CreateRestorePoint:
() C:\Users\New User\AppData\Roaming\9B45D880-1425308552-11E1-93C8-047D7B6646C7\jnsuBBA5.tmp
() C:\Program Files (x86)\dataup\dataup.exe
() C:\Users\New User\AppData\Roaming\9B45D880-1425308552-11E1-93C8-047D7B6646C7\nsz4C88.tmpfs
() C:\Windows\rcore.exe
() C:\ProgramData\Online\updater.exe
(Super PC Tools Ltd) C:\ProgramData\{d9a6106a-1c74-cc0f-d9a6-6106a1c741a8}\SuperOptimizerInstaller.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_us_265] => [X]
HKLM-x32\...\Run: [gmsd_us_275] => [X]
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\MountPoints2: {cff3b6be-cbaa-11e4-a191-00038a000015} - E:\AutoRun.exe
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\MountPoints2: {fa87911e-63d2-11e1-80d5-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-18\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\New User\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
AppInit_DLLs-x32: c:/progra~3/{df443~1/192~1.1/dimo.dll => "c:\progra~3\{df443~1\192~1.1\dimo.dll" File Not Found
Startup: C:\Users\New User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizerInstaller.lnk
ShortcutTarget: SuperOptimizerInstaller.lnk -> C:\ProgramData\{d9a6106a-1c74-cc0f-d9a6-6106a1c741a8}\SuperOptimizerInstaller.exe (Super PC Tools Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://taplika.com/?...r=388742277&ir=
SearchScopes: HKU\.DEFAULT -> {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = http://www.basicserv...s={searchTerms}
SearchScopes: HKU\S-1-5-21-3917243199-554470053-2731875590-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=388742277&ir=
SearchScopes: HKU\S-1-5-21-3917243199-554470053-2731875590-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://taplika.com/r...r=388742277&ir=
Toolbar: HKLM - No Name - {7223C9FC-65A6-491F-AAA7-62DBF4641C6D} -  No File
Toolbar: HKU\S-1-5-21-3917243199-554470053-2731875590-1000 -> No Name - {7223C9FC-65A6-491F-AAA7-62DBF4641C6D} -  No File
Toolbar: HKU\S-1-5-21-3917243199-554470053-2731875590-1000 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} -  No File
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
CHR StartupUrls: Profile 1 -> "hxxp://daycalc.appspot.com/09/22/2012", "hxxp://www.gmail.com/", "hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11411&pf=V7&trgb=CR&p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_35.0.1916.153&apn_uid=72F953BF-113E-46A7-84EE-733BF68F1F49&itbv=12.15.1.20&doi=2014-07-27&psv=&pt=tb", "hxxp://google.com/", "hxxp://www.trovi.com/?gd=&ctid=CT3324803&octid=EB_ORIGINAL_CTID&ISID=MA9B1F09D-C72D-4F69-8012-C4E1F6AEF924&SearchSource=55&CUI=&UM=8&UP=SP4ECA6549-E0F1-480A-BD08-30C8C7BC627B&D=031615&SSPV="
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdmdjfpocfbldkjgocmihobobmpnckaa] - C:\Users\New User\AppData\Local\CRE\fdmdjfpocfbldkjgocmihobobmpnckaa.crx [Not Found]
CHR HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\New User\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [Not Found]
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\New User\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [edjionickmdagfblofjmidnkiljiflah] - C:\ProgramData\Coolyou\edjionickmdagfblofjmidnkiljiflah.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fdmdjfpocfbldkjgocmihobobmpnckaa] - C:\Users\New User\AppData\Local\CRE\fdmdjfpocfbldkjgocmihobobmpnckaa.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\New User\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\New User\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [Not Found]
S3 Ant App service; C:\Program Files (x86)\Ant.com\File1 Package Manager\AppService.exe [504816 2013-02-05] (Helios Technologies Ltd)
R2 cehufofi; C:\Users\New User\AppData\Roaming\9B45D880-1425308552-11E1-93C8-047D7B6646C7\jnsuBBA5.tmp [103424 2015-03-02] () [File not signed]
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [73728 2014-12-11] () [File not signed] <==== ATTENTION
R2 rcores; C:\windows\rcore.exe [4686848 2015-02-02] () [File not signed]
