Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infected computer [Solved]


  • This topic is locked This topic is locked

#1
carebear04

carebear04

    New Member

  • Member
  • Pip
  • 4 posts

I am working on my daughters computer and am thinking she has spyware issues. Had to fight to download a new browser (Chrome) due to not being able to get anything to work on Internet Explorer without getting pop-ups ad fake Windows security alerts. Her computer is also running super slow and is to the point that she does not even play on her own computer because she can not do anything. I have restored the computer back to January 2015 date because before doing that I could not get anything at all to work on the internet. Below are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by Kerri (administrator) on KERRI (10-10-2015 00:09:54)
Running from C:\Users\Kerri\Desktop
Loaded Profiles: Kerri (Available Profiles: Kerri)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
() C:\Program Files (x86)\Solution Real\updateSolutionReal.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.26\OptProSmartScan.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [OfferBoulevard] => C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe [378888 2014-09-09] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.26\OptProLauncher.exe [148048 2015-01-06] (PC Utilities Software Limited)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
Startup: C:\Users\Kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2014-05-11]
ShortcutTarget: IMVU.lnk -> C:\Users\Kerri\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50359;https=127.0.0.1:50359
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F5B27B23-926A-45AB-B151-31B474FF1A30}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://Vosteran.com/?f=1&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> DefaultScope {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^man000^YYA^&ptb=B04A13E7-F7AB-46AA-950E-BE13EC599A59&psa=&ind=2014062917&st=sb&n=780c2945&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> DefaultScope {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^man000^YYA^&ptb=B04A13E7-F7AB-46AA-950E-BE13EC599A59&psa=&ind=2014062917&st=sb&n=780c2945&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-05-20] (Microsoft Corporation)
BHO: dealsteeR -> {36fc43c3-e717-4159-a945-81bdbb1b510d} -> C:\ProgramData\dealsteeR\h1SIgDS9S9Ws4y.x64.dll [2015-01-11] ()
BHO: saaveitkeep. -> {ae18ecdc-f14b-49f3-847d-5e781c7faff7} -> C:\ProgramData\saaveitkeep\ffgo6tGUWjWeU2.x64.dll [2015-01-11] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
BHO-x32: Solution Real 1.0.0.6 -> {1bb456da-878f-44a5-b013-4bfe0ae02fce} -> C:\Program Files (x86)\Solution Real\SolutionRealbho.dll [2015-01-09] (Solution Real)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-06-20] (Microsoft Corporation)
BHO-x32: dealsteeR -> {36fc43c3-e717-4159-a945-81bdbb1b510d} -> C:\ProgramData\dealsteeR\h1SIgDS9S9Ws4y.dll [2015-01-11] ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-05] (Oracle Corporation)
BHO-x32: saaveitkeep. -> {ae18ecdc-f14b-49f3-847d-5e781c7faff7} -> C:\ProgramData\saaveitkeep\ffgo6tGUWjWeU2.dll [2015-01-11] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-05] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\1.bin\NPgtEISB.dll [2013-12-25] (GamingWonderland)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2947971214-2564108716-2143810627-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kerri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-14] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-11-30]
FF HKLM-x32\...\Firefox\Extensions: [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] - 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => not found
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 0\extensions\{[email protected]} => not found
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 1\extensions\{[email protected]} => not found
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-10]
CHR Extension: (Google Docs) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-09]
CHR Extension: (Google Drive) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-09]
CHR Extension: (YouTube) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Google Search) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-09]
CHR Extension: (Google Sheets) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-10]
CHR Extension: (Google Docs Offline) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-10]
CHR Extension: (Norton Identity Safe) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-10-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-09]
CHR Extension: (Norton Security Toolbar) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-10]
CHR Extension: (Gmail) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 afa5aa21; c:\Program Files (x86)\SystemEnterprise\SystemEnterprise.dll [2286080 2015-01-10] () [File not signed]
R2 b0551d12; c:\Program Files (x86)\Optimizer Pro 3.26\OptProMon.dll [2763344 2015-01-09] () <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2015-01-09] (RaMMicHaeL)
R2 Update Solution Real; C:\Program Files (x86)\Solution Real\updateSolutionReal.exe [529656 2015-01-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-29] (Symantec Corporation)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131227.001\IDSvia64.sys [521944 2013-12-20] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131228.006\ENG64.SYS [126040 2013-12-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131228.006\EX64.SYS [2099288 2013-12-21] (Symantec Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-16] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 00:11 - 2015-10-10 00:11 - 00001079 _____ C:\Users\Kerri\Desktop\Super Optimizer.lnk
2015-10-10 00:11 - 2015-10-10 00:11 - 00000352 _____ C:\Windows\Tasks\Superclean.job
2015-10-10 00:11 - 2015-10-10 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-10-10 00:11 - 2015-10-10 00:11 - 00000000 ____D C:\ProgramData\{083b5f04-dece-0d40-083b-b5f04dec7c13}
2015-10-10 00:09 - 2015-10-10 00:10 - 00023275 _____ C:\Users\Kerri\Desktop\FRST.txt
2015-10-10 00:08 - 2015-10-10 00:08 - 02194944 _____ (Farbar) C:\Users\Kerri\Desktop\FRST64.exe
2015-10-10 00:06 - 2015-10-10 00:09 - 00000000 ____D C:\FRST
2015-10-10 00:06 - 2015-10-10 00:06 - 02194944 _____ (Farbar) C:\Users\Kerri\Downloads\FRST64 (1).exe
2015-10-10 00:05 - 2015-10-10 00:05 - 02194944 _____ (Farbar) C:\Users\Kerri\Downloads\FRST64.exe
2015-10-10 00:03 - 2015-10-10 00:03 - 01698304 _____ (Farbar) C:\Users\Kerri\Downloads\FRST.exe
2015-10-09 23:59 - 2015-10-09 23:59 - 00002250 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-09 23:59 - 2015-10-09 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-09 19:54 - 2015-10-09 19:54 - 00000000 ____D C:\Users\Kerri\Documents\Super Optimizer
2015-10-09 19:54 - 2015-10-09 19:54 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\Super Optimizer
2015-10-09 19:51 - 2015-10-09 19:51 - 00000000 _____ C:\Users\Kerri\AppData\Local\Temp.dat
2015-10-09 19:48 - 2015-10-09 21:39 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-10-09 19:47 - 2015-10-09 21:38 - 00000000 ____D C:\ProgramData\{7055f81c-1e73-dd53-7055-5f81c1e7e070}
2015-09-13 08:25 - 2015-10-09 21:34 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 00:03 - 2013-11-29 19:50 - 00000000 ____D C:\Users\Kerri\AppData\Local\Packages
2015-10-10 00:03 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-10 00:02 - 2014-12-26 23:02 - 00000304 _____ C:\Windows\Tasks\PennyBee.job
2015-10-10 00:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-09 23:59 - 2013-11-29 22:58 - 00000000 ____D C:\Users\Kerri\AppData\Local\Google
2015-10-09 23:59 - 2013-10-16 22:41 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-09 23:56 - 2013-10-16 22:06 - 01298492 _____ C:\Windows\WindowsUpdate.log
2015-10-09 23:55 - 2013-11-29 19:56 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2947971214-2564108716-2143810627-1001
2015-10-09 23:53 - 2014-07-09 23:09 - 00000000 ____D C:\ProgramData\Npackd
2015-10-09 23:52 - 2014-07-09 22:52 - 00000304 _____ C:\Windows\Tasks\Rocket Updater.job
2015-10-09 23:51 - 2013-11-29 19:55 - 00000000 ___DO C:\Users\Kerri\SkyDrive
2015-10-09 23:50 - 2014-05-11 12:11 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\IMVU
2015-10-09 23:50 - 2013-11-29 19:47 - 00000000 ____D C:\Users\Kerri
2015-10-09 23:50 - 2013-10-16 22:41 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-09 23:33 - 2015-01-09 22:33 - 00000304 _____ C:\Windows\Tasks\WSE_Vosteran.job
2015-10-09 23:28 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-09 23:25 - 2013-10-16 22:41 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-09 23:14 - 2013-09-12 23:25 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-09 23:06 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 23:05 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-10-09 23:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
2015-10-09 23:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-10-09 23:00 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\servicing
2015-10-09 22:59 - 2014-11-01 15:27 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2015-10-09 22:59 - 2014-08-14 11:25 - 00000000 ____D C:\Windows\Minidump
2015-10-09 22:58 - 2015-01-09 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-10-09 22:58 - 2014-11-01 13:35 - 00000000 ____D C:\ProgramData\UltraCoupon
2015-10-09 22:58 - 2014-05-20 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-09 22:58 - 2013-11-30 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-09 22:58 - 2013-11-30 18:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-09 22:58 - 2013-11-30 18:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-09 22:58 - 2013-10-16 22:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-10-09 21:54 - 2014-07-11 08:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-09 21:54 - 2013-08-22 15:12 - 00000000 ____D C:\Windows\ShellNew
2015-10-09 21:54 - 2013-08-22 15:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 __RSD C:\Windows\Media
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\MSDRM
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\MSDRM
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\icsxml
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Camera
2015-10-09 21:54 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\oobe
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\sppui
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\ras
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Bthprops
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\WinMetadata
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system\Speech
2015-10-09 21:53 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-10-09 21:53 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-10-09 21:52 - 2014-12-30 00:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___SD C:\Windows\system32\dsc
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sppui
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\setup
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\ras
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\ias
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Com
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Bthprops
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\MediaViewer
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\L2Schemas
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\IME
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\FileManager
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\addins
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-10-09 21:52 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Sysprep
2015-10-09 21:52 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Dism
2015-10-09 21:44 - 2013-10-16 22:36 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ___SD C:\Windows\system32\Configuration
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\IME
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\InputMethod
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\IME
2015-10-09 21:43 - 2015-01-09 22:35 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-10-09 21:43 - 2015-01-09 22:35 - 00000000 ____D C:\Users\Kerri\AppData\Local\Vosteran
2015-10-09 21:43 - 2015-01-09 22:33 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\WSE_Vosteran
2015-10-09 21:40 - 2015-01-11 09:47 - 00000000 ____D C:\ProgramData\saaveitkeep
2015-10-09 21:40 - 2015-01-11 09:46 - 00000000 ____D C:\ProgramData\dealsteeR
2015-10-09 21:40 - 2013-10-16 22:06 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-09 21:40 - 2013-09-12 23:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-09 21:40 - 2013-09-12 23:53 - 00000000 ____D C:\ProgramData\Norton
2015-10-09 21:39 - 2015-06-25 14:14 - 00000000 ____D C:\Program Files (x86)\RoyalCCOupon
2015-10-09 21:39 - 2015-06-21 14:56 - 00000000 ____D C:\Program Files (x86)\Instair New Tab
2015-10-09 21:39 - 2015-06-21 12:56 - 00000000 ____D C:\Program Files (x86)\RoyaleCoaupon
2015-10-09 21:39 - 2015-06-21 12:56 - 00000000 ____D C:\Program Files (x86)\RoyaLCoouipon
2015-10-09 21:39 - 2015-06-21 12:38 - 00000000 ____D C:\Program Files (x86)\ClickForSealEE
2015-10-09 21:39 - 2015-06-21 12:38 - 00000000 ____D C:\Program Files (x86)\ClickFOrSAlee
2015-10-09 21:39 - 2015-06-21 12:37 - 00000000 ____D C:\Program Files (x86)\CClicckForSaalee
2015-10-09 21:39 - 2015-06-21 12:35 - 00000000 ____D C:\Program Files (x86)\IP Address
2015-10-09 21:39 - 2015-03-07 14:17 - 00000000 ____D C:\Program Files (x86)\ShopperMaaster
2015-10-09 21:39 - 2015-02-17 20:03 - 00000000 ____D C:\Program Files (x86)\ExettraSohoopper
2015-10-09 21:39 - 2015-02-17 20:02 - 00000000 ____D C:\Program Files (x86)\FlaSHCeoupon
2015-10-09 21:39 - 2015-02-13 22:55 - 00000000 ____D C:\Program Files (x86)\PerroShhopper
2015-10-09 21:39 - 2015-02-13 22:36 - 00000000 ____D C:\Program Files (x86)\saVingtoyaou
2015-10-09 21:39 - 2015-02-13 22:36 - 00000000 ____D C:\Program Files (x86)\DiscOuNtLoCAtor
2015-10-09 21:39 - 2015-01-10 14:10 - 00000000 ____D C:\Program Files (x86)\SystemEnterprise
2015-10-09 21:39 - 2015-01-09 22:33 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-10-09 21:39 - 2014-12-29 21:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-09 21:39 - 2014-12-26 23:02 - 00000000 ____D C:\Program Files (x86)\OfferBoulevard
2015-10-09 21:39 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-09 21:38 - 2015-02-18 22:19 - 00000000 ____D C:\ProgramData\ProductData
2015-10-09 21:38 - 2015-02-18 22:19 - 00000000 ____D C:\ProgramData\IObit
2015-10-09 21:36 - 2015-02-18 22:19 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\IObit
2015-10-09 21:36 - 2015-02-18 22:19 - 00000000 ____D C:\Users\Kerri\AppData\LocalLow\IObit
2015-10-09 20:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
2015-10-09 19:49 - 2015-02-18 21:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-09 19:44 - 2015-02-17 21:41 - 00000000 ____D C:\Program Files\CCleaner
 
==================== Files in the root of some directories =======
 
2014-08-10 16:52 - 2015-01-24 18:33 - 0000131 _____ () C:\Users\Kerri\AppData\Roaming\WB.CFG
2015-01-10 10:33 - 2015-01-10 10:33 - 0000010 _____ () C:\Users\Kerri\AppData\Local\DSI.DAT
2015-01-10 10:33 - 2015-01-10 10:33 - 0022528 _____ () C:\Users\Kerri\AppData\Local\dsisetup9847691712.exe
2015-10-09 19:51 - 2015-10-09 19:51 - 0000000 _____ () C:\Users\Kerri\AppData\Local\Temp.dat
2013-10-16 22:12 - 2013-10-16 22:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Kerri\AppData\Local\Temp\optprosetup.exe
C:\Users\Kerri\AppData\Local\Temp\supoptsetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-02 18:26
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by Kerri (2015-10-10 00:12:00)
Running from C:\Users\Kerri\Desktop
Windows 8.1 (X64) (2013-11-29 23:49:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2947971214-2564108716-2143810627-500 - Administrator - Disabled)
Guest (S-1-5-21-2947971214-2564108716-2143810627-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2947971214-2564108716-2143810627-1003 - Limited - Enabled)
Kerri (S-1-5-21-2947971214-2564108716-2143810627-1001 - Administrator - Enabled) => C:\Users\Kerri
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B280788C-B671-E08D-4219-CE907B7BFF75}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
dealsteeR (HKLM-x32\...\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}) (Version:  - "") <==== ATTENTION
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
saaveitkeep. (HKLM-x32\...\{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE}) (Version:  - "") <==== ATTENTION
Solution Real (HKLM\...\Solution Real) (Version: 2015.01.10.022310 - Solution Real) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
SystemEnterprise (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{afa5aa21}) (Version:  - Software Publisher) <==== ATTENTION
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL)
Unity Web Player (HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Vosteran (HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\...\Vosteran) (Version: 31.0.1650.23 - Vosteran) <==== ATTENTION
WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version:  - WSE_Vosteran) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
18-02-2015 22:46:38 Windows Modules Installer
07-06-2015 09:14:01 Windows Update
21-06-2015 12:18:53 Windows Update
09-10-2015 19:28:03 Windows Update
09-10-2015 20:10:00 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-10-09 23:07 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00DB3031-ECBC-41E6-95E7-EADDF2AD876F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {12A65E19-3717-4346-9133-CD81534D068C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Task: {13B5FDAC-9781-4749-996A-81C1587C9249} - \Advanced System Protector_startup -> No File <==== ATTENTION
Task: {1B3DFD5A-4400-4DEA-ACE6-3CB6B0E55D9B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2C842700-2D89-49A7-8153-6C6C74A03735} - System32\Tasks\Rocket Updater => C:\Users\Kerri\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3A1A2F93-2F19-4149-ADDC-BE74C06FFDB9} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {3BF0ED5B-ED2D-4793-8C70-8E4DC9AA4422} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {3EB6DFA0-30ED-40D3-8B43-1C164B8D638A} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {529DC282-7AB8-450F-AAEE-C2DC458117A3} - \RegClean Pro -> No File <==== ATTENTION
Task: {552AA5F4-1E84-4C96-8F9D-214F99D4DB05} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {64E2365E-5340-4D65-9E8F-400D1042928B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {670F765C-8DAD-4190-80B0-8BFA9D61A15C} - System32\Tasks\NSManager => C:\Users\Kerri\AppData\Local\NSManager\manager.exe [2014-04-04] ()
Task: {6E2BDF84-3706-4F7D-8DA4-58AA78FFE732} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.26\OptProLauncher.exe [2015-01-06] (PC Utilities Software Limited) <==== ATTENTION
Task: {838D5780-AB0F-4FE0-8064-C6F41BAB63C0} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {8557D8DE-D16F-402F-9B8D-35F158DD344C} - System32\Tasks\Driver Pro Schedule => C:\Program Files (x86)\Driver Pro\DPTray.exe <==== ATTENTION
Task: {8E0498AD-70D6-4535-93A3-05E9D641FB66} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Task: {9A34E58C-DA65-40F2-A070-F8BF1704B735} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9B645169-6233-4087-81D8-9656ED515749} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {A335A6DC-2116-4977-AE06-EA13C7A035B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {A47E90A9-A42C-4ADE-B826-F497E754DE9F} - System32\Tasks\WSE_Vosteran => C:\Users\Kerri\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A5A3C234-804A-4672-AB06-F0C1D0E24D6C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A7A1688F-8E3E-485F-92DC-9ED4306A172A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B811FA9E-AEF8-410A-861E-CF77C8C98642} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {CA8DC40F-3845-4C58-BAA1-76DC20330271} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {D3D941C7-E1F1-48F1-B505-BC3128B12C87} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DBBB58E2-A68E-4341-8F11-0F4555E8F24A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9E9DFC6-A9BF-4216-BB98-9B5E2C3988D1} - System32\Tasks\PennyBee => C:\Users\Kerri\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EFD4B4FA-B239-476D-A4AC-8BABA7106D5F} - System32\Tasks\{0265AAAB-612E-46E2-B07E-1622D358DF42} => pcalua.exe -a C:\Users\Kerri\AppData\Local\Roblox\Versions\version-1fc13f51ea764eb7\RobloxPlayerLauncher.exe -c -uninstall
Task: {F86875CD-03D4-45D3-B737-0390E07DF79E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-30] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2947971214-2564108716-2143810627-1001Core.job => C:\Users\Kerri\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PennyBee.job => C:\Users\Kerri\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Kerri\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{083b5f04-dece-0d40-083b-b5f04dec7c13}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Kerri\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-06-03 08:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-10 15:54 - 2013-09-10 15:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-01-09 22:24 - 2015-01-09 22:24 - 00529656 _____ () C:\Program Files (x86)\Solution Real\updateSolutionReal.exe
2014-07-11 08:57 - 2014-05-20 12:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-09-09 10:35 - 2014-09-09 10:35 - 00378888 _____ () C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe
2015-01-10 14:10 - 2015-01-10 14:10 - 02286080 _____ () c:\Program Files (x86)\SystemEnterprise\SystemEnterprise.dll
2015-01-09 22:33 - 2015-01-09 22:33 - 02763344 _____ () c:\Program Files (x86)\Optimizer Pro 3.26\OptProMon.dll
2014-12-29 21:53 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-29 21:53 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-29 21:53 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-29 21:53 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-29 21:53 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-09 10:35 - 2014-09-09 10:35 - 00316936 _____ () C:\Program Files (x86)\OfferBoulevard\DPHelper.dll
2015-01-11 09:46 - 2015-01-11 09:46 - 00566272 _____ () C:\ProgramData\dealsteeR\h1SIgDS9S9Ws4y.dll
2015-01-11 09:47 - 2015-01-11 09:47 - 00566272 _____ () C:\ProgramData\saaveitkeep\ffgo6tGUWjWeU2.dll
2015-10-09 23:59 - 2015-09-23 22:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-09 23:59 - 2015-09-23 22:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-09 23:59 - 2015-09-23 22:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
2015-10-10 00:11 - 2015-07-31 12:28 - 01183792 _____ () C:\Program Files (x86)\Super Optimizer\SupOptStart.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Kerri\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img5.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4D5270B1-0B8C-4F0F-BA21-168A1616FE62}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{592F843D-D917-4F0D-8A88-1414418C2182}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{84304C0A-EEF5-4340-8DDC-AAF19C527B93}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{132CCEE5-DABE-48ED-8606-BF266CD01343}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D0D2F67A-7EE3-4BFB-8523-BB67C9A26B70}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{FD508DC7-1D20-49D8-85A6-2174EA3C92CF}] => (Allow) C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BRT.Helper.exe
FirewallRules: [{5831BB7B-CA95-47D8-9909-F31913723DA7}] => (Allow) C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BRT.Helper.exe
FirewallRules: [{4CE62919-9A3D-4F71-A66E-97383DC6ED9A}] => (Allow) C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BRT.Helper.exe
FirewallRules: [{32E4ABD8-9A3D-4A25-9753-09447CA0B18A}] => (Allow) C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BRT.Helper.exe
FirewallRules: [{8F0F8E7F-3405-4C93-87C6-3F8B24FE7AED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/10/2015 12:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1224) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU006D9.log.
 
Error: (10/09/2015 11:56:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KERRI)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/09/2015 11:52:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d14
 
Start Time: 01d1030ee2ac815b
 
Termination Time: 568
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 555ba7d6-6f02-11e5-827a-008cfa768bee
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/09/2015 11:51:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/09/2015 08:10:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2015 08:09:54 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer WMI Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (10/09/2015 08:09:54 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer MSSearch Service Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (10/09/2015 08:09:54 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (10/09/2015 08:09:54 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer COM+ REGDB Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (10/09/2015 08:08:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15dc
 
Start Time: 01d102ef18832edf
 
Termination Time: 4294967295
 
Application Path: C:\Windows\syswow64\wwahost.exe
 
Report Id: 0f9523ec-6ee3-11e5-8283-008cfa768bee
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (10/09/2015 10:56:25 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (10/09/2015 08:14:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
 
Error: (10/09/2015 08:14:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (10/09/2015 08:13:29 PM) (Source: DCOM) (EventID: 10010) (User: KERRI)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (10/09/2015 08:03:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 664D3057.PirateJump2Free.
 
Error: (10/09/2015 08:03:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 48690VisheshOberoi.AngryRunMan.
 
Error: (10/09/2015 08:00:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 664D3057.PirateJump2Free.
 
Error: (10/09/2015 08:00:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 48690VisheshOberoi.AngryRunMan.
 
Error: (10/09/2015 08:00:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Update for Windows 8.1 for x64-based Systems (KB3024755).
 
Error: (10/09/2015 08:00:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Update for Windows 8.1 for x64-based Systems (KB3025417).
 
 
==================== Memory info =========================== 
 
Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 58%
Total physical RAM: 3658.26 MB
Available physical RAM: 1527.01 MB
Total Virtual: 4298.26 MB
Available Virtual: 1696.73 MB
 
==================== Drives ================================
 
Drive c: (TI10673700F) (Fixed) (Total:456.46 GB) (Free:412.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets give the lass her computer back

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

If you wish you may download this premade copy :)
Attached File  fixlist.txt   11.74KB   88 downloads
 

CreateRestorePoint:
HKLM-x32\...\Run: [OfferBoulevard] => C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe [378888 2014-09-09] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.26\OptProLauncher.exe [148048 2015-01-06] (PC Utilities Software Limited)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50359;https=127.0.0.1:50359
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://Vosteran.com/?f=1&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKLM -> DefaultScope {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKLM -> {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^man000^YYA^&ptb=B04A13E7-F7AB-46AA-950E-BE13EC599A59&psa=&ind=2014062917&st=sb&n=780c2945&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> DefaultScope {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^man000^YYA^&ptb=B04A13E7-F7AB-46AA-950E-BE13EC599A59&psa=&ind=2014062917&st=sb&n=780c2945&searchfor={searchTerms}
BHO: dealsteeR -> {36fc43c3-e717-4159-a945-81bdbb1b510d} -> C:\ProgramData\dealsteeR\h1SIgDS9S9Ws4y.x64.dll [2015-01-11] ()
BHO: saaveitkeep. -> {ae18ecdc-f14b-49f3-847d-5e781c7faff7} -> C:\ProgramData\saaveitkeep\ffgo6tGUWjWeU2.x64.dll [2015-01-11] ()
BHO-x32: dealsteeR -> {36fc43c3-e717-4159-a945-81bdbb1b510d} -> C:\ProgramData\dealsteeR\h1SIgDS9S9Ws4y.dll [2015-01-11] ()
BHO-x32: saaveitkeep. -> {ae18ecdc-f14b-49f3-847d-5e781c7faff7} -> C:\ProgramData\saaveitkeep\ffgo6tGUWjWeU2.dll [2015-01-11] ()
FF HKLM-x32\...\Firefox\Extensions: [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] - 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => not found
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 0\extensions\{[email protected]} => not found
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 1\extensions\{[email protected]} => not found
R2 afa5aa21; c:\Program Files (x86)\SystemEnterprise\SystemEnterprise.dll [2286080 2015-01-10] () [File not signed]
R2 b0551d12; c:\Program Files (x86)\Optimizer Pro 3.26\OptProMon.dll [2763344 2015-01-09] () <==== ATTENTION
2015-10-10 00:11 - 2015-10-10 00:11 - 00001079 _____ C:\Users\Kerri\Desktop\Super Optimizer.lnk
2015-10-10 00:11 - 2015-10-10 00:11 - 00000352 _____ C:\Windows\Tasks\Superclean.job
2015-10-10 00:11 - 2015-10-10 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-10-10 00:11 - 2015-10-10 00:11 - 00000000 ____D C:\ProgramData\{083b5f04-dece-0d40-083b-b5f04dec7c13}
2015-10-09 19:54 - 2015-10-09 19:54 - 00000000 ____D C:\Users\Kerri\Documents\Super Optimizer
2015-10-09 19:54 - 2015-10-09 19:54 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\Super Optimizer
2015-10-09 19:51 - 2015-10-09 19:51 - 00000000 _____ C:\Users\Kerri\AppData\Local\Temp.dat
2015-10-09 19:48 - 2015-10-09 21:39 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-10-09 19:47 - 2015-10-09 21:38 - 00000000 ____D C:\ProgramData\{7055f81c-1e73-dd53-7055-5f81c1e7e070}
2015-09-13 08:25 - 2015-10-09 21:34 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-10-10 00:02 - 2014-12-26 23:02 - 00000304 _____ C:\Windows\Tasks\PennyBee.job
2015-10-09 23:53 - 2014-07-09 23:09 - 00000000 ____D C:\ProgramData\Npackd
2015-10-09 23:52 - 2014-07-09 22:52 - 00000304 _____ C:\Windows\Tasks\Rocket Updater.job
2015-10-09 23:33 - 2015-01-09 22:33 - 00000304 _____ C:\Windows\Tasks\WSE_Vosteran.job
2015-10-09 22:58 - 2015-01-09 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-10-09 22:58 - 2014-11-01 13:35 - 00000000 ____D C:\ProgramData\UltraCoupon
2015-10-09 21:43 - 2015-01-09 22:35 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-10-09 21:43 - 2015-01-09 22:35 - 00000000 ____D C:\Users\Kerri\AppData\Local\Vosteran
2015-10-09 21:43 - 2015-01-09 22:33 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\WSE_Vosteran
2015-10-09 21:40 - 2015-01-11 09:47 - 00000000 ____D C:\ProgramData\saaveitkeep
2015-10-09 21:40 - 2015-01-11 09:46 - 00000000 ____D C:\ProgramData\dealsteeR
2015-10-09 21:39 - 2015-06-25 14:14 - 00000000 ____D C:\Program Files (x86)\RoyalCCOupon
2015-10-09 21:39 - 2015-06-21 14:56 - 00000000 ____D C:\Program Files (x86)\Instair New Tab
2015-10-09 21:39 - 2015-06-21 12:56 - 00000000 ____D C:\Program Files (x86)\RoyaleCoaupon
2015-10-09 21:39 - 2015-06-21 12:56 - 00000000 ____D C:\Program Files (x86)\RoyaLCoouipon
2015-10-09 21:39 - 2015-06-21 12:38 - 00000000 ____D C:\Program Files (x86)\ClickForSealEE
2015-10-09 21:39 - 2015-06-21 12:38 - 00000000 ____D C:\Program Files (x86)\ClickFOrSAlee
2015-10-09 21:39 - 2015-06-21 12:37 - 00000000 ____D C:\Program Files (x86)\CClicckForSaalee
2015-10-09 21:39 - 2015-06-21 12:35 - 00000000 ____D C:\Program Files (x86)\IP Address
2015-10-09 21:39 - 2015-03-07 14:17 - 00000000 ____D C:\Program Files (x86)\ShopperMaaster
2015-10-09 21:39 - 2015-02-17 20:03 - 00000000 ____D C:\Program Files (x86)\ExettraSohoopper
2015-10-09 21:39 - 2015-02-17 20:02 - 00000000 ____D C:\Program Files (x86)\FlaSHCeoupon
2015-10-09 21:39 - 2015-02-13 22:55 - 00000000 ____D C:\Program Files (x86)\PerroShhopper
2015-10-09 21:39 - 2015-02-13 22:36 - 00000000 ____D C:\Program Files (x86)\saVingtoyaou
2015-10-09 21:39 - 2015-02-13 22:36 - 00000000 ____D C:\Program Files (x86)\DiscOuNtLoCAtor
2015-10-09 21:39 - 2015-01-10 14:10 - 00000000 ____D C:\Program Files (x86)\SystemEnterprise
2015-10-09 21:39 - 2014-12-26 23:02 - 00000000 ____D C:\Program Files (x86)\OfferBoulevard
2015-10-09 21:38 - 2015-02-18 22:19 - 00000000 ____D C:\ProgramData\ProductData
2015-10-09 21:38 - 2015-02-18 22:19 - 00000000 ____D C:\ProgramData\IObit
2015-10-09 21:36 - 2015-02-18 22:19 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\IObit
2015-10-09 21:36 - 2015-02-18 22:19 - 00000000 ____D C:\Users\Kerri\AppData\LocalLow\IObit
Task: {13B5FDAC-9781-4749-996A-81C1587C9249} - \Advanced System Protector_startup -> No File <==== ATTENTION
Task: {2C842700-2D89-49A7-8153-6C6C74A03735} - System32\Tasks\Rocket Updater => C:\Users\Kerri\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3A1A2F93-2F19-4149-ADDC-BE74C06FFDB9} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {3EB6DFA0-30ED-40D3-8B43-1C164B8D638A} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {529DC282-7AB8-450F-AAEE-C2DC458117A3} - \RegClean Pro -> No File <==== ATTENTION
Task: {670F765C-8DAD-4190-80B0-8BFA9D61A15C} - System32\Tasks\NSManager => C:\Users\Kerri\AppData\Local\NSManager\manager.exe [2014-04-04] ()
Task: {6E2BDF84-3706-4F7D-8DA4-58AA78FFE732} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.26\OptProLauncher.exe [2015-01-06] (PC Utilities Software Limited) <==== ATTENTION
Task: {8557D8DE-D16F-402F-9B8D-35F158DD344C} - System32\Tasks\Driver Pro Schedule => C:\Program Files (x86)\Driver Pro\DPTray.exe <==== ATTENTION
Task: {A47E90A9-A42C-4ADE-B826-F497E754DE9F} - System32\Tasks\WSE_Vosteran => C:\Users\Kerri\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {DBBB58E2-A68E-4341-8F11-0F4555E8F24A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9E9DFC6-A9BF-4216-BB98-9B5E2C3988D1} - System32\Tasks\PennyBee => C:\Users\Kerri\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EFD4B4FA-B239-476D-A4AC-8BABA7106D5F} - System32\Tasks\{0265AAAB-612E-46E2-B07E-1622D358DF42} => pcalua.exe -a C:\Users\Kerri\AppData\Local\Roblox\Versions\version-1fc13f51ea764eb7\RobloxPlayerLauncher.exe -c -uninstall
Task: C:\Windows\Tasks\PennyBee.job => C:\Users\Kerri\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Kerri\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{083b5f04-dece-0d40-083b-b5f04dec7c13}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Kerri\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Kerri\AppData\Local\Temp\optprosetup.exe
C:\Users\Kerri\AppData\Local\Temp\supoptsetup.exe
C:\Program Files (x86)\OfferBoulevard
C:\Program Files (x86)\Optimizer Pro 3.26
C:\ProgramData\dealsteeR
C:\ProgramData\saaveitkeep
c:\Program Files (x86)\SystemEnterprise
C:\Users\Kerri\AppData\Roaming\ROCKET~1
C:\Program Files (x86)\Optimum PC Boost
C:\Users\Kerri\AppData\Local\NSManager
C:\Program Files (x86)\Driver Pro
C:\Program Files (x86)\MyPC Backup
C:\Users\Kerri\AppData\Roaming\PennyBee
C:\Users\Kerri\AppData\Roaming\WSE_VO~1
c:\programdata\{083b5f04-dece-0d40-083b-b5f04dec7c13}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
carebear04

carebear04

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here are those logs:
 
EmptyTemp: => 485.8 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 10:39:02 ====
 
# AdwCleaner v5.013 - Logfile created 10/10/2015 at 11:01:07
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Kerri - KERRI
# Running from : C:\Users\Kerri\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\WSE_Vosteran
[-] Folder Deleted : C:\Program Files (x86)\Solution Real
[-] Folder Deleted : C:\Program Files (x86)\dEal44me
[-] Folder Deleted : C:\Program Files (x86)\FlexibleShopper
[-] Folder Deleted : C:\Program Files (x86)\LuckyCoupon
[-] Folder Deleted : C:\Program Files (x86)\LuckyShopaperr
[-] Folder Deleted : C:\Program Files (x86)\RoyallSHoepperApp
[-] Folder Deleted : C:\Program Files (x86)\saveituKeeP.a
[-] Folder Deleted : C:\Program Files (x86)\GamingWonderlandEI
[-] Folder Deleted : C:\ProgramData\OnlineLowDeals
[-] Folder Deleted : C:\ProgramData\FlexibleShopper
[-] Folder Deleted : C:\ProgramData\LuckyCoupon
[-] Folder Deleted : C:\ProgramData\LuckyShopaperr
[-] Folder Deleted : C:\ProgramData\RoyallSHoepperApp
[-] Folder Deleted : C:\ProgramData\15282353919323420414
[-] Folder Deleted : C:\ProgramData\d415d3eb951236fe
[-] Folder Deleted : C:\Users\Kerri\AppData\Local\iac
[-] Folder Deleted : C:\Users\Kerri\AppData\Local\Rocket
[-] Folder Deleted : C:\Users\Kerri\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\Kerri\AppData\LocalLow\GamingWonderlandEI
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage
[-] File Deleted : C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage-journal
[-] File Deleted : C:\Users\Kerri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vosteran.lnk
[-] File Deleted : C:\Users\Kerri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Vosteran.lnk
[-] File Deleted : C:\Users\Kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
[-] File Deleted : C:\Users\Kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk
[-] File Deleted : C:\Users\Kerri\Desktop\Driver Pro.lnk
[-] File Deleted : C:\Users\Kerri\Desktop\eBay.lnk
[-] File Deleted : C:\Users\Kerri\Desktop\Optimizer Pro.lnk
[-] File Deleted : C:\Users\Kerri\Desktop\Vosteran.lnk
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
[-] File Deleted : C:\Windows\SysNative\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
[-] Shortcut Disinfected : C:\Users\Kerri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Kerri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Kerri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Kerri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Kerri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Super Optimizer Schedule
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Super Optimizer]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\LLuckyShOppeer.LLuckyShOppeer
[-] Key Deleted : HKLM\SOFTWARE\Classes\LLuckyShOppeer.LLuckyShOppeer.1.2
[-] Key Deleted : HKLM\SOFTWARE\Classes\RoyalSuhoppeRRApp.RoyalSuhoppeRRApp
[-] Key Deleted : HKLM\SOFTWARE\Classes\RoyalSuhoppeRRApp.RoyalSuhoppeRRApp.2.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FlexibleShopper.FlexibleShopper
[-] Key Deleted : HKLM\SOFTWARE\Classes\FlexibleShopper.FlexibleShopper.9
[-] Key Deleted : HKLM\SOFTWARE\6e160823-2461-55c7-a943-b58be8b336bf
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{afa5aa21}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A8625CB7-85FE-4936-92A4-B2A7C925209E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D203FFD-6D87-3440-8D46-4A9153AB54FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FEC2FE4-304C-389F-1DD0-FFF00DF6074A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c827c296-0ed5-45d4-9e70-50104947f7b7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4c297ddf-0a36-4b17-b8fa-0c0395f2c5bc}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4EC1AD3D-473F-4A35-9DF5-43675D4E7A17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{70049E2F-E539-4E76-81D9-A038EB61F53D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FEC2FE4-304C-389F-1DD0-FFF00DF6074A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c827c296-0ed5-45d4-9e70-50104947f7b7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4c297ddf-0a36-4b17-b8fa-0c0395f2c5bc}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8FEC2FE4-304C-389F-1DD0-FFF00DF6074A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c827c296-0ed5-45d4-9e70-50104947f7b7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D203FFD-6D87-3440-8D46-4A9153AB54FD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8FEC2FE4-304C-389F-1DD0-FFF00DF6074A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c827c296-0ed5-45d4-9e70-50104947f7b7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4c297ddf-0a36-4b17-b8fa-0c0395f2c5bc}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{4D203FFD-6D87-3440-8D46-4A9153AB54FD}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{8FEC2FE4-304C-389F-1DD0-FFF00DF6074A}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{c827c296-0ed5-45d4-9e70-50104947f7b7}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4D203FFD-6D87-3440-8D46-4A9153AB54FD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8FEC2FE4-304C-389F-1DD0-FFF00DF6074A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{c827c296-0ed5-45d4-9e70-50104947f7b7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\Driver Pro
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\PennyBee
[-] Key Deleted : HKCU\Software\Rocket Browser
[-] Key Deleted : HKCU\Software\RocketUpdater
[-] Key Deleted : HKCU\Software\WSE Rocket
[-] Key Deleted : HKCU\Software\Vosteran Browser
[-] Key Deleted : HKCU\Software\WSE_Vosteran
[-] Key Deleted : HKCU\Software\Vosteran
[-] Key Deleted : HKCU\Software\Solution Real
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\Condut
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\InstallCore
[-] Key Deleted : HKLM\SOFTWARE\Solution Real
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\GamingWonderlandEI
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE}
[!] Key Not Deleted : [x64] HKCU\Software\Driver Pro
[!] Key Not Deleted : [x64] HKCU\Software\IM
[!] Key Not Deleted : [x64] HKCU\Software\InstallCore
[!] Key Not Deleted : [x64] HKCU\Software\Optimizer Pro
[!] Key Not Deleted : [x64] HKCU\Software\PennyBee
[!] Key Not Deleted : [x64] HKCU\Software\Rocket Browser
[!] Key Not Deleted : [x64] HKCU\Software\RocketUpdater
[!] Key Not Deleted : [x64] HKCU\Software\WSE Rocket
[!] Key Not Deleted : [x64] HKCU\Software\Vosteran Browser
[!] Key Not Deleted : [x64] HKCU\Software\WSE_Vosteran
[!] Key Not Deleted : [x64] HKCU\Software\Vosteran
[!] Key Not Deleted : [x64] HKCU\Software\Solution Real
[!] Key Not Deleted : [x64] HKCU\Software\Super Optimizer
[!] Key Not Deleted : [x64] HKCU\Software\Condut
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Solution Real
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Key Not Deleted : HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[!] Key Not Deleted : HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13519 bytes] ##########
 

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you repost the fixlog please as there is a lot of it missing

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#5
carebear04

carebear04

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Here are those logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-10-2015
Ran by Kerri (2015-10-10 13:39:05) Run:2
Running from C:\Users\Kerri\Desktop
Loaded Profiles: Kerri (Available Profiles: Kerri)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [OfferBoulevard] => C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe [378888 2014-09-09] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.26\OptProLauncher.exe [148048 2015-01-06] (PC Utilities Software Limited)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50359;https=127.0.0.1:50359
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://Vosteran.com/?f=1&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKLM -> DefaultScope {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKLM -> {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^man000^YYA^&ptb=B04A13E7-F7AB-46AA-950E-BE13EC599A59&psa=&ind=2014062917&st=sb&n=780c2945&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> DefaultScope {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^man000^YYA^&ptb=B04A13E7-F7AB-46AA-950E-BE13EC599A59&psa=&ind=2014062917&st=sb&n=780c2945&searchfor={searchTerms}
BHO: dealsteeR -> {36fc43c3-e717-4159-a945-81bdbb1b510d} -> C:\ProgramData\dealsteeR\h1SIgDS9S9Ws4y.x64.dll [2015-01-11] ()
BHO: saaveitkeep. -> {ae18ecdc-f14b-49f3-847d-5e781c7faff7} -> C:\ProgramData\saaveitkeep\ffgo6tGUWjWeU2.x64.dll [2015-01-11] ()
BHO-x32: dealsteeR -> {36fc43c3-e717-4159-a945-81bdbb1b510d} -> C:\ProgramData\dealsteeR\h1SIgDS9S9Ws4y.dll [2015-01-11] ()
BHO-x32: saaveitkeep. -> {ae18ecdc-f14b-49f3-847d-5e781c7faff7} -> C:\ProgramData\saaveitkeep\ffgo6tGUWjWeU2.dll [2015-01-11] ()
FF HKLM-x32\...\Firefox\Extensions: [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] - 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => not found
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 0\extensions\{[email protected]} => not found
FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 1\extensions\{[email protected]} => not found
R2 afa5aa21; c:\Program Files (x86)\SystemEnterprise\SystemEnterprise.dll [2286080 2015-01-10] () [File not signed]
R2 b0551d12; c:\Program Files (x86)\Optimizer Pro 3.26\OptProMon.dll [2763344 2015-01-09] () <==== ATTENTION
2015-10-10 00:11 - 2015-10-10 00:11 - 00001079 _____ C:\Users\Kerri\Desktop\Super Optimizer.lnk
2015-10-10 00:11 - 2015-10-10 00:11 - 00000352 _____ C:\Windows\Tasks\Superclean.job
2015-10-10 00:11 - 2015-10-10 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-10-10 00:11 - 2015-10-10 00:11 - 00000000 ____D C:\ProgramData\{083b5f04-dece-0d40-083b-b5f04dec7c13}
2015-10-09 19:54 - 2015-10-09 19:54 - 00000000 ____D C:\Users\Kerri\Documents\Super Optimizer
2015-10-09 19:54 - 2015-10-09 19:54 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\Super Optimizer
2015-10-09 19:51 - 2015-10-09 19:51 - 00000000 _____ C:\Users\Kerri\AppData\Local\Temp.dat
2015-10-09 19:48 - 2015-10-09 21:39 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-10-09 19:47 - 2015-10-09 21:38 - 00000000 ____D C:\ProgramData\{7055f81c-1e73-dd53-7055-5f81c1e7e070}
2015-09-13 08:25 - 2015-10-09 21:34 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-10-10 00:02 - 2014-12-26 23:02 - 00000304 _____ C:\Windows\Tasks\PennyBee.job
2015-10-09 23:53 - 2014-07-09 23:09 - 00000000 ____D C:\ProgramData\Npackd
2015-10-09 23:52 - 2014-07-09 22:52 - 00000304 _____ C:\Windows\Tasks\Rocket Updater.job
2015-10-09 23:33 - 2015-01-09 22:33 - 00000304 _____ C:\Windows\Tasks\WSE_Vosteran.job
2015-10-09 22:58 - 2015-01-09 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-10-09 22:58 - 2014-11-01 13:35 - 00000000 ____D C:\ProgramData\UltraCoupon
2015-10-09 21:43 - 2015-01-09 22:35 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-10-09 21:43 - 2015-01-09 22:35 - 00000000 ____D C:\Users\Kerri\AppData\Local\Vosteran
2015-10-09 21:43 - 2015-01-09 22:33 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\WSE_Vosteran
2015-10-09 21:40 - 2015-01-11 09:47 - 00000000 ____D C:\ProgramData\saaveitkeep
2015-10-09 21:40 - 2015-01-11 09:46 - 00000000 ____D C:\ProgramData\dealsteeR
2015-10-09 21:39 - 2015-06-25 14:14 - 00000000 ____D C:\Program Files (x86)\RoyalCCOupon
2015-10-09 21:39 - 2015-06-21 14:56 - 00000000 ____D C:\Program Files (x86)\Instair New Tab
2015-10-09 21:39 - 2015-06-21 12:56 - 00000000 ____D C:\Program Files (x86)\RoyaleCoaupon
2015-10-09 21:39 - 2015-06-21 12:56 - 00000000 ____D C:\Program Files (x86)\RoyaLCoouipon
2015-10-09 21:39 - 2015-06-21 12:38 - 00000000 ____D C:\Program Files (x86)\ClickForSealEE
2015-10-09 21:39 - 2015-06-21 12:38 - 00000000 ____D C:\Program Files (x86)\ClickFOrSAlee
2015-10-09 21:39 - 2015-06-21 12:37 - 00000000 ____D C:\Program Files (x86)\CClicckForSaalee
2015-10-09 21:39 - 2015-06-21 12:35 - 00000000 ____D C:\Program Files (x86)\IP Address
2015-10-09 21:39 - 2015-03-07 14:17 - 00000000 ____D C:\Program Files (x86)\ShopperMaaster
2015-10-09 21:39 - 2015-02-17 20:03 - 00000000 ____D C:\Program Files (x86)\ExettraSohoopper
2015-10-09 21:39 - 2015-02-17 20:02 - 00000000 ____D C:\Program Files (x86)\FlaSHCeoupon
2015-10-09 21:39 - 2015-02-13 22:55 - 00000000 ____D C:\Program Files (x86)\PerroShhopper
2015-10-09 21:39 - 2015-02-13 22:36 - 00000000 ____D C:\Program Files (x86)\saVingtoyaou
2015-10-09 21:39 - 2015-02-13 22:36 - 00000000 ____D C:\Program Files (x86)\DiscOuNtLoCAtor
2015-10-09 21:39 - 2015-01-10 14:10 - 00000000 ____D C:\Program Files (x86)\SystemEnterprise
2015-10-09 21:39 - 2014-12-26 23:02 - 00000000 ____D C:\Program Files (x86)\OfferBoulevard
2015-10-09 21:38 - 2015-02-18 22:19 - 00000000 ____D C:\ProgramData\ProductData
2015-10-09 21:38 - 2015-02-18 22:19 - 00000000 ____D C:\ProgramData\IObit
2015-10-09 21:36 - 2015-02-18 22:19 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\IObit
2015-10-09 21:36 - 2015-02-18 22:19 - 00000000 ____D C:\Users\Kerri\AppData\LocalLow\IObit
Task: {13B5FDAC-9781-4749-996A-81C1587C9249} - \Advanced System Protector_startup -> No File <==== ATTENTION
Task: {2C842700-2D89-49A7-8153-6C6C74A03735} - System32\Tasks\Rocket Updater => C:\Users\Kerri\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3A1A2F93-2F19-4149-ADDC-BE74C06FFDB9} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {3EB6DFA0-30ED-40D3-8B43-1C164B8D638A} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {529DC282-7AB8-450F-AAEE-C2DC458117A3} - \RegClean Pro -> No File <==== ATTENTION
Task: {670F765C-8DAD-4190-80B0-8BFA9D61A15C} - System32\Tasks\NSManager => C:\Users\Kerri\AppData\Local\NSManager\manager.exe [2014-04-04] ()
Task: {6E2BDF84-3706-4F7D-8DA4-58AA78FFE732} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.26\OptProLauncher.exe [2015-01-06] (PC Utilities Software Limited) <==== ATTENTION
Task: {8557D8DE-D16F-402F-9B8D-35F158DD344C} - System32\Tasks\Driver Pro Schedule => C:\Program Files (x86)\Driver Pro\DPTray.exe <==== ATTENTION
Task: {A47E90A9-A42C-4ADE-B826-F497E754DE9F} - System32\Tasks\WSE_Vosteran => C:\Users\Kerri\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {DBBB58E2-A68E-4341-8F11-0F4555E8F24A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9E9DFC6-A9BF-4216-BB98-9B5E2C3988D1} - System32\Tasks\PennyBee => C:\Users\Kerri\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EFD4B4FA-B239-476D-A4AC-8BABA7106D5F} - System32\Tasks\{0265AAAB-612E-46E2-B07E-1622D358DF42} => pcalua.exe -a C:\Users\Kerri\AppData\Local\Roblox\Versions\version-1fc13f51ea764eb7\RobloxPlayerLauncher.exe -c -uninstall
Task: C:\Windows\Tasks\PennyBee.job => C:\Users\Kerri\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Kerri\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{083b5f04-dece-0d40-083b-b5f04dec7c13}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Kerri\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Kerri\AppData\Local\Temp\optprosetup.exe
C:\Users\Kerri\AppData\Local\Temp\supoptsetup.exe
C:\Program Files (x86)\OfferBoulevard
C:\Program Files (x86)\Optimizer Pro 3.26
C:\ProgramData\dealsteeR
C:\ProgramData\saaveitkeep
c:\Program Files (x86)\SystemEnterprise
C:\Users\Kerri\AppData\Roaming\ROCKET~1
C:\Program Files (x86)\Optimum PC Boost
C:\Users\Kerri