C872-4E2B-A4BB-6D5D45FC7D4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6267F8F-C872-4E2B-A4BB-6D5D45FC7D4D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bea40a79-2d7d-4932-bba7-7661717c74ab-5 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DEF3F9B9-D309-4217-8E8C-D5FDA69D7331}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEF3F9B9-D309-4217-8E8C-D5FDA69D7331}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bea40a79-2d7d-4932-bba7-7661717c74ab-1-6 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E28087D7-CB31-43C1-86F4-A0C281115894}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E28087D7-CB31-43C1-86F4-A0C281115894}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EBB0B39E-C61B-4382-A692-3EC196C8B5E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBB0B39E-C61B-4382-A692-3EC196C8B5E7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bea40a79-2d7d-4932-bba7-7661717c74ab-5_user => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBFEC3DA-5916-4E23-81EB-C4E08D740AF6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBFEC3DA-5916-4E23-81EB-C4E08D740AF6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{79E83374-92CD-4D5B-AEC8-48A435EE556F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F89C4040-D5D7-491A-BF38-8AB8914ADED2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F89C4040-D5D7-491A-BF38-8AB8914ADED2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bea40a79-2d7d-4932-bba7-7661717c74ab-7 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F901E408-809E-4A68-BF25-EA31D3445C52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F901E408-809E-4A68-BF25-EA31D3445C52}" => key removed successfully
-> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF5599BF-BD04-4564-AC7B-A2A1ED4FE713}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF5599BF-BD04-4564-AC7B-A2A1ED4FE713}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4CB81C44-6D18-4FF8-97C4-2E9B3FA76EAF}" => key removed successfully
 
 
The system needed a reboot.. 
 
==== End of Fixlog 21:31:29 ====

Let me know if you require anything further from me.

Clint


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:43 AM

Posted 20 August 2015 - 03:20 PM

Hello Clint,

Please create a new set of FRST logs for me - remember to put a checkmark in Addition.txt!

Can you check to see if the ads and redirections occur in other browsers? Let me know the overall status of the computer as well.

Regards,
Alex

#6 astrofaninkc

astrofaninkc
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 20 August 2015 - 10:59 PM

It occurs to me that redirecting links may not be the best way to describe what's happening. It happens when I click links, but it also happens when I click on the scroll bar. It sometimes opens up a new tab and opens a random website like cnet.com, target.com, teamcoco.com among others. It's different every time.
 
The only other browser I have on this computer is IE, and it is doing the same thing. 

The computer runs just fine. I've never had any issues with it before this. 

Here are the FRST logs. Hope this helps.
Attached File  Addition.txt   46.96KB   2 downloads
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
Ran by Clint (administrator) on CLINT_LAPTOP (20-08-2015 22:45:54)
Running from C:\Users\Clint\Desktop
Loaded Profiles: Clint (Available Profiles: Clint)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\...\Run: [GoogleChromeAutoLaunch_51CE2B88C742889136C08789AFBF8817] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863560 2015-08-18] (Google Inc.)
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_18_0_0_209_ActiveX.exe [874672 2015-07-16] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Clint\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {44A22A81-D7B6-414C-8471-03EF061147AD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {44A22A81-D7B6-414C-8471-03EF061147AD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> {44A22A81-D7B6-414C-8471-03EF061147AD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> {7F393223-AAAC-40D3-A91E-32A2F2AEB5BD} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> {9646C010-DACC-45D9-A162-0CC6F2CD73FF} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Toolbar: HKLM-x32 - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
Toolbar: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/commonActiveX/smsx.cab
DPF: HKLM-x32 {354D91A8-E3C9-491F-BB89-0FB27DEEED86} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXTwain61.cab
DPF: HKLM-x32 {45EEDB84-57BC-4FBD-8065-7AB8E971B545} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXDialog61.cab
DPF: HKLM-x32 {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgX61.cab
DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/viewers/crystalreportviewers/ActiveXControls/PrintControl.cab
DPF: HKLM-x32 {B2D168E0-5597-101D-843A-DA16297B4C87} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/rm2.cab
DPF: HKLM-x32 {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1CDB10D0-0453-4447-9AC8-A4449249F3D8}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{1CDB10D0-0453-4447-9AC8-A4449249F3D8}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{66D5A46D-8467-4D62-90BB-5B83236AB377}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{F4DAEDFD-B12D-46E9-BA70-398E6A80680F}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2371941955-605578686-2567650883-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Clint\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2371941955-605578686-2567650883-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Clint\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
 
Chrome: 
=======
CHR Profile: C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27]
CHR Extension: (Google Drive) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (YouTube) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (ESPN Fantasy Baseball Plus) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdpkcilphoagajilmpeecdeobohfbcb [2015-05-15]
CHR Extension: (Adblock Plus) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-27]
CHR Extension: (Pickemfirst Fantasy Sports) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnnckoodldcbgegkmlgponhofcngihnp [2014-08-27]
CHR Extension: (Google Search) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (SiteAdvisor) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-08-04]
CHR Extension: (AdBlock) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-02]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-08-27]
CHR Extension: (Adblock Super) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-08-09]
CHR Extension: (Hangouts) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-03-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09]
CHR Extension: (Sniper Team 2) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndnehecocipmfgieoedaiojcekhlcfm [2014-10-07]
CHR Extension: (Reddit Preload GIFs) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghfcbekdkjbeichjmohlojmpikchibd [2014-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-08]
CHR Extension: (Adblock Pro) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-08-27]
CHR Extension: (FantasyLink) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\pghfoglbgdeknkjcmilhkidfdkgenfdi [2014-08-27]
CHR Extension: (Gmail) - C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpywareNew\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-01-26] (Advanced Micro Devices, Inc.) [File not signed]
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-09-03] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [291336 2015-05-19] (Visicom Media Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 HPSLPSVC; C:\Users\Clint\AppData\Local\Temp\7zS6B81\hpslpsvc64.dll [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [X]
S2 mcpltsvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McProxy; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
R5 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31360 2012-01-18] (Advanced Micro Devices, Inc.)
R5 amdsata; C:\Windows\System32\drivers\amdsata.sys [107904 2012-03-22] (Advanced Micro Devices)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2012-03-22] (Advanced Micro Devices)
R5 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [82048 2011-12-13] (Advanced Micro Devices)
R5 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [42624 2011-12-13] (Advanced Micro Devices)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [189760 2012-02-05] (AppEx Networks Corporation)
R5 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R5 CLFS; C:\Windows\System32\CLFS.sys [367552 2015-03-03] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459336 2015-01-30] (Microsoft Corporation)
R5 Compbatt; C:\Windows\System32\drivers\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R5 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-13] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [68160 2011-08-12] (Fresco Logic)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R5 hpdskflt; C:\Windows\System32\drivers\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company)
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-07-01] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155584 2015-07-01] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R5 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R5 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R5 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-02-02] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163576 2015-06-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpywareNew\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpywareNew\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-04] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2012-03-22] (Microsoft Corporation)
R5 Wd; C:\Windows\System32\drivers\wd.sys [21056 2009-07-13] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] (Microsoft Corporation)
S1 cewd64f; \??\C:\Windows\system32\Drivers\cewd64f.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 cpuz134; \??\C:\Users\Clint\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-20 22:44 - 2015-08-20 22:45 - 00029080 _____ C:\Users\Clint\Desktop\FRST.txt
2015-08-19 21:31 - 2015-08-19 21:31 - 00000000 ____D C:\Users\Clint\Desktop\FRST-OlderVersion
2015-08-17 20:11 - 2015-08-17 20:11 - 00052647 _____ C:\Users\Clint\Desktop\Addition.txt
2015-08-17 19:51 - 2015-08-17 20:10 - 00052647 _____ C:\Users\Clint\Downloads\Addition.txt
2015-08-17 19:50 - 2015-08-20 22:45 - 00000000 ____D C:\FRST
2015-08-17 19:50 - 2015-08-19 21:31 - 02173952 _____ (Farbar) C:\Users\Clint\Desktop\FRST64.exe
2015-08-17 19:50 - 2015-08-17 19:52 - 00047410 _____ C:\Users\Clint\Downloads\FRST.txt
2015-08-14 20:39 - 2015-08-14 20:39 - 00002960 _____ C:\Users\Clint\Downloads\0c30bdcd-56b0-47c2-bd72-9a8942e3981d.TXT
2015-08-14 20:29 - 2015-08-14 20:29 - 00003358 _____ C:\Users\Clint\Downloads\41dc67a2-9044-4aad-a6be-28358d802f5f.TXT
2015-08-14 20:05 - 2015-08-14 20:05 - 00003290 _____ C:\Users\Clint\Downloads\2cdf4c32-35d1-4b36-9a8d-a33e077ea744.TXT
2015-08-09 14:25 - 2015-08-20 14:34 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-09 14:25 - 2015-08-09 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-09 14:24 - 2015-08-20 22:29 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 14:24 - 2015-08-20 14:46 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 14:24 - 2015-08-09 14:24 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-09 14:24 - 2015-08-09 14:24 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-09 14:09 - 2015-08-20 14:32 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2CDDE80F-8752-4DEB-8872-4226D6B7E844}
2015-08-07 15:13 - 2015-08-09 14:05 - 00002046 _____ C:\Windows\system32\.crusader
2015-08-07 15:01 - 2015-08-07 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-07 15:01 - 2015-08-07 15:01 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-07 14:52 - 2015-08-09 14:05 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-07 14:52 - 2015-08-07 14:53 - 11032736 _____ (SurfRight B.V.) C:\Users\Clint\Downloads\HitmanPro_x64.exe
2015-08-07 14:49 - 2015-08-07 14:49 - 10113976 _____ (SurfRight B.V.) C:\Users\Clint\Downloads\HitmanPro.exe
2015-08-07 14:45 - 2015-08-07 14:46 - 02248704 _____ C:\Users\Clint\Downloads\adwcleaner_4.208 (1).exe
2015-08-05 00:53 - 2015-08-05 00:53 - 00003592 _____ C:\Windows\System32\Tasks\{AE9BCFBB-DA47-4BBD-B530-2AE2248F22D6}
2015-08-05 00:51 - 2015-08-05 00:51 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-08-05 00:47 - 2015-08-05 00:47 - 00000000 ____D C:\Users\Clint\AppData\Roaming\WinRAR
2015-08-05 00:46 - 2015-08-05 00:46 - 01941744 _____ C:\Users\Clint\Downloads\winrar-x64-521.exe
2015-08-04 20:01 - 2015-08-04 20:01 - 02248704 _____ C:\Users\Clint\Desktop\adwcleaner_4.208.exe
2015-08-04 13:56 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-08-04 13:13 - 2015-08-04 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-08-04 13:12 - 2015-08-19 22:51 - 00000000 ____D C:\ProgramData\panda_url_filtering
2015-08-04 13:12 - 2015-08-04 13:12 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2015-08-04 13:11 - 2015-08-09 14:05 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2015-08-04 13:11 - 2015-08-04 13:11 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Panda Security
2015-08-04 13:10 - 2015-08-04 13:15 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-08-04 13:10 - 2015-08-04 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-08-04 13:07 - 2015-08-04 13:12 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-04 13:07 - 2015-08-04 13:07 - 01582848 _____ C:\Users\Clint\Downloads\PANDAFREEAV.exe
2015-08-04 13:02 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-08-04 12:51 - 2015-08-04 13:08 - 00000000 ____D C:\Quarantine
2015-08-04 12:50 - 2015-08-04 13:55 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-08-04 12:50 - 2015-02-17 14:36 - 00250672 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-08-04 12:48 - 2015-08-04 12:49 - 07720664 _____ (McAfee, Inc.) C:\Users\Clint\Downloads\McAfeeSetup-Serial.exe
2015-08-04 00:27 - 2015-08-07 14:42 - 00000024 _____ C:\Users\Clint\AppData\Roaming\appdataFr25.bin
2015-08-04 00:21 - 2015-08-04 00:21 - 00002381 _____ C:\Windows\SysWOW64\findit.xml
2015-08-04 00:19 - 2015-08-07 15:13 - 00000000 ____D C:\ProgramData\RemoteSaver
2015-08-04 00:19 - 2015-08-04 00:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-04 00:18 - 2015-08-04 12:53 - 00000000 ____D C:\Users\Clint\AppData\Local\HPNetwork
2015-08-04 00:18 - 2015-08-04 12:51 - 00000000 ____D C:\Users\Clint\AppData\Local\WindowsPresentation
2015-08-04 00:17 - 2015-08-04 11:29 - 00000000 ____D C:\Program Files (x86)\7af43c85-630a-4ced-8b56-816f28f8dbd9
2015-08-04 00:15 - 2015-08-04 00:15 - 00000045 _____ C:\user.js
2015-08-04 00:15 - 2015-08-04 00:15 - 00000000 ____D C:\Windows\system32\raur
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-08-04 00:05 - 2015-08-04 00:05 - 00000000 ____D C:\Program Files (x86)\Autofill IRCTC Tatkal FormPlugin  Extension
2015-08-03 23:53 - 2015-08-03 23:53 - 00000000 ____D C:\SUPERDelete
2015-08-03 23:40 - 2015-08-03 23:40 - 00000782 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-08-03 23:20 - 2015-08-04 11:27 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-03 23:15 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-03 23:13 - 2015-08-03 23:13 - 00000000 ____D C:\Users\Clint\AppData\Local\CrashRpt
2015-08-03 23:01 - 2015-08-04 11:34 - 00000000 ____D C:\Program Files (x86)\IncludeFunc
2015-08-03 23:00 - 2015-08-04 11:29 - 00000000 ____D C:\Program Files (x86)\FoxyProxy Standard
2015-08-03 22:52 - 2015-08-03 22:52 - 00244574 _____ C:\Users\Clint\Downloads\Command.zip
2015-08-03 18:01 - 2015-08-03 18:01 - 00985600 _____ C:\Users\Clint\Downloads\MicrosoftFixit50123.msi
2015-08-03 17:58 - 2015-08-19 21:26 - 00113152 ___SH C:\Users\Clint\Desktop\Thumbs.db
2015-08-03 13:05 - 2015-08-03 13:09 - 00000000 ____D C:\Users\Clint\Downloads\AccessChk
2015-08-03 13:04 - 2015-08-03 13:04 - 00204425 _____ C:\Users\Clint\Downloads\AccessChk.zip
2015-08-03 12:58 - 2015-08-03 12:58 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2015-08-03 12:57 - 2015-08-03 12:58 - 00379392 _____ C:\Users\Clint\Downloads\subinacl.msi
2015-08-03 12:47 - 2015-08-03 12:48 - 00302011 _____ C:\Users\Clint\Downloads\WindowsUpdateDiagnostic.diagcab
2015-08-03 12:47 - 2015-08-03 12:47 - 06609608 _____ (Piriform Ltd) C:\Users\Clint\Downloads\ccsetup508.exe
2015-08-02 14:52 - 2015-08-02 14:52 - 00000000 ____D C:\Users\Clint\AppData\Local\{B42B9965-F137-454B-AEB2-45E363F51EA2}
2015-08-01 21:56 - 2015-08-03 18:39 - 00000000 __SHD C:\Recovery
2015-08-01 18:11 - 2015-08-01 18:11 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-08-01 18:08 - 2015-08-19 21:33 - 00005072 _____ C:\Windows\setupact.log
2015-08-01 18:08 - 2015-08-03 14:16 - 00000987 _____ C:\Windows\setuperr.log
2015-08-01 14:42 - 2015-08-03 14:22 - 00002271 _____ C:\Windows\DtcInstall.log
2015-08-01 14:39 - 2015-08-03 14:19 - 00004704 _____ C:\Windows\comsetup.log
2015-08-01 14:34 - 2015-08-03 14:16 - 00008479 _____ C:\Windows\diagerr.xml
2015-08-01 14:34 - 2015-08-03 14:16 - 00005718 _____ C:\Windows\diagwrn.xml
2015-07-28 19:19 - 2015-08-03 18:32 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-28 14:47 - 2015-07-25 13:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 14:47 - 2015-07-25 13:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 14:47 - 2015-07-25 13:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 14:47 - 2015-07-25 13:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 14:47 - 2015-07-25 13:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 14:47 - 2015-07-25 13:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 14:47 - 2015-07-25 13:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 14:47 - 2015-07-25 12:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-23 16:04 - 2015-07-14 22:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-23 16:04 - 2015-07-14 22:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-23 16:04 - 2015-07-14 22:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-23 16:04 - 2015-07-14 22:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-23 16:04 - 2015-07-14 21:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-23 16:04 - 2015-07-14 21:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-23 16:04 - 2015-07-14 21:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-23 16:04 - 2015-07-14 21:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-23 16:04 - 2015-07-14 20:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-23 16:04 - 2015-07-14 20:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-20 22:39 - 2013-01-16 17:54 - 01663928 _____ C:\Windows\WindowsUpdate.log
2015-08-20 22:34 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-20 22:34 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-19 21:33 - 2012-03-22 20:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-19 21:33 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-19 21:31 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-19 21:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-08-16 22:47 - 2013-01-20 16:51 - 00000000 ____D C:\Users\Clint\AppData\Roaming\SoftGrid Client
2015-08-09 14:24 - 2013-01-16 18:45 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-09 14:10 - 2013-07-10 15:27 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Mozilla
2015-08-09 14:10 - 2013-01-16 18:45 - 00000000 ____D C:\Users\Clint\AppData\Local\Google
2015-08-09 13:52 - 2014-08-27 14:47 - 00000000 ____D C:\AdwCleaner
2015-08-07 15:15 - 2014-07-19 17:23 - 00255134 _____ C:\Windows\PFRO.log
2015-08-07 14:52 - 2014-05-27 16:20 - 00000000 ____D C:\Program Files (x86)\Midland LifeSolutions
2015-08-07 14:52 - 2012-03-22 20:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-05 15:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2015-08-05 13:12 - 2014-08-21 12:13 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-05 01:00 - 2013-01-16 17:57 - 00000000 ____D C:\Users\Clint\AppData\Local\VirtualStore
2015-08-04 21:01 - 2013-01-16 17:58 - 00001029 _____ C:\Users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-04 14:54 - 2009-07-14 00:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-04 13:55 - 2013-05-04 23:17 - 00000000 ____D C:\Program Files\McAfee
2015-08-04 13:55 - 2013-05-04 23:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-08-04 13:55 - 2013-02-24 19:15 - 00000000 ____D C:\ProgramData\McAfee
2015-08-04 13:55 - 2009-07-13 23:45 - 00517184 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-04 13:11 - 2013-01-16 17:59 - 00123152 _____ C:\Users\Clint\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-04 11:34 - 2013-04-06 18:26 - 00000000 ____D C:\Windows\Minidump
2015-08-04 00:24 - 2015-03-02 13:29 - 00000000 __SHD C:\Users\Clint\AppData\Local\EmieBrowserModeList
2015-08-04 00:24 - 2014-05-13 12:37 - 00000000 __SHD C:\Users\Clint\AppData\Local\EmieUserList
2015-08-04 00:24 - 2014-05-13 12:37 - 00000000 __SHD C:\Users\Clint\AppData\Local\EmieSiteList
2015-08-04 00:15 - 2012-03-22 19:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-04 00:15 - 2012-03-22 19:45 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-04 00:02 - 2014-08-21 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-04 00:02 - 2014-08-21 12:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-03 23:25 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-03 18:32 - 2015-07-16 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-03 18:32 - 2015-04-21 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-03 18:32 - 2015-01-30 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-03 18:32 - 2014-08-07 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-03 18:32 - 2014-08-06 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-03 18:32 - 2014-02-17 20:35 - 00000000 ____D C:\Windows\SysWOW64\GPBAK
2015-08-03 18:32 - 2013-11-11 19:57 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2015-08-03 18:32 - 2013-06-28 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-03 18:32 - 2013-03-20 18:51 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-08-03 18:32 - 2013-03-13 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-03 18:32 - 2013-02-10 04:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-08-03 18:32 - 2013-01-25 22:59 - 00000000 ____D C:\Program Files\IDT
2015-08-03 18:32 - 2013-01-16 17:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-08-03 18:32 - 2013-01-16 17:54 - 00000000 ____D C:\Users\Clint
2015-08-03 18:32 - 2012-08-06 16:38 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-03 18:32 - 2012-08-06 15:57 - 00000000 ____D C:\Windows\system32\nn-NO
2015-08-03 18:32 - 2012-08-06 15:53 - 00000000 ____D C:\Program Files\AMD
2015-08-03 18:32 - 2012-08-06 15:51 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-08-03 18:32 - 2012-03-22 20:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-08-03 18:32 - 2012-03-22 20:39 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-08-03 18:32 - 2012-03-22 20:37 - 00000000 ____D C:\Windows\en
2015-08-03 18:32 - 2012-03-22 20:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-03 18:32 - 2012-03-22 20:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-08-03 18:32 - 2012-03-22 20:32 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-08-03 18:32 - 2012-03-22 20:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-03 18:32 - 2012-03-22 20:15 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-08-03 18:32 - 2011-10-12 19:57 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-08-03 18:32 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-03 18:32 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-08-03 18:32 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-03 17:58 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-03 14:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2015-08-03 14:15 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther
2015-08-03 12:48 - 2013-06-28 12:35 - 00000000 ____D C:\Program Files\CCleaner
2015-08-02 17:22 - 2009-07-14 00:08 - 00032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-02 17:21 - 2014-08-27 14:30 - 00000000 ____D C:\Windows\pss
2015-08-02 14:24 - 2013-01-16 20:25 - 00000000 ___RD C:\Users\Clint\Dropbox
2015-08-02 14:24 - 2013-01-16 20:24 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Dropbox
2015-08-02 14:23 - 2014-07-14 13:36 - 00000000 ____D C:\Users\Clint\AppData\Roaming\Spotify
2015-08-02 14:21 - 2014-07-14 13:39 - 00000000 ____D C:\Users\Clint\AppData\Local\Spotify
2015-08-01 19:19 - 2013-05-04 23:32 - 00262144 _____ C:\Windows\system32\config\ELAM
2015-08-01 13:29 - 2015-07-16 16:08 - 00000000 ____D C:\Program Files\SUPERAntiSpywareNew
2015-08-01 13:24 - 2015-06-14 15:22 - 00000000 ____D C:\ProgramData\CovenantEyes
2015-07-29 00:41 - 2015-06-14 16:02 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-29 00:41 - 2015-06-14 15:23 - 00003896 _____ C:\Windows\SysWOW64\CovenantEyesProxyOff.ini
2015-07-28 21:25 - 2015-05-01 13:12 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-28 21:21 - 2015-05-01 13:12 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-28 21:21 - 2014-04-22 23:48 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-21 19:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2015-08-04 00:27 - 2015-08-07 14:42 - 0000024 _____ () C:\Users\Clint\AppData\Roaming\appdataFr25.bin
2015-01-17 15:18 - 2015-01-17 15:18 - 0000000 _____ () C:\Users\Clint\AppData\Local\{C4ABA1BE-2A34-4035-9A52-00A321E76671}
2014-01-30 14:09 - 2014-01-30 14:09 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-23 12:39 - 2014-05-29 14:00 - 0025101 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Clint\AppData\Local\Temp\Extract.exe
C:\Users\Clint\AppData\Local\Temp\Quarantine.exe
C:\Users\Clint\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2012-03-22 19:45] - [2015-08-04 00:15] - 0357888 ____A (Microsoft Corporation) 8026E3CC0C63F0C2F0921DE29B05A1C4
 
C:\Windows\SysWOW64\dnsapi.dll
[2012-03-22 19:45] - [2015-08-04 00:15] - 0270336 ____A (Microsoft Corporation) 4DE450840C6F2F889CE3CDC803E17CD5
 
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-18 00:15
 
==================== End of log ============================



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:43 AM

Posted 22 August 2015 - 10:35 AM

Hello Clint,

We will continue with the next steps  :) Please copy and paste the contents of all produced logs instead of attaching them.

:step1: McAfee Consumer Products Removal Tool

Please download the McAfee Consumer Products Removal Tool from here and follow the instructions to remove the remains of McAfee.

===

:step2: Fix with Farbar Recovery Scan Tool
  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.
===

:step3: Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
To recap, I will need the following information in your post:
  • Confirmation that you have ran the McAfee Consumer Products Removal Tool;
  • Fixlog.txt from FRST;
  • Scan log from Emsisoft Emergency Kit.
Regards,
Alex

#8 astrofaninkc

astrofaninkc
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 22 August 2015 - 02:34 PM

I have run McAfee Consumer Product Removal Tools.

 

Fixlog.txt here
 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Clint (2015-08-22 14:02:59) Run:3
Running from C:\Users\Clint\Desktop
Loaded Profiles: Clint (Available Profiles: Clint)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Toolbar: HKLM-x32 - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
Toolbar: HKU\S-1-5-21-2371941955-605578686-2567650883-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
*****************
 
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found. 
HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found. 
HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value not found.
HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value not found.
HKCR\Wow6432Node\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => value not found.
HKCR\Wow6432Node\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => key not found. 
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKCR\PROTOCOLS\Handler\dssrequest => key not found. 
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found. 
HKCR\PROTOCOLS\Handler\sacore => key not found. 
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found. 
HKCR\PROTOCOLS\Filter\application/x-mfe-ipt => key not found. 
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10 => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => key not found. 
HKU\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => key not found. 
 
=========  sfc /scanfile=C:\Windows\system32\dnsapi.dll =========
 
 
 
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
=========  sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========
 
 
 
 
Windows Resource Protection found corrupt files and successfully repaired 
 
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For 
 
example C:\Windows\Logs\CBS\CBS.log
 
 
 
The system file repair changes will take effect after the next reboot.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 14:03:04 ====
 
Results of Emsisoft Emergency Scan here:

Emsisoft Emergency Kit - Version 10.0
Last update: 8/22/2015 2:18:56 PM
User account: Clint_Laptop\Clint
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 8/22/2015 2:20:20 PM
Key: HKEY_USERS\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\WEBAPP  detected: Application.Toolbar (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN  detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN  detected: Setting.NoRun (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTAINER.1  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER.1  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS.1  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE.1  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS.1  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER.1  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC.1  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER.1  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG  detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG.1  detected: Application.AdSend (A)
C:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll  detected: Application.Toolbar (A)
C:\ProgramData\RemoteSaver\31sxlc5p.exe  detected: Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\4kstisf3.dll  detected: Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\cfvbpxwi.dll  detected: Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\nwydyq50.dll  detected: Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\nxgvd1sk.dll  detected: Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\mnrgqzti.dll  detected: Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\ihjmsygx.dll  detected: Adware.Mplug.LV ( B)
C:\ProgramData\RemoteSaver\rybtetbb.dll  detected: Adware.Mplug.LR ( B)
 
Scanned 75799
Found 29
 
Scan end: 8/22/2015 2:25:36 PM
Scan time: 0:05:16
 
C:\ProgramData\RemoteSaver\rybtetbb.dll Quarantined Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\ihjmsygx.dll Quarantined Adware.Mplug.LV ( B)
C:\ProgramData\RemoteSaver\mnrgqzti.dll Quarantined Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\nxgvd1sk.dll Quarantined Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\nwydyq50.dll Quarantined Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\cfvbpxwi.dll Quarantined Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\4kstisf3.dll Quarantined Adware.Mplug.LR ( B)
C:\ProgramData\RemoteSaver\31sxlc5p.exe Quarantined Adware.Mplug.LR ( B)
C:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTAINER.1 Quarantined Application.AdSend (A)
Value: HKEY_USERS\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Key: HKEY_USERS\S-1-5-21-2371941955-605578686-2567650883-1001\SOFTWARE\WEBAPP Quarantined Application.Toolbar (A)
 
Quarantined 29

 



#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:43 AM

Posted 23 August 2015 - 02:11 AM

Hi there,

How is the computer doing now?

#10 astrofaninkc

astrofaninkc
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 23 August 2015 - 02:14 AM

Nothing has changed.

#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:43 AM

Posted 23 August 2015 - 02:26 PM

Hello Clint,

Did you reboot after running the previous fix with FRST?

I noticed that you ran the previous fix with FRST three times - please follow the instructions carefully and only run each fix once. If you are not sure of my directions, please stop and ask :)

Search with Farbar Recovery Scan Tool
  • Launch FRST. In the search box, type the following: dnsapi.dll
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when the search is complete, please post this in your next reply.
Regards,
Alex 

#12 astrofaninkc

astrofaninkc
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 23 August 2015 - 02:56 PM

I don't remember running it three times, but we've been through so many steps I can't be sure.
 

Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Clint (2015-08-23 14:52:47)
Running from C:\Users\Clint\Desktop
Boot Mode: Normal
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2012-03-22 19:45][2015-08-04 00:24] 0270336 ____A (Microsoft Corporation) BD32C2FF2A95E3C1B5DFC2CEEFB71A45
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
[2012-03-22 19:45][2015-08-04 00:24] 0270336 ____A (Microsoft Corporation) 4DE450840C6F2F889CE3CDC803E17CD5
 
C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2010-11-20 22:24][2015-08-04 00:24] 0270336 ____A (Microsoft Corporation) E6BD5ECF6630EC7F832581CFF1733635
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2012-03-22 19:45][2015-08-04 00:16] 0357888 ____A (Microsoft Corporation) 0FCA8542EBD78F1A59626A94D7B21DB7
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2012-03-22 19:45][2015-08-22 13:54] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2010-11-20 22:24][2015-08-04 00:16] 0357888 ____A (Microsoft Corporation) 7F779860F5152C05294A80A6783E9C61
 
C:\Windows\SysWOW64\dnsapi.dll
[2012-03-22 19:45][2015-08-04 00:15] 0270336 ____A (Microsoft Corporation) 4DE450840C6F2F889CE3CDC803E17CD5
 
C:\Windows\System32\dnsapi.dll
[2012-03-22 19:45][2015-08-22 13:54] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File is signed]
 
====== End of Search ======


#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:43 AM

Posted 23 August 2015 - 04:17 PM

Hello Clint,

You are doing a pretty good job - this infection is rather new, and all the experts are on it. No need to get worried, we are getting there :)

Fix with Farbar Recovery Scan Tool
  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.
Regards,
Alex

Edited by Alexstrasza, 23 August 2015 - 04:17 PM.


#14 astrofaninkc

astrofaninkc
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 23 August 2015 - 04:32 PM

No messages from FarBar saying I needed to restart after running fixlist.
 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Clint (2015-08-23 16:29:32) Run:4
Running from C:\Users\Clint\Desktop
Loaded Profiles: Clint (Available Profiles: Clint)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
2015-08-04 00:15 - 2015-08-04 00:15 - 00000000 ____D C:\Windows\system32\raur
cmd: ipconfig /flushdns
cmd: sfc /scannow
*****************
 
C:\Windows\system32\raur => moved successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
 
There is a system repair pending which requires reboot to complete.  Restart 
 
Windows and run sfc again.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 16:29:39 ====


#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:43 AM

Posted 23 August 2015 - 05:59 PM

Hi there,

You will need to reboot to apply the repairs done by sfc /scannow.

How is the computer running?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users