R2 UpWork; C:\ProgramData\Online\updater.exe [404480 2015-03-02] () [File not signed]
S2 windowsmanagementservice; C:\Users\New User\AppData\Local\Temp\20150316\ct.exe [725504 2015-01-20] () [File not signed]
R2 pizegyhy; C:\Users\New User\AppData\Roaming\9B45D880-1425308552-11E1-93C8-047D7B6646C7\nsz4C88.tmpfs [X]
R1 {21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gw64; C:\Windows\System32\drivers\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gw64.sys [48784 2015-03-16] (StdLib)
S1 itnfd_1_10_0_9; system32\drivers\itnfd_1_10_0_9.sys [X]
2015-03-16 00:12 - 2015-03-16 02:24 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gw64.sys
2015-03-09 04:11 - 2015-03-09 04:11 - 00000000 ____D () C:\Users\New User\AppData\Local\BreakingNewsAlert
2015-03-03 05:55 - 2015-03-03 05:55 - 00613067 _____ (CMI Limited) C:\Users\New User\AppData\Local\nsr5816.tmp
2015-03-02 18:12 - 2015-03-08 06:12 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-02 17:40 - 2015-03-03 06:25 - 00000000 ____D () C:\Program Files (x86)\Tuneup computer
2015-03-02 17:40 - 2015-03-02 17:40 - 00003696 _____ () C:\windows\System32\Tasks\boosterpop
2015-03-02 17:40 - 2015-03-02 17:40 - 00003694 _____ () C:\windows\System32\Tasks\IEError
2015-03-02 17:40 - 2015-03-02 17:40 - 00003510 _____ () C:\windows\System32\Tasks\AI_Updater
2015-03-02 17:39 - 2015-03-02 17:39 - 00000000 ____D () C:\Users\New User\AppData\Local\PCTuner
2015-03-02 17:28 - 2015-03-02 17:28 - 00613067 _____ (CMI Limited) C:\Users\New User\AppData\Local\nsu3D9F.tmp
2015-03-02 17:28 - 2015-03-02 17:28 - 00000000 __SHD () C:\Users\New User\AppData\Roaming\AnyProtectEx
2015-03-02 17:17 - 2015-03-02 17:17 - 00000000 ____D () C:\BreakingNewsAlert
2015-03-02 17:13 - 2015-03-02 23:47 - 00008560 _____ () C:\windows\SysWOW64\BasementDusterOff.ini
2015-03-02 17:13 - 2015-03-02 23:47 - 00008560 _____ () C:\windows\system32\BasementDusterOff.ini
2015-03-02 17:13 - 2015-02-24 03:51 - 00318808 _____ (OM Inc.) C:\windows\SysWOW64\BDL.dll
2015-03-02 17:09 - 2015-03-09 04:07 - 00000000 ____D () C:\Users\New User\AppData\Local\SmartWeb
2015-03-02 17:09 - 2015-03-02 17:09 - 00004052 _____ () C:\windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-03-02 17:09 - 2015-03-02 17:09 - 00003664 _____ () C:\windows\System32\Tasks\IE_ERR4WDR
2015-03-02 17:09 - 2015-03-02 17:09 - 00003640 _____ () C:\windows\System32\Tasks\HDNINSTSCHD
2015-03-02 17:09 - 2015-03-02 17:09 - 00003506 _____ () C:\windows\System32\Tasks\UPDTEXE4_WDR
2015-03-02 17:08 - 2015-03-03 06:39 - 00000000 ____D () C:\Program Files (x86)\Portable WeatherApp
2015-03-02 16:31 - 2015-03-02 16:31 - 00000000 ____D () C:\Users\New User\AppData\Roaming\9B45D880-1425313884-11E1-93C8-047D7B6646C7
2015-03-02 16:12 - 2015-03-02 16:12 - 00003190 _____ () C:\windows\System32\Tasks\DoctorPC_Start
2015-03-02 16:11 - 2015-03-02 16:11 - 00000000 ____D () C:\Users\New User\AppData\Local\Doctor_PC
2015-03-02 16:10 - 2015-03-02 23:50 - 00000000 ____D () C:\Users\New User\Documents\DoctorPC
2015-03-02 16:06 - 2015-03-20 05:08 - 00000000 ____D () C:\Users\New User\AppData\Local\Deployment
2015-03-02 16:05 - 2015-03-15 14:11 - 00000000 ____D () C:\Users\New User\AppData\Roaming\et
2015-03-02 16:05 - 2015-03-02 16:05 - 00000000 ____D () C:\ProgramData\uc
2015-03-02 16:04 - 2015-03-10 18:45 - 00000000 ____D () C:\ProgramData\a5srv5task
2015-03-02 15:55 - 2015-03-09 04:11 - 00000000 ____D () C:\ProgramData\CFvZAfrKU
2015-03-02 15:53 - 2015-03-02 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-03-02 15:53 - 2015-02-02 05:42 - 04686848 _____ () C:\windows\rcore.exe
2015-03-02 15:17 - 2015-03-02 15:17 - 00274045 _____ () C:\Users\New User\AppData\Local\dsi1.dat
2015-03-02 15:17 - 2015-03-02 15:17 - 00161916 _____ () C:\Users\New User\AppData\Local\dsi2.dat
2015-03-02 15:01 - 2015-03-10 18:46 - 00000000 ____D () C:\ProgramData\d3fdac2f0000255e
2015-03-02 14:32 - 2015-03-21 23:11 - 00000000 ____D () C:\Program Files\shopperz
2015-03-02 14:32 - 2015-03-21 18:08 - 00000045 _____ () C:\user.js
2015-03-02 14:32 - 2015-03-02 15:17 - 00002017 _____ () C:\windows\patsearch.bin
2015-03-02 14:32 - 2015-03-02 14:32 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webTinstMK_01009.Wdf
2015-03-02 14:30 - 2015-03-02 14:56 - 00000000 ____D () C:\Users\New User\AppData\Local\gmsd_us_265
2015-03-02 14:30 - 2015-03-02 14:30 - 00003782 _____ () C:\windows\System32\Tasks\PostPoneInstall
2015-03-02 14:30 - 2015-03-02 14:30 - 00003170 _____ () C:\windows\System32\Tasks\Run_Bobby_Browser
2015-03-02 14:27 - 2015-03-21 20:02 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2015-03-02 14:26 - 2015-03-21 23:10 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-03-02 14:26 - 2015-03-21 19:50 - 00000000 ____D () C:\Program Files (x86)\GU Player
2015-03-02 14:26 - 2015-03-02 15:19 - 00000000 ____D () C:\ProgramData\{d9a6106a-1c74-cc0f-d9a6-6106a1c741a8}
2015-03-02 14:26 - 2015-03-02 15:19 - 00000000 ____D () C:\ProgramData\{9c4d2de5-1c79-57c2-9c4d-d2de51c7b794}
2015-03-02 14:26 - 2015-03-02 14:48 - 00000000 ____D () C:\Program Files (x86)\Regprocleaner
2015-03-02 14:26 - 2015-03-02 14:26 - 00000000 ____D () C:\Users\New User\AppData\Local\Bypass
2015-03-02 14:26 - 2015-03-02 14:26 - 00000000 ____D () C:\ProgramData\u2c
2015-03-02 14:26 - 2015-03-02 14:26 - 00000000 ____D () C:\ProgramData\PastaLeadsAgent
2015-03-02 14:26 - 2015-03-02 14:26 - 00000000 ____D () C:\Program Files (x86)\dataup
2015-03-02 14:26 - 2015-03-02 14:26 - 00000000 ____D () C:\Program Files (x86)\data_up
2015-03-02 14:25 - 2015-03-02 14:26 - 00000000 ____D () C:\ProgramData\Online
2015-03-21 18:05 - 2013-01-11 20:49 - 00000000 ____D () C:\Program Files (x86)\Ant.com
Task: {120E8F47-6EA1-42F2-B0FC-E7279BD0A352} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\New User\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {1561AEF0-B84C-4392-A72D-71C923783DDD} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe
Task: {3A626E56-2169-4625-BB78-28A6F7A1687A} - System32\Tasks\DoctorPC_Start => C:\Program Files (x86)\Doctor PC\DoctorPC.exe
Task: {52BBC3D8-6417-4D04-BA1D-89EBDACF245E} - System32\Tasks\boosterpop => C:\Program Files (x86)\Tuneup computer\Probsalert.exe
Task: {5978764C-9848-4243-BE7F-F426014126A3} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313435303130393739352d3455416c555a2a5723416c34 => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {92E3745A-8505-4C6A-BB9D-01A1B7BBFA2D} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe
Task: {93BD32F0-BC63-4450-B766-057FA6B3E05F} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {94897E48-6CB2-4B82-8482-208BB309C947} - System32\Tasks\PostPoneInstall => C:\Users\NEWUSE~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {AC3B2EBB-67FD-445F-98C7-A5652B142BD6} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {B3DFADE0-6D34-4473-99BA-743441195E6D} - System32\Tasks\Run_Bobby_Browser => C:\Users\New User\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {B732D8B6-6014-436E-A756-EE5A858EF304} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer\updater.exe
Task: {E8174CD9-60C3-4A17-900B-5669842A5BF3} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat [2015-03-11] ()
Task: {F80CFB63-475F-4D94-8542-594DDAFA6D6D} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer\Popialert.exe
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
2015-01-20 16:53 - 2015-01-20 16:53 - 00725504 _____ () C:\Users\New User\AppData\Local\Temp\20150316\ct.exe
S1 cherimoya; system32\drivers\cherimoya.sys [X]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
2015-03-02 14:36 - 2015-03-21 23:17 - 00000980 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-03-02 14:36 - 2015-03-21 23:17 - 00000976 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-03-02 14:36 - 2015-03-02 17:12 - 00003978 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-03-02 14:36 - 2015-03-02 17:12 - 00003724 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
C:\Program Files (x86)\globalUpdate
EmptyTemp:
cmd: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Hosts: