Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Proxy override...malware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Proxy override...malware?

Unread postby fayfox » August 2nd, 2015, 8:16 pm

Hey wbg,
Here it is.

;;;
;;; PSI
;;;

[Version]
Signature = "$Windows NT$"
Class = "ActivityMonitor" ;This is determined by the work this filter driver does
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determined by the Class
Provider = %Company%
DriverVer = 06/03/2009,1.0.0.1

[DestinationDirs]
DefaultDestDir = 12
PSI.DriverFiles = 12 ;%windir%\system32\drivers

;;
;; Default install sections
;;

[DefaultInstall]
OptionDesc = %ServiceDescription%
CopyFiles = PSI.DriverFiles

[DefaultInstall.Services]
AddService = %ServiceName%,,PSI.Service

;;
;; Default uninstall sections
;;

[DefaultUninstall]
DelFiles = PSI.DriverFiles

[DefaultUninstall.Services]
DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting

;;
;; Services Section
;;

[PSI.Service]
DisplayName = %ServiceName%
Description = %ServiceDescription%
ServiceBinary = %12%\%DriverName%.sys ;%system32%\drivers\
Dependencies = FltMgr
ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
LoadOrderGroup = "FSFilter Activity Monitor"
AddReg = PSI.AddRegistry

;;
;; Registry Modifications
;;

[PSI.AddRegistry]
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
HKR,"Instances\"%Instance2.Name%,"Altitude",0x00000000,%Instance2.Altitude%
HKR,"Instances\"%Instance2.Name%,"Flags",0x00010001,%Instance2.Flags%
HKR,"Instances\"%Instance3.Name%,"Altitude",0x00000000,%Instance3.Altitude%
HKR,"Instances\"%Instance3.Name%,"Flags",0x00010001,%Instance3.Flags%

;;
;; Copy Files
;;

[PSI.DriverFiles]
%DriverName%.sys

;;
;; String Section
;;

[Strings]
Company = "Secunia"
ServiceDescription = "PSI mini-filter driver"
ServiceName = "PSI"
DriverName = "psi_mf_amd64"

;Instances specific information.
DefaultInstance = "PSI - Top Instance"
Instance1.Name = "PSI - Middle Instance"
Instance1.Altitude = "370000"
Instance1.Flags = 0x1 ; Suppress automatic attachments
Instance2.Name = "PSI - Bottom Instance"
Instance2.Altitude = "361000"
Instance2.Flags = 0x1 ; Suppress automatic attachments
Instance3.Name = "PSI - Top Instance"
Instance3.Altitude = "385000"
Instance3.Flags = 0x1 ; Suppress automatic attachments
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm
Advertisement
Register to Remove

Re: Proxy override...malware?

Unread postby wannabeageek » August 2nd, 2015, 10:29 pm

Hi fayfox,

Uninstall Secunia PSI.


Then run this again:
SystemLook

If you do not already have this on your Desktop, please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
  • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
    Code: Select all
    :filefind
    *PSI*
    *Secunia*
    
    :folderfind
    *PSI*
    *Secunia*
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 2nd, 2015, 11:54 pm

Hi wbg,
disabled internet,vipre and ran scan.


SystemLook 30.07.11 by jpshortstuff
Log created at 23:40 on 02/08/2015 by Admin
Administrator - Elevation successful

========== filefind ==========

Searching for "*PSI*"
C:\hp\bin\MSOffice\lang\fi\Asenna Microsoft Office 2007 -kokeiluversio 60 pSivSn ajaksi.lnk --a---- 1609 bytes [12:34 14/05/2008] [12:34 14/05/2008] AFCC1E3D278DC532DB7C6D0B4A349198
C:\MyPictures\Dennis & Kristi\Disk 2\Our Campsite at Smoky Mt Nat'l Park 1973.jpg --a---- 2137082 bytes [23:00 03/02/2012] [21:24 23/12/2002] A60F322B094B87FF189165BD8300D3EB
C:\MyPictures\Jackson\Disk 2\Samantha & Britney on upside down ride .jpg --a---- 2151532 bytes [22:41 03/02/2012] [20:19 10/07/2003] 64AD010C0212E4CCB92C92EEF243C5F6
C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml --a---- 2526 bytes [20:40 13/07/2009] [21:08 10/06/2009] 6B64350149EC7A508F9FEB9339C6BE7E
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe --a---- 165888 bytes [00:24 14/07/2009] [01:39 14/07/2009] 55A5E5AE40755556942C30548550E4C3
C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui --a---- 3584 bytes [05:35 14/07/2009] [02:30 14/07/2009] EA15C53D26779F0CF76F556A34E46939
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Interface\Interfaces\Full\AwsPointersFullMapsInterface.js -ra---- 821 bytes [11:13 09/04/2007] [11:13 09/04/2007] D068D168FF31F427F01117C03575C6AB
C:\Program Files (x86)\Common Files\microsoft shared\Grphflt\EPSIMP32.FLT --a---- 77824 bytes [01:22 24/09/1998] [01:22 24/09/1998] 27801E0F7931A7852DCD71AF7C7DD769
C:\Program Files (x86)\Common Files\Mobipocket Shared\Emulator\skin\psion_5mx.gif --a---- 17441 bytes [15:21 01/08/2007] [15:21 01/08/2007] 386B7719444EDE62994F18EAFE12768A
C:\Program Files (x86)\Cyberlink\PowerDirector\skin\1024x768\CreateDisc\AuthorBtnEllipsis.png --a---- 5788 bytes [04:51 30/08/2007] [04:51 30/08/2007] 8D910C19F36E87A2766BA05CBC37A028
C:\Program Files (x86)\Farm to Fork\Data\Sfx\MapSignOut.ogg --a---- 12138 bytes [00:16 21/02/2014] [00:16 21/02/2014] 0130824F9F2EE27B98DD2AA15881B3CE
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil7.exe.hpsign --a---- 256 bytes [01:34 30/09/2013] [01:36 22/05/2015] 0C3D3305770707C25F82A03556BD8EC1
C:\Program Files (x86)\Hewlett-Packard\HP Setup\Assets\step_1thru4_collapsing.wav --a---- 686650 bytes [01:32 19/05/2010] [17:20 07/10/2009] E119121C9F199D591BAF723D220591F9
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPBatteryCheck\BatteryTest.exe.hpsign --a---- 256 bytes [20:07 26/09/2012] [20:07 26/09/2012] 7688577D30BAE0DE3803141906975B24
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPBatteryCheck\HPBC.exe.hpsign --a---- 256 bytes [15:47 27/09/2012] [15:47 27/09/2012] 6EAAB610C2FA3E42358E9F40DC2C15E0
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Warranty\HPWSD.exe.hpsign --a---- 256 bytes [21:59 11/09/2012] [14:21 23/09/2013] 07137454CAF23CCECA4B2727B02FB866
C:\Program Files (x86)\Hewlett-Packard\Shared\CaslShared.dll.hpsign --a---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] 257C18E6713A5820AE17C963FF6CFE2F
C:\Program Files (x86)\Hewlett-Packard\Shared\CaslSmBios.dll.hpsign --a---- 256 bytes [19:51 10/08/2012] [19:51 10/08/2012] CD58643F20A490C828CFD7492816A8AA
C:\Program Files (x86)\Hewlett-Packard\Shared\CaslVer.exe.hpsign -ra---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] D88A4007433AA4F8B55D837E7D575F07
C:\Program Files (x86)\Hewlett-Packard\Shared\CaslWmi.dll.hpsign -ra---- 256 bytes [19:51 10/08/2012] [19:51 10/08/2012] C4C92F7770F4F2C58328A578CDABED54
C:\Program Files (x86)\Hewlett-Packard\Shared\hpcasl.dll.hpsign --a---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] 3ED776F1036236ABE7D10B1ABFFD8C0A
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe.hpsign --a---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] CC374C8B1253323BA505062C9086AFEA
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe.hpsign -ra---- 256 bytes [19:51 10/08/2012] [19:51 10/08/2012] 8B066F19195C29D6AE75B723C182D553
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe.hpsign -ra---- 256 bytes [19:49 10/08/2012] [19:49 10/08/2012] 688AC7CA53864549306B731705236E45
C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll.hpsign --a---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] 2F24877E03644EFDFE26ADD9D3262E2E
C:\Program Files (x86)\Hewlett-Packard\Shared\hputils64.dll.hpsign --a---- 256 bytes [19:51 10/08/2012] [19:51 10/08/2012] 0CDCB477FB53C2C8F516BF73B2AB7012
C:\Program Files (x86)\Hewlett-Packard\Shared\Interop.HPQWMIEXLib.dll.hpsign --a---- 256 bytes [19:51 10/08/2012] [19:51 10/08/2012] 4201861C58C771E7A095EB6A782227BA
C:\Program Files (x86)\Hewlett-Packard\Shared\Wireless.exe.hpsign --a---- 256 bytes [19:50 10/08/2012] [19:50 10/08/2012] DE8DB62B8C65B595EBEC481ECAA0B6AA
C:\Program Files (x86)\hp\Digital Imaging\DocProc\Binary\ps2epsi.ps --a---- 8403 bytes [03:52 28/05/2010] [03:52 28/05/2010] ECCAD6567AFA2054D74E62C86F66E703
C:\Program Files (x86)\hp\Digital Imaging\Graphics\FilmstripSide.png -ra---- 2809 bytes [22:33 22/07/2008] [22:33 22/07/2008] 984691390526CF557DE8F81FDEF64318
C:\Program Files (x86)\Nancy Drew - Alibi in Ashes\Sound\BM_GaspSingle01_SFX.his --a---- 9625 bytes [10:42 29/09/2013] [20:00 19/10/2012] 3A2C2FEAACDE9B3485180174DE644570
C:\Program Files (x86)\Nancy Drew - Alibi in Ashes\Sound\GF_GaspSingle01_SFX.his --a---- 7108 bytes [10:42 29/09/2013] [20:00 19/10/2012] 5F19F1FDEB07E51813692E9B575189B5
C:\Program Files (x86)\Nancy Drew - Alibi in Ashes\Sound\GF_GaspSingle02_SFX.his --a---- 7518 bytes [10:42 29/09/2013] [20:00 19/10/2012] CE1246BBDF5E7162D91ABA17A51C0605
C:\Program Files (x86)\Nancy Drew - Alibi in Ashes\Sound\NN_GaspSingle01_SFX.his --a---- 9125 bytes [10:42 29/09/2013] [20:01 19/10/2012] 0EF3A25CC9A94A9D6A893CD63E30D72A
C:\Program Files (x86)\Nancy Drew - Secret of Shadow Ranch\CDVideo\SEC_PumpSink.bik --a---- 105584 bytes [13:21 12/10/2013] [00:14 15/02/2012] AD5BB09625E8BB2866FFE43CAEC54C85
C:\Program Files (x86)\Nancy Drew - Secret Of The Old Clock\HDVideo\EXT_TopSign.bik --a---- 106332 bytes [13:19 12/10/2013] [23:35 27/05/2008] 7F990E3897EB39603952F1FFFC843C4C
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt01_SFX.HIS --a---- 19704 bytes [08:35 20/09/2011] [21:56 20/07/2011] 53160101D2205CB5C0CC67D191D6144C
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt02_SFX.HIS --a---- 18052 bytes [08:35 20/09/2011] [21:56 20/07/2011] 9243ED382D08525B8E30A658C71075DB
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt03_SFX.HIS --a---- 6052 bytes [08:35 20/09/2011] [21:56 20/07/2011] ACF13E8889BCEF157B258C4CD8A4E396
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt04_SFX.HIS --a---- 17386 bytes [08:35 20/09/2011] [21:56 20/07/2011] 7B5449193D35F7D7198AF4004FA6586D
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt05_SFX.HIS --a---- 6934 bytes [08:35 20/09/2011] [21:56 20/07/2011] 550363A3FDF8A2CBCD46E73377D21CEE
C:\Program Files (x86)\Nancy Drew - Shadow at the Water's Edge\Sound\FootstepSingle_Dirt06_SFX.HIS --a---- 5999 bytes [08:35 20/09/2011] [21:56 20/07/2011] 3EB89DF2653364ED4C289A306135A1C6
C:\Program Files (x86)\Nancy Drew - Tomb of the Lost Queen\Sound\BM_GaspSingle01_SFX.his --a---- 9625 bytes [19:34 05/10/2013] [20:48 03/04/2013] 3A2C2FEAACDE9B3485180174DE644570
C:\Program Files (x86)\Nancy Drew - Tomb of the Lost Queen\Sound\NN_GaspSingle01_SFX.his --a---- 9125 bytes [19:35 05/10/2013] [20:48 03/04/2013] 0EF3A25CC9A94A9D6A893CD63E30D72A
C:\Program Files (x86)\Secunia\PSI\psialog.txt --a---- 652525 bytes [10:34 20/07/2015] [03:29 03/08/2015] 1F74A91A46D9BF510EE3B03B2FA288DF
C:\Program Files (x86)\Secunia\PSI\psialog.txt2 --a---- 2097229 bytes [10:34 20/07/2015] [21:29 28/07/2015] 5B55B498437595F61AA1672BFD9745B1
C:\Program Files (x86)\TurboTax\Deluxe 2010\32bit\local\dlg\dhtmlHelpSidebar.css --a---- 1330 bytes [19:17 29/10/2010] [19:17 29/10/2010] 83C168ECF84ED3EF944526CFC558D699
C:\Program Files (x86)\TurboTax\Deluxe 2010\32bit\local\dlg\dhtmlHelpSidebar.js --a---- 5370 bytes [19:17 29/10/2010] [19:17 29/10/2010] 15A639DF2695AD54C78015F8EEEEF645
C:\Program Files (x86)\TurboTax\Deluxe 2010\32bit\local\dlg\dhtmlHelpSideNavigator.css --a---- 2089 bytes [19:17 29/10/2010] [19:17 29/10/2010] D36CBEC0F7AB7F876CF7A97E38996EFF
C:\Program Files (x86)\TurboTax\Deluxe 2010\32bit\local\dlg\dhtmlHelpSideNavigator.htm --a---- 10197 bytes [19:17 29/10/2010] [19:17 29/10/2010] BA4BF9DCBB1C28BCAF0DA03AD05C0276
C:\Program Files (x86)\TurboTax\Deluxe 2010\32bit\local\dlg\HelpSideNavigator.xml --a---- 1757 bytes [19:17 29/10/2010] [19:17 29/10/2010] 3BBB5ED62172D73B6E58133463D2162A
C:\Program Files (x86)\VIPRE\Definitions\EPSigs.vdx ------- 65429 bytes [06:40 31/01/2014] [19:55 27/03/2013] 91C440FC9EE6520027FCCFC254334D36
C:\Users\fay\AppData\Local\Google\Chrome\User Data\Default\Top Sites --a---- 20480 bytes [13:19 10/01/2015] [18:16 18/07/2015] B5C00B1DBE4BE72B56E397CC88AF0EEC
C:\Users\fay\AppData\Roaming\Microsoft\Windows\Recent\PSI.lnk --a---- 754 bytes [00:13 03/08/2015] [00:13 03/08/2015] 41D0FFE0AEB1516BB9389D98D1D88EA1
C:\Users\fay\AppData\Roaming\Microsoft\Windows\Recent\psi_amd64.inf.lnk --a---- 966 bytes [00:13 03/08/2015] [00:13 03/08/2015] F4152469D8BEC52E34A59577514606B2
C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\text-ellipsis.xml --a---- 423 bytes [20:06 08/04/2009] [20:06 08/04/2009] E6F18F58EBDE651B87055E87DEA0FF1B
C:\Users\fay\Documents\Recipes\Thanksgiving 2013 Menu\Pineapple Upside.doc --a---- 20480 bytes [11:56 23/11/2013] [11:56 23/11/2013] B5C0EC313F46210ACEB3567280588042
C:\Users\fay\Downloads\PSISetup.exe --a---- 5490752 bytes [10:31 20/07/2015] [10:32 20/07/2015] E7A5CEB98F3FD6DE9BFB72972F8EFC37
C:\Windows\Fonts\TempsITC.TTF -r----- 76100 bytes [12:55 17/04/2002] [12:55 17/04/2002] 6E528EAF77E28EBCC849F9769839A5FB
C:\Windows\Help\OEM\Scripts\LaunchHPSI.jse --a---- 3016 bytes [22:22 12/08/2013] [14:33 03/11/2010] 414DDDF814B5951C1F13AF2B1E4A2F57
C:\Windows\inf\mdmpsion.inf --a---- 15414 bytes [05:32 14/07/2009] [05:32 14/07/2009] 2256068069834580EC049E43B3434ECD
C:\Windows\inf\mdmpsion.PNF --a---- 20500 bytes [04:50 14/07/2009] [19:08 01/11/2011] 7FD3BD13840B4518ECB080C031CC8C9B
C:\Windows\Prefetch\PSIA.EXE-E77FB5DA.pf --a---- 21730 bytes [03:29 03/08/2015] [03:29 03/08/2015] CEF51308E58DAF60DD538E5437557DD5
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat --a---- 8466 bytes [05:36 14/07/2009] [03:50 14/07/2009] 269E5FA3C985A985563452564BF33697
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.mum --a---- 1269 bytes [05:36 14/07/2009] [02:30 14/07/2009] DC3B2ACF9E015749BE82EC401A245FB1
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat --a---- 8884 bytes [14:31 02/11/2011] [19:07 20/11/2010] EBE84E6B87BE908D69BDA7BA95827C9C
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.mum --a---- 1289 bytes [14:31 02/11/2011] [18:40 20/11/2010] 8EE8BC553B8706F5EE819DC4C5123AA4
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.cat --a---- 9061 bytes [05:29 14/07/2009] [02:59 14/07/2009] 5C3E3389750A46938F6D6F42A849F659
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum --a---- 1223 bytes [05:29 14/07/2009] [20:49 13/07/2009] B3C48453B6AE955CBA1E99FDE3CC431E
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat --a---- 10632 bytes [14:25 02/11/2011] [20:36 20/11/2010] 55D561E5142EBC6278ED6E56B67A6D3B
C:\Windows\servicing\Packages\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum --a---- 1247 bytes [14:25 02/11/2011] [20:22 20/11/2010] 497D15F5CED689291FCA4D5D9703BFD6
C:\Windows\System32\MpSigStub.exe ------- 279656 bytes [15:59 08/09/2010] [16:25 31/05/2012] 77980C9B2B95CD1726C9054FEC145FDD
C:\Windows\System32\psisdecd.dll --a---- 613888 bytes [17:04 01/11/2011] [05:26 17/08/2011] 050AF06F8B0463417E4AED9DA5816A65
C:\Windows\System32\psisrndr.ax --a---- 108032 bytes [17:04 01/11/2011] [05:25 17/08/2011] 78394F2B354BDC28C5C61837872DD132
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.cat --a---- 8466 bytes [05:36 14/07/2009] [03:50 14/07/2009] 269E5FA3C985A985563452564BF33697
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat ----s-- 8884 bytes [14:31 02/11/2011] [19:07 20/11/2010] EBE84E6B87BE908D69BDA7BA95827C9C
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.cat --a---- 9061 bytes [05:29 14/07/2009] [02:59 14/07/2009] 5C3E3389750A46938F6D6F42A849F659
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat ----s-- 10632 bytes [14:25 02/11/2011] [20:36 20/11/2010] 55D561E5142EBC6278ED6E56B67A6D3B
C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\mdmpsion.inf --a---- 15414 bytes [20:40 13/07/2009] [20:40 13/07/2009] 2256068069834580EC049E43B3434ECD
C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\mdmpsion.PNF --a---- 20524 bytes [05:32 14/07/2009] [05:32 14/07/2009] 34781035CE6D93BBCDB112F328BD70A3
C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\MSXPSINC.GPD --a---- 73 bytes [00:38 14/07/2009] [20:59 10/06/2009] 811FFDE93D1FDB8F3A91304422E941A9
C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\MSXPSINC.PPD --a---- 72 bytes [00:38 14/07/2009] [20:59 10/06/2009] 78B5EBD79A120C014F385D5DA1D1BA83
C:\Windows\SysWOW64\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [04:24 17/08/2011] 00ADF21DE55AA97297FAC65E4F3A0256
C:\Windows\SysWOW64\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [04:19 17/08/2011] 68DCA1777D7224A79A9DC3D47BED6D32
C:\Windows\winsxs\amd64_mdmpsion.inf_31bf3856ad364e35_6.1.7600.16385_none_5f62ca049c3c9107\mdmpsion.inf --a---- 15414 bytes [20:40 13/07/2009] [20:40 13/07/2009] 2256068069834580EC049E43B3434ECD
C:\Windows\winsxs\amd64_microsoft-windows-m..ow-gadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e45ff59acede6483\WMPSideShowGadget.exe.mui --a---- 3584 bytes [05:35 14/07/2009] [02:30 14/07/2009] EA15C53D26779F0CF76F556A34E46939
C:\Windows\winsxs\amd64_microsoft-windows-m..yer-sideshow-gadget_31bf3856ad364e35_6.1.7600.16385_none_841e9494c8a32794\WMPSideShowGadget.exe --a---- 165888 bytes [00:24 14/07/2009] [01:39 14/07/2009] 55A5E5AE40755556942C30548550E4C3
C:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0b85afba3ffbc09\rdpsign.exe.mui --a---- 5632 bytes [05:35 14/07/2009] [02:25 14/07/2009] 4DCAF5D551E9DC51F7BC8788B8B4EC99
C:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a2e96ec3a0ee3fa3\rdpsign.exe.mui --a---- 5632 bytes [05:35 14/07/2009] [02:25 14/07/2009] 4DCAF5D551E9DC51F7BC8788B8B4EC99
C:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7600.16385_none_912d4a3fad3a2666\rdpsign.exe --a---- 66048 bytes [00:17 14/07/2009] [01:39 14/07/2009] ED19E8419A366D7606210F8D81BCC3F1
C:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_935e5e07aa28aa00\rdpsign.exe --a---- 66048 bytes [14:55 02/11/2011] [13:25 20/11/2010] 0743AAC1E6A1D6D338B44A7B081E06B2
C:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\ipsita.xml --a---- 2526 bytes [20:40 13/07/2009] [21:08 10/06/2009] 6B64350149EC7A508F9FEB9339C6BE7E
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16385_none_37f229d170c0ab24\psisdecd.dll --a---- 613888 bytes [00:20 14/07/2009] [01:41 14/07/2009] 35663A73894CFCA258D2620CD075A397
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16385_none_37f229d170c0ab24\psisrndr.ax --a---- 108032 bytes [00:20 14/07/2009] [01:38 14/07/2009] 08B3E09C1D8AE4478BFAA75E57832BC6
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16648_none_38207011709d7eda\psisdecd.dll --a---- 613888 bytes [17:26 01/11/2011] [09:46 13/12/2009] 7E6A5600C69A37B3292FBC7CA682CB6E
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16648_none_38207011709d7eda\psisrndr.ax --a---- 108032 bytes [00:20 14/07/2009] [01:38 14/07/2009] 08B3E09C1D8AE4478BFAA75E57832BC6
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16867_none_3809d3bb70ae97b3\psisdecd.dll --a---- 613888 bytes [17:04 01/11/2011] [05:32 17/08/2011] 9FB80AA3B0B89C0CCC47D1E4A8EAA671
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16867_none_3809d3bb70ae97b3\psisrndr.ax --a---- 108032 bytes [17:04 01/11/2011] [05:27 17/08/2011] 8D0F6554FBBE5301D1A070155B52CA18
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.20771_none_38829b1289d9c116\psisdecd.dll --a---- 613888 bytes [17:26 01/11/2011] [06:59 04/08/2010] 91A671E4843AC2BE208D9647C57A0609
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.20771_none_38829b1289d9c116\psisrndr.ax --a---- 108032 bytes [00:20 14/07/2009] [01:38 14/07/2009] 08B3E09C1D8AE4478BFAA75E57832BC6
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.21030_none_38acb66689ba658b\psisdecd.dll --a---- 613888 bytes [17:04 01/11/2011] [05:48 17/08/2011] 7AAE08203D3A373332055960FFA41908
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.21030_none_38acb66689ba658b\psisrndr.ax --a---- 108032 bytes [17:04 01/11/2011] [05:41 17/08/2011] E1F485D6E686B96C28EB1108F709A3A7
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_3a233d996daf2ebe\psisdecd.dll --a---- 613888 bytes [00:20 14/07/2009] [01:41 14/07/2009] 35663A73894CFCA258D2620CD075A397
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_3a233d996daf2ebe\psisrndr.ax --a---- 108032 bytes [14:55 02/11/2011] [13:24 20/11/2010] 92545BE920E55B1677786FB4C183B329
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_39f231556dd3364d\psisdecd.dll --a---- 613888 bytes [17:04 01/11/2011] [05:26 17/08/2011] 050AF06F8B0463417E4AED9DA5816A65
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_39f231556dd3364d\psisrndr.ax --a---- 108032 bytes [17:04 01/11/2011] [05:25 17/08/2011] 78394F2B354BDC28C5C61837872DD132
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_3a545c56870f7889\psisdecd.dll --a---- 613888 bytes [17:04 01/11/2011] [06:15 17/08/2011] 9A65C01C5ABF8F6390B5527AB996822E
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_3a545c56870f7889\psisrndr.ax --a---- 108032 bytes [17:04 01/11/2011] [06:08 17/08/2011] 2BD5A09F53E1B745E9018BB0DDD6E805
C:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7600.16385_none_96f58ea8d463e7df\Amd64\MSXPSINC.GPD --a---- 73 bytes [00:38 14/07/2009] [20:59 10/06/2009] 811FFDE93D1FDB8F3A91304422E941A9
C:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7600.16385_none_96f58ea8d463e7df\Amd64\MSXPSINC.PPD --a---- 72 bytes [00:38 14/07/2009] [20:59 10/06/2009] 78B5EBD79A120C014F385D5DA1D1BA83
C:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_9926a270d1526b79\Amd64\MSXPSINC.GPD --a---- 73 bytes [00:38 14/07/2009] [20:59 10/06/2009] 811FFDE93D1FDB8F3A91304422E941A9
C:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_9926a270d1526b79\Amd64\MSXPSINC.PPD --a---- 72 bytes [00:38 14/07/2009] [20:59 10/06/2009] 78B5EBD79A120C014F385D5DA1D1BA83
C:\Windows\winsxs\Manifests\amd64_mdmpsion.inf_31bf3856ad364e35_6.1.7600.16385_none_5f62ca049c3c9107.manifest --a---- 1106 bytes [05:28 14/07/2009] [05:28 14/07/2009] C75F2BDA00D751667963362ABF695E22
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7600.16385_none_99f2efd7c1c8a28b.manifest --a---- 7073 bytes [02:14 14/07/2009] [02:14 14/07/2009] 0A6A6E6D8055ACEC8A4769814D2EB097
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7601.17514_none_9c24039fbeb72625.manifest ------- 7073 bytes [13:43 02/11/2011] [10:13 20/11/2010] F8855283175403E61478E4C497A6890F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-xpsifilter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d41a1dc65009156.manifest --a---- 2330 bytes [05:35 14/07/2009] [02:44 14/07/2009] B99C3F8AC20BCC43AA3ED6952681A3BD
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-xpsifilter_31bf3856ad364e35_6.1.7600.16385_none_c8ca252034ea6665.manifest --a---- 5284 bytes [02:28 14/07/2009] [02:28 14/07/2009] E5733012429799A5DCAE66D30DC225B7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-xpsifilter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11230658aca32020.manifest --a---- 2328 bytes [05:35 14/07/2009] [02:29 14/07/2009] 81BFDD7A43BE36DECEAE953135C25098
C:\Windows\winsxs\Manifests\x86_microsoft-windows-xpsifilter_31bf3856ad364e35_6.1.7600.16385_none_6cab899c7c8cf52f.manifest --a---- 5280 bytes [01:58 14/07/2009] [01:58 14/07/2009] 30A18D4334DE8EFF2DA7B20571066238
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16385_none_4246d423a5216d1f\psisdecd.dll --a---- 465408 bytes [00:05 14/07/2009] [01:16 14/07/2009] E9CFD3682AB6379E62C7175B07865152
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16385_none_4246d423a5216d1f\psisrndr.ax --a---- 75776 bytes [00:06 14/07/2009] [01:14 14/07/2009] 13FE915D948773F4F270C1CA6F8469FA
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16648_none_42751a63a4fe40d5\psisdecd.dll --a---- 465408 bytes [17:26 01/11/2011] [09:30 13/12/2009] 94BFC2F2072FE2A34D3067AF9FBF72D8
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16648_none_42751a63a4fe40d5\psisrndr.ax --a---- 75776 bytes [00:06 14/07/2009] [01:14 14/07/2009] 13FE915D948773F4F270C1CA6F8469FA
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16867_none_425e7e0da50f59ae\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [04:26 17/08/2011] 8588A439E0468E7DD6E429BB99EA5F1B
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.16867_none_425e7e0da50f59ae\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [04:22 17/08/2011] 8202DAB508199A2EA1F6EEBC24C8A730
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.20771_none_42d74564be3a8311\psisdecd.dll --a---- 465408 bytes [17:26 01/11/2011] [06:22 04/08/2010] 6F3103C8BE740BE32FD1F7CE5DCF018E
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.20771_none_42d74564be3a8311\psisrndr.ax --a---- 75776 bytes [00:06 14/07/2009] [01:14 14/07/2009] 13FE915D948773F4F270C1CA6F8469FA
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.21030_none_430160b8be1b2786\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [04:28 17/08/2011] 04AA543050EE7D585D0826F79DAD252B
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7600.21030_none_430160b8be1b2786\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [04:22 17/08/2011] CB3115F1F7D16C9FB6169B50A25C46D8
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_4477e7eba20ff0b9\psisdecd.dll --a---- 465408 bytes [00:05 14/07/2009] [01:16 14/07/2009] E9CFD3682AB6379E62C7175B07865152
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_4477e7eba20ff0b9\psisrndr.ax --a---- 75776 bytes [14:54 02/11/2011] [12:16 20/11/2010] 71EAF975B87917ADCB26886482F6FB5B
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_4446dba7a233f848\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [04:24 17/08/2011] 00ADF21DE55AA97297FAC65E4F3A0256
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_4446dba7a233f848\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [04:19 17/08/2011] 68DCA1777D7224A79A9DC3D47BED6D32
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_44a906a8bb703a84\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [06:03 17/08/2011] 3AA15A03909FDF4CE73CB797B2AFDA46
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_44a906a8bb703a84\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [05:52 17/08/2011] D8282AEF72F8EADB7D5C7B4AECF187E1
C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_ddd395d1b575c517\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [04:24 17/08/2011] 00ADF21DE55AA97297FAC65E4F3A0256
C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_ddd395d1b575c517\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [04:19 17/08/2011] 68DCA1777D7224A79A9DC3D47BED6D32
C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_de35c0d2ceb20753\psisdecd.dll --a---- 465408 bytes [17:04 01/11/2011] [06:03 17/08/2011] 3AA15A03909FDF4CE73CB797B2AFDA46
C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_de35c0d2ceb20753\psisrndr.ax --a---- 75776 bytes [17:04 01/11/2011] [05:52 17/08/2011] D8282AEF72F8EADB7D5C7B4AECF187E1

