Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015 Ran by lilian rodriguez (2015-08-01 16:50:50) Run:1 Running from C:\Users\lilian rodriguez\Desktop Loaded Profiles: lilian rodriguez (Available Profiles: lilian rodriguez) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorepoint: CloseProcesses: Task: {627ACB57-9224-4192-BA00-341CBE19DCC6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION C:\Program Files (x86)\MyPC Backup\ Task: {7E5E5B4E-D6B7-4AA1-853F-96603BBFB351} - System32\Tasks\CleanerPro_Start => C:\Program Files (x86)\Cleaner Pro\CleanerPro.exe C:\Program Files (x86)\Cleaner Pro\ Task: {87FBFDF3-60B7-4338-9BE1-C8D34AFA0DCA} - System32\Tasks\SoftwareUpdateTaskMachineUA => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe <==== ATTENTION C:\Program Files (x86)\Software\Update\ Task: {8F9FEBDB-69DB-47D8-B870-096A8003E735} - System32\Tasks\ReviverSoft Start Menu Run once task => C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe [2014-09-17] (ReviverSoft) C:\Program Files\ReviverSoft\ Task: {BD520C03-4F91-4C43-A7F7-55320684177F} - System32\Tasks\CleanerPro_Popup => C:\Program Files (x86)\Cleaner Pro\Splash.exe Task: C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineUA.job => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe <==== ATTENTION 2015-06-17 20:36 - 2015-07-01 08:47 - 00532784 _____ () C:\Users\lilian rodriguez\AppData\Roaming\cacaoweb\cacaoweb.exe FirewallRules: [TCP Query User{201D655E-95E0-40ED-AE29-F4275C74D9D0}C:\users\lilian rodriguez\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\lilian rodriguez\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [UDP Query User{C225D039-6A73-475A-95CC-A3D0A38674F8}C:\users\lilian rodriguez\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\lilian rodriguez\appdata\roaming\cacaoweb\cacaoweb.exe Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.) ShortcutWithArgument: C:\ProgramData\ReviverSoft\Start Menu Reviver\S-1-5-21-3992782600-320336532-2615484944-1001\dashboard.lnk -> C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe (ReviverSoft) -> --dashboard ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Désinstaller.lnk -> C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee, Inc.) -> C:\Program Files\McAfee Security Scan\3.11.149\McAfee.ico ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll (ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe (ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe () C:\Users\lilian rodriguez\AppData\Roaming\cacaoweb\cacaoweb.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe HKLM-x32\...\RunOnce: [Futugopi] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\LILIAN~1\AppData\Local\72EBE3~1\Rebumace.dat" C:\Users\LILIAN~1\AppData\Local\72EBE3~1\Rebumace.dat HKU\S-1-5-21-3992782600-320336532-2615484944-1001\...\Run: [cacaoweb] => C:\Users\lilian rodriguez\AppData\Roaming\cacaoweb\cacaoweb.exe [532784 2015-07-01] () C:\Users\lilian rodriguez\AppData\Roaming\cacaoweb\ AppInit_DLLs-x32: c:/progra~3/{b6625~1/171~1.0/fite.dll => c:\ProgramData\{B6625EA1-E6E0-8F27-5766-FFA587E42C2B}\1.7.1.0\fite.dll [649216 2015-01-06] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-04-17] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Hosts: 0.0.0.1 mssplus.mcafee.com FF Extension: cacaoweb - C:\Users\lilian rodriguez\AppData\Roaming\Mozilla\Firefox\Profiles\2d9d7oz9.default\Extensions\cacaoweb@cacaoweb.org [2015-08-01] FF Extension: SuperManCoupon - C:\Users\lilian rodriguez\AppData\Roaming\Mozilla\Firefox\Profiles\2d9d7oz9.default\Extensions\xxtvjaupqdhidkhg@eaktxapmsscrdgivw.com [2015-05-05] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.) R2 StartMenuReviverService; C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe [765048 2014-09-17] (ReviverSoft) S2 28964cc3; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TerminusEdit\TerminusEdit.dll",serv c:\Program Files (x86)\TerminusEdit 2015-07-24 19:54 - 2015-07-24 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-07-24 19:54 - 2015-07-24 19:54 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-06-17 20:36 - 2015-08-01 14:56 - 00000000 ____D C:\Users\lilian rodriguez\AppData\Roaming\cacaoweb 2015-06-17 20:36 - 2015-08-01 13:31 - 00532784 _____ C:\Users\lilian rodriguez\Desktop\cacaoweb.exe 2015-06-17 20:35 - 2015-06-17 20:35 - 00515888 _____ C:\Users\lilian rodriguez\Downloads\cacaoweb.exe 2015-07-24 19:54 - 2015-04-17 15:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan C:\ProgramData\StartMenuReviver.exe cmd: ipconfig /flushdns Hosts: removeproxy: emptytemp: ***************** Restore point was successfully created. Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{627ACB57-9224-4192-BA00-341CBE19DCC6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{627ACB57-9224-4192-BA00-341CBE19DCC6}" => key removed successfully C:\Windows\System32\Tasks\LaunchSignup => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully "C:\Program Files (x86)\MyPC Backup" => File/Folder not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E5E5B4E-D6B7-4AA1-853F-96603BBFB351}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E5E5B4E-D6B7-4AA1-853F-96603BBFB351}" => key removed successfully C:\Windows\System32\Tasks\CleanerPro_Start => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CleanerPro_Start" => key removed successfully "C:\Program Files (x86)\Cleaner Pro" => File/Folder not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87FBFDF3-60B7-4338-9BE1-C8D34AFA0DCA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FBFDF3-60B7-4338-9BE1-C8D34AFA0DCA}" => key removed successfully C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoftwareUpdateTaskMachineUA" => key removed successfully C:\Program Files (x86)\Software\Update => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F9FEBDB-69DB-47D8-B870-096A8003E735}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F9FEBDB-69DB-47D8-B870-096A8003E735}" => key removed successfully C:\Windows\System32\Tasks\ReviverSoft Start Menu Run once task => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReviverSoft Start Menu Run once task" => key removed successfully C:\Program Files\ReviverSoft => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD520C03-4F91-4C43-A7F7-55320684177F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD520C03-4F91-4C43-A7F7-55320684177F}" => key removed successfully C:\Windows\System32\Tasks\CleanerPro_Popup => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CleanerPro_Popup" => key removed successfully C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineUA.job => moved successfully. C:\Users\lilian rodriguez\AppData\Roaming\cacaoweb\cacaoweb.exe => moved successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{201D655E-95E0-40ED-AE29-F4275C74D9D0}C:\users\lilian rodriguez\appdata\roaming\cacaoweb\cacaoweb.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C225D039-6A73-475A-95CC-A3D0A38674F8}C:\users\lilian rodriguez\appdata\roaming\cacaoweb\cacaoweb.exe => value removed successfully Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.) => Error: No automatic fix found for this entry. C:\ProgramData\ReviverSoft\Start Menu Reviver\S-1-5-21-3992782600-320336532-2615484944-1001\dashboard.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Désinstaller.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk => Shortcut argument removed successfully. C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe => No running process found C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe => No running process found C:\Users\lilian rodriguez\AppData\Roaming\cacaoweb\cacaoweb.exe => No running process found C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe => No running process found HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Futugopi => value removed successfully C:\Users\LILIAN~1\AppData\Local\72EBE3~1\Rebumace.dat => moved successfully. HKU\S-1-5-21-3992782600-320336532-2615484944-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cacaoweb => value removed successfully C:\Users\lilian rodriguez\AppData\Roaming\cacaoweb => moved successfully. "c:/progra~3/{b6625~1/171~1.0/fite.dll" => Value data removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully. C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe => moved successfully. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully. "HKLM\SOFTWARE\Policies\Google" => key removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully. Hosts restored successfully. C:\Users\lilian rodriguez\AppData\Roaming\Mozilla\Firefox\Profiles\2d9d7oz9.default\Extensions\cacaoweb@cacaoweb.org => moved successfully. C:\Users\lilian rodriguez\AppData\Roaming\Mozilla\Firefox\Profiles\2d9d7oz9.default\Extensions\xxtvjaupqdhidkhg@eaktxapmsscrdgivw.com => moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found. McComponentHostService => service removed successfully StartMenuReviverService => service removed successfully 28964cc3 => service removed successfully c:\Program Files (x86)\TerminusEdit => moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus => moved successfully. C:\Program Files\McAfee Security Scan => moved successfully. "C:\Users\lilian rodriguez\AppData\Roaming\cacaoweb" => File/Folder not found. C:\Users\lilian rodriguez\Desktop\cacaoweb.exe => moved successfully. C:\Users\lilian rodriguez\Downloads\cacaoweb.exe => moved successfully. C:\ProgramData\McAfee Security Scan => moved successfully. C:\ProgramData\StartMenuReviver.exe => moved successfully. ========= ipconfig /flushdns ========= Configuration IP de Windows Cache de r‚solution DNS vid‚. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully. Hosts restored successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-3992782600-320336532-2615484944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-3992782600-320336532-2615484944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= EmptyTemp: => 5.2 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 16:53:25 ====