Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Brendan at 2015-04-03 22:24:49 Run:1 Running from C:\Users\Brendan\Desktop Loaded Profiles: Brendan (Available profiles: Brendan & Torin) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-708214694-1593697130-2342718439-1002 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...&D=040315&SSPV= SearchScopes: HKU\S-1-5-21-708214694-1593697130-2342718439-1002 -> {ABDAE76F-7F4D-4D96-8974-D0DF805DD6F3} URL = FF DefaultSearchEngine: Trovi FF SelectedSearchEngine: Trovi FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=M15D18B3C-B481-47C6-8CAF-1827BC06D7D7&SearchSource=55&CUI=&UM=8&UP=SP72707F87-9D5F-4DE3-958B-41D6F16D8D40&D=031715&SSPV= FF NewTab: about:newtab FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF SearchPlugin: C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\searchplugins\trovi.xml [2015-04-03] S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] R1 mwiynzm4ndy1yjz; system32\drivers\mwiynzm4ndy1yjz.sys [X] S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X] 2015-03-16 23:13 - 2015-03-25 22:50 - 00000000 ____D () C:\ProgramData\3b347388000055a1 2015-03-16 22:15 - 2015-03-16 23:12 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\BitTorrent 2015-03-16 19:41 - 2015-03-16 19:41 - 00003270 _____ () C:\windows\System32\Tasks\GlobalUpdate-ywy1yzzxn2szbtl 2015-03-16 19:41 - 2015-03-16 19:41 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl 2015-03-16 18:10 - 2015-03-16 18:53 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads 2015-03-16 18:08 - 2015-03-16 18:11 - 00000000 ____D () C:\Users\Brendan\Documents\ProPCCleaner 2015-03-16 18:08 - 2015-03-16 18:08 - 00003196 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start 2015-03-16 18:08 - 2015-03-16 18:08 - 00000000 ____D () C:\Users\Brendan\AppData\Local\Pro_PC_Cleaner 2015-03-16 21:51 - 2014-08-21 23:11 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin C:\Users\Torin\AppData\Local\Temp\oct1F35.tmp.exe C:\Users\Torin\AppData\Local\Temp\oct9D77.tmp.exe Task: {0215C75D-25FF-4855-B8B2-85D8BA044F77} - System32\Tasks\GlobalUpdate-ywy1yzzxn2szbtl => C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl\ywy1yzzxn2szbtl.exe [2015-03-15] () <==== ATTENTION C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl\ywy1yzzxn2szbtl.exe Task: {57BE5E2C-42A0-4AE6-9405-0AB2B78FDD0A} - System32\Tasks\SBWUpdateTask_Time_8ad185b5-1AEE65E83569 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION C:\Program Files\Common Files\SpeedBit Task: {83B3623B-BC7F-49E7-BD77-D7D0442FBB88} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION C:\Program Files (x86)\Pro PC Cleaner Task: {C9BEADB8-D8E5-47A1-8223-F4BA8C48E0D3} - \GPUP No Task File <==== ATTENTION Task: {D80F0111-0C24-4936-9FFA-9CA913594EDA} - System32\Tasks\SBWUpdateTask_Logon_8ad185b5-1AEE65E83569 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION Task: {FDD312D7-29C4-4478-AB2A-06581E81D97D} - \Jelbrus Secure Web Task No Task File <==== ATTENTION AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\Users\Brendan\OneDrive:ms-properties HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: hosts: Emptytemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. C:\windows\system32\GroupPolicy\Machine => Moved successfully. C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-708214694-1593697130-2342718439-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully. HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. "HKU\S-1-5-21-708214694-1593697130-2342718439-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABDAE76F-7F4D-4D96-8974-D0DF805DD6F3}" => Key deleted successfully. HKCR\CLSID\{ABDAE76F-7F4D-4D96-8974-D0DF805DD6F3} => Key not found. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. Firefox homepage deleted successfully. Firefox newtab deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully. "C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\searchplugins\trovi.xml" => not found. EagleX64 => Service deleted successfully. mwiynzm4ndy1yjz => Unable to stop service mwiynzm4ndy1yjz => Service deleted successfully. qrnfd_1_10_0_9 => Service not found. C:\ProgramData\3b347388000055a1 => Moved successfully. C:\Users\Brendan\AppData\Roaming\BitTorrent => Moved successfully. C:\windows\System32\Tasks\GlobalUpdate-ywy1yzzxn2szbtl => Moved successfully. C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl => Moved successfully. "C:\Program Files\Common Files\PastaLeads" => File/Directory not found. C:\Users\Brendan\Documents\ProPCCleaner => Moved successfully. C:\windows\System32\Tasks\ProPCCleaner_Start => Moved successfully. C:\Users\Brendan\AppData\Local\Pro_PC_Cleaner => Moved successfully. C:\windows\SysWOW64\AI_RecycleBin => Moved successfully. C:\Users\Torin\AppData\Local\Temp\oct1F35.tmp.exe => Moved successfully. C:\Users\Torin\AppData\Local\Temp\oct9D77.tmp.exe => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0215C75D-25FF-4855-B8B2-85D8BA044F77}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0215C75D-25FF-4855-B8B2-85D8BA044F77}" => Key deleted successfully. C:\Windows\System32\Tasks\GlobalUpdate-ywy1yzzxn2szbtl not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlobalUpdate-ywy1yzzxn2szbtl" => Key deleted successfully. "C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl\ywy1yzzxn2szbtl.exe" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57BE5E2C-42A0-4AE6-9405-0AB2B78FDD0A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57BE5E2C-42A0-4AE6-9405-0AB2B78FDD0A}" => Key deleted successfully. C:\Windows\System32\Tasks\SBWUpdateTask_Time_8ad185b5-1AEE65E83569 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_8ad185b5-1AEE65E83569" => Key deleted successfully. C:\Program Files\Common Files\SpeedBit => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83B3623B-BC7F-49E7-BD77-D7D0442FBB88}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83B3623B-BC7F-49E7-BD77-D7D0442FBB88}" => Key deleted successfully. C:\Windows\System32\Tasks\ProPCCleaner_Start not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully. "C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9BEADB8-D8E5-47A1-8223-F4BA8C48E0D3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9BEADB8-D8E5-47A1-8223-F4BA8C48E0D3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D80F0111-0C24-4936-9FFA-9CA913594EDA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D80F0111-0C24-4936-9FFA-9CA913594EDA}" => Key deleted successfully. C:\Windows\System32\Tasks\SBWUpdateTask_Logon_8ad185b5-1AEE65E83569 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_8ad185b5-1AEE65E83569" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDD312D7-29C4-4478-AB2A-06581E81D97D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD312D7-29C4-4478-AB2A-06581E81D97D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key deleted successfully. C:\Windows => ":nlsPreferences" ADS removed successfully. C:\ProgramData\Temp => ":56E2E879" ADS removed successfully. C:\Users\Brendan\OneDrive => ":ms-properties" ADS removed successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {827BB2AE-4221-4AAD-B3C7-A0A81B08CC08}. Unable to cancel {48F937D7-F65A-4C22-831D-C9CBA5AA1F01}. Unable to cancel {B11F051E-C906-4A4C-BF79-AF6C3448DA39}. Unable to cancel {A203A324-39F6-41A0-BECD-76E3B5FC20DA}. {4EC02FAB-2858-4308-97C1-3A03364A9C4B} canceled. {F65DEDCA-057F-4054-91EC-F050178B508F} canceled. {154474D1-048A-4959-AF3F-849B237ED640} canceled. 3 out of 7 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Resetting Global, OK! Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. HKU\S-1-5-21-708214694-1593697130-2342718439-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\S-1-5-21-708214694-1593697130-2342718439-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 492.6 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:25:35 ====