Searching for "*Secunia*"
C:\Windows\SecuniaPackage.log --a---- 630 bytes [10:43 20/07/2015] [10:44 20/07/2015] 5E851404B56006C80CCA5A007A5BE649

========== folderfind ==========

Searching for "*PSI*"
C:\Program Files (x86)\Secunia\PSI d------ [10:34 20/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_02012319 d----c- [21:56 21/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_0774f1bd d----c- [23:17 20/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_07f84308 d----c- [00:00 27/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_145888ed d----c- [01:20 27/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_cab_105ff9a9 d----c- [19:13 20/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_2bdccaf7bdabc12fb072681805ad236e1d61148_cab_14e92470 d----c- [01:16 03/08/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_384514fdea7b8cfb1a2a531f4323a82392c81b8_cab_0b7462c7 d----c- [21:10 26/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_051de9c2 d----c- [21:41 29/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_059da987 d----c- [19:39 24/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_088e1f90 d----c- [21:33 28/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0994f6bc d----c- [02:43 31/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0b51f3df d----c- [11:09 24/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0f94674a d----c- [00:04 31/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0fa162a8 d----c- [04:59 28/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0fda1d5f d----c- [07:41 01/08/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_1095cfec d----c- [22:27 01/08/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_12b71f81 d----c- [03:17 02/08/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_13b9d69f d----c- [23:06 27/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_14ad9194 d----c- [22:38 25/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_14ceed2b d----c- [11:54 25/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_15599a7a d----c- [02:57 29/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_cab_0ac3a6f8 d----c- [08:07 22/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_b831079e365ead2bf59c633b3db323316728a_cab_137109cf d----c- [22:31 29/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_c2d72510303c298a1e3eeb363f5efdba32999845_cab_123395e8 d----c- [11:10 23/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_de644591305be2cfd1caacec55b47ab0967877c5_cab_0e809e70 d----c- [10:44 26/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_e770781442625149503bff472bd8f8f9e8ee9a_1574c5ce d----c- [22:22 26/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_e770781442625149503bff472bd8f8f9e8ee9a_cab_109ce780 d----c- [14:32 20/07/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_ff20979dcae9c0f24cb2a02b774641e7ef1b9f3_15923f7f d----c- [16:31 01/08/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_ff20979dcae9c0f24cb2a02b774641e7ef1b9f3_cab_11fdea10 d----c- [00:35 29/07/2015]
C:\Users\Admin\AppData\Local\Secunia PSI d------ [10:35 20/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_02012319 d----c- [21:56 21/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_0774f1bd d----c- [23:17 20/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_07f84308 d----c- [00:00 27/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_145888ed d----c- [01:20 27/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_27876722249d6fe1fefa8bfbdd26e9be9cfd32_cab_105ff9a9 d----c- [19:13 20/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_2bdccaf7bdabc12fb072681805ad236e1d61148_cab_14e92470 d----c- [01:16 03/08/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_384514fdea7b8cfb1a2a531f4323a82392c81b8_cab_0b7462c7 d----c- [21:10 26/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_051de9c2 d----c- [21:41 29/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_059da987 d----c- [19:39 24/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_088e1f90 d----c- [21:33 28/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0994f6bc d----c- [02:43 31/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0b51f3df d----c- [11:09 24/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0f94674a d----c- [00:04 31/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0fa162a8 d----c- [04:59 28/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_0fda1d5f d----c- [07:41 01/08/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_1095cfec d----c- [22:27 01/08/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_12b71f81 d----c- [03:17 02/08/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_13b9d69f d----c- [23:06 27/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_14ad9194 d----c- [22:38 25/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_14ceed2b d----c- [11:54 25/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_15599a7a d----c- [02:57 29/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_66d49e502194872eae5b858092d3686c8e4d5a4_cab_0ac3a6f8 d----c- [08:07 22/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_b831079e365ead2bf59c633b3db323316728a_cab_137109cf d----c- [22:31 29/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_c2d72510303c298a1e3eeb363f5efdba32999845_cab_123395e8 d----c- [11:10 23/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_de644591305be2cfd1caacec55b47ab0967877c5_cab_0e809e70 d----c- [10:44 26/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_e770781442625149503bff472bd8f8f9e8ee9a_1574c5ce d----c- [22:22 26/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_e770781442625149503bff472bd8f8f9e8ee9a_cab_109ce780 d----c- [14:32 20/07/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_ff20979dcae9c0f24cb2a02b774641e7ef1b9f3_15923f7f d----c- [16:31 01/08/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_PSIA.exe_ff20979dcae9c0f24cb2a02b774641e7ef1b9f3_cab_11fdea10 d----c- [00:35 29/07/2015]
C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a d------ [05:31 14/07/2009]
C:\Windows\Temp\Secunia PSI Agent d------ [03:12 02/08/2015]
C:\Windows\winsxs\amd64_mdmpsion.inf_31bf3856ad364e35_6.1.7600.16385_none_5f62ca049c3c9107 d------ [05:29 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7600.16385_none_99f2efd7c1c8a28b d------ [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7601.17514_none_9c24039fbeb72625 d------ [14:10 02/11/2011]
C:\Windows\winsxs\amd64_microsoft-windows-xpsifilter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d41a1dc65009156 d------ [05:37 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-xpsifilter_31bf3856ad364e35_6.1.7600.16385_none_c8ca252034ea6665 d------ [05:30 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-xpsifilter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11230658aca32020 d------ [05:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-xpsifilter_31bf3856ad364e35_6.1.7600.16385_none_6cab899c7c8cf52f d------ [05:30 14/07/2009]

Searching for "*Secunia*"
C:\Program Files (x86)\Secunia d------ [10:34 20/07/2015]
C:\Users\Admin\AppData\Local\Secunia PSI d------ [10:35 20/07/2015]
C:\Windows\Temp\Secunia PSI Agent d------ [03:12 02/08/2015]

-= EOF =-
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 4th, 2015, 10:01 pm

Hi fayfox,

Run this fix. Then for the next 2 days, I need you to run some programs, virus scans, malwarebytes scans, and reboot your computer at least 3 times during the day.
DO NOT install or remove any programs during this time. I hope to find the problem that was causing PSI to make error reports.
Give an update after this scan and tomorrow as to how the computer is performing/responding.
Thank you for your patience,
wbg

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
Code: Select all
C:\Program Files (x86)\Secunia
C:\Users\Admin\AppData\Local\Secunia PSI
C:\Windows\Temp\Secunia PSI Agent
C:\Windows\SecuniaPackage.log
C:\Windows\System32\drivers\psi_mf_amd64.sys
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 5th, 2015, 6:59 am

Hi wbg,
Disabled vipre,internet and ran Farbar.
As for computer performance, today was the first time it froze since I unistalled PSI. Vipre was running a scan, so I tried to close Firefox. Got the same "not responding" message at top of Firefox window, along with the cursor turning into the circle of death. CTRL + ALT + DELETE gave the same error message as all other attempts "Failure to display security and shut down options". I clicked ok and it returned back to desktop. I clicked on the close button for firefox and just let it try and work it out. Eventually, an hour later the message "you are closing multiple tabs" came up. I clicked it and everything was working fine again. I have noticed that when vipre is scanning, the computer does not seem to freeze.
Question, in the Downloads folder, if a program has been uninstalled, shouldn't the executable file be removed as well? I noticed a ccsetup505_slim.exe, chromesetup.exe and realplayercloud.exe. All programs that have been uninstalled.
Another question, Adobe Reader is in my startup list and it's version 9. It keeps giving the message that that version is no longer supported. Would that have caused PSI issues?
Thank you for your patience and help. I'm sorry this is taking so long and I truly appreciate and am envious of your expertise.
Thanks wbg!
fayfox


Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Admin (2015-08-05 06:18:04) Run:5
Running from C:\Users\Admin\Downloads
Loaded Profiles: fay & Admin (Available Profiles: fay & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\Secunia
C:\Users\Admin\AppData\Local\Secunia PSI
C:\Windows\Temp\Secunia PSI Agent
C:\Windows\SecuniaPackage.log
C:\Windows\System32\drivers\psi_mf_amd64.sys
EmptyTemp:

*****************

C:\Program Files (x86)\Secunia => moved successfully.
C:\Users\Admin\AppData\Local\Secunia PSI => moved successfully.
C:\Windows\Temp\Secunia PSI Agent => moved successfully.
C:\Windows\SecuniaPackage.log => moved successfully.
"C:\Windows\System32\drivers\psi_mf_amd64.sys" => File/Folder not found.
EmptyTemp: => 3.5 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 06:18:09 ====
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 5th, 2015, 7:25 am

Hi fayfox,

These files in your downloads folder are the "Installation" programs. They have to be deleted manually. The executable file you are thinking of is in the programs installed folder; "C:\Program Files\SlimCleaner"
Question, in the Downloads folder, if a program has been uninstalled, shouldn't the executable file be removed as well? I noticed a ccsetup505_slim.exe, chromesetup.exe and realplayercloud.exe. All programs that have been uninstalled.


I use Secunia PSI on my Windows 8.1 laptop and no outdated programs have ever caused it to "crash". I think it is another issue that "may have" been caused by slimware replacing a driver that did not need replacing.

Let me know how the computer performs today at the end of the day, and we will look for more.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 5th, 2015, 9:20 pm

Hey wbg,
I haven't been home all day, but during the time I have, the computer is working fine. No freezes today.
I clicked on all the desktop icons today. Some tried to do an automatic update (Origin, Steam). I closed them quickly before update completed. I'm not so sure having me randomly start things won't cause problems :)
Ran malwarebytes, no threats.
Vipre scanned. Just the usual cookies.
Ran Adwcleaner. It found a firefox plugin under files tab. Same entries in Registry for Slimware. Did not clean.
Family Treemaker. On the media tab I got the (not responding) message off and on. It could have just been from data loading? All other choices worked smoothly.
HP Deskjet 3050 J640 Series Scanner. This did not work. 2 error messages. The first said "Scanner is currently in use. Please wait until your previous task is complete and then try scan again." The second message is long, started with "Scanner Unreachable. Scanner communication cannot be established......" My printer is on. Did not use today, but worked just fine yesterday.Although... I've never used the scanner.
Kindle for the Pc was sluggish to start. "not responding" briefly appeared, then was ok.
HP Solution Center. There is an icon for this in startup.This did not work either. Error message said "HP Solution Center cannot run because your device installation is not complete. Please plug in USB cable or re-run the setup program from the install cd for a network installation." I don't remember installing this the first time.
Adobe Photoshop. This one I remember started about the time my computer started freezing. I forgot all about it until now. But when I first open Photoshop, I have the option to sign in with my Adobe ID. Every time I try now, I get the same message: Error -Photoshop.com services are currently unavailable. Please try again later or check your network connection. Error 400.
Ran bigfish games that were on desktop, all worked fine.
Clicked on JRT, but it started doing things I think you forbid me to do, so I closed it as quick as I could.
If this is more info than you need, sorry.
Hope something helps.
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 5th, 2015, 10:07 pm

Hi fayfox,

Go ahead and run JRT and post the log. Let's see what it finds.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 5th, 2015, 10:25 pm

Wow. Looks like it found a bunch of nothing. That's good but not helpful?
Still want me to keep running various programs? I'm looking for something that will not work or cause freezing?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by Admin on Wed 08/05/2015 at 22:10:47.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\5pgaobxx.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/05/2015 at 22:14:35.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 6th, 2015, 12:55 am

Hi wbg,
I ran HitmanPro (only twelve days left). It found a few things I don't think it found in previous scan. I saved copy of log.I have taken no actions.
It looks like I have 3 copies of FRST64.exe, a driveragent64 it doesn't like and some PUPs. One thing I noticed in the scan results screen that is not in the log: it offers to fix gumnotes file not existing.
I ran that at the beginning of our work, and I think I did not run as Admin.
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 6th, 2015, 8:16 pm

Hi fayfox,

Run Hitmanpro as admin and post the screen results, if possible. You got me curious now. And please don't have it fix anything.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 6th, 2015, 9:30 pm

Hi wbg,
Ran scan again as admin, looks like same log as this morning. On both there is one item that appears at very beginning of HitmanPro scan results screen that does not appear in either log. "File does not exist and may cause an error message during starup. Run
C:\ProgramFiles(x86)GumNotes\GumNotes.exe -- offers to delete this. (I did not, either time it was ran:)
Also, got computer to freeze. I ran HPMedia Player to listen to music as I poked around. Before I ran MediaPlayer, my computer was working fine. Was just using firefox, control panel. I closed firefox, opened Mediaplayer and spent about 15 minutes setting up music list. Minimized media player, opened then closed firefox. I decided to pick on IE as I hadn't browsed with it recently. Home page yahoo opened fine. clicked on link to open to a new tab-that's when things started to freeze. IE froze every time I tried to open a second tab. Then I couldn't close anything down, but the entire time MediaPlayer is playing thru my playlist. I eventually got everything closed with the task manager and shut down the computer. I tried to duplicate the problem, but other than IE running pretty sluggish, it did not freeze the second go round.
I think the DriverAgent64 in the Hitmanpro log may be the link I clicked on when trying to figure out if my computer would run the witcher2 on the site systemrequirementslab. Not positive on that.
Here's the log:

Code: Select all
HitmanPro 3.7.9.242
www.hitmanpro.com

   Computer name . . . . : FAY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : fay-PC\Admin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (12 days left)

   Scan date . . . . . . : 2015-08-06 20:56:50
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 59s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 18

   Objects scanned . . . : 2,476,857
   Files scanned . . . . : 121,545
   Remnants scanned  . . : 766,207 files / 1,589,105 keys

Suspicious files ____________________________________________________________

   C:\Users\Admin\Downloads\FRST-OlderVersion\FRST64(1).exe
      Size . . . . . . . : 2,134,528 bytes
      Age  . . . . . . . : 17.4 days (2015-07-20 11:27:53)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72B04B2EB964FD13E132754F6CFC00A87735D1357B5D550B26E6C815843BF969
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Admin\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,168,832 bytes
      Age  . . . . . . . : 17.4 days (2015-07-20 11:26:15)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 6503FD8E07E666D69E0A5B4A17DC4A51CDA903444B353625E3A0195FC8CB8690
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Admin\Downloads\FRST64.exe
      Size . . . . . . . : 2,169,856 bytes
      Age  . . . . . . . : 1.6 days (2015-08-05 05:59:18)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : A56919AD9BE13E05E709A8C675F8727E340FEE89F2E18B85A3034CB66173C2AB
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         C:\Users\Admin\Desktop\FRST64 - Shortcut.lnk


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SYSTEM\ControlSet001\services\DrvAgent64\ (DriverRestore)
   HKLM\SYSTEM\ControlSet002\services\DrvAgent64\ (DriverRestore)
   HKLM\SYSTEM\CurrentControlSet\services\DrvAgent64\ (DriverRestore)
   HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\AppDataLow\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKU\S-1-5-21-765319908-1524800839-1392544109-1000\Software\Yahoo\Companion\ (YahooToolbar)
   HKU\S-1-5-21-765319908-1524800839-1392544109-1003\Software\Yahoo\Companion\ (YahooToolbar)

Cookies _____________________________________________________________________

   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:hearstmagazines.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:in.getclicky.com
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:ru4.com
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:warnerbros.112.2o7.net
   C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\cookies.sqlite:yadro.ru


fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby fayfox » August 6th, 2015, 11:43 pm

Hi wbg,
Computer froze again. I started mediaplayer and just let it run while browsing. When things froze this time, I couldn't even bring up task manager, the same error message"failure to display security and shut down options. The playlist was still playing, even though mediaplayer was completely unresponsive. Just as the computer was starting to shut down, firefox gave a crash message. It did this also on the previous freeze, I forgot to mention it.
fayfox
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm

Re: Proxy override...malware?

Unread postby wannabeageek » August 6th, 2015, 11:46 pm

Hi fayfox,

Thank you for posting the HitmanPro log. You probably have a driver conflict from Simware updates.

Please upload the file per instructions.

Please tell me what brand BIOS is on your motherboard. It shows briefly during startup.

Upload File/Files for testing

Please go to Virustotal or jotti.org

  1. Click the "Choose File" Button
  2. Copy/paste this file and path into the box called "File Name at the bottom:
    C:\Windows\SysWOW64\drivers\DrvAgent64.SYS
  3. Press Open - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Proxy override...malware?

Unread postby fayfox » August 7th, 2015, 12:59 am

Hi wbg,
I restarted my computer about 6 or 7 times, but I could not catch the BIOS name. I ran msinfo32.exe and also regedit(HKEY_LOCAL_MACHINE~HARDWARE~DESCRIPITON~SYSTEM) to look for it. Both ways gave me the info American Megatrends Inc., v5.09 1/22/2010. I hope this is the right brand. If you reeeeally need me to, I can open her up and visually look at the motherboard.
Here are the scan results:

https://www.virustotal.com/en/file/4045 ... 438922753/
fayfox
Regular Member
 
Posts: 88
Joined: July 19th, 2015, 3:16 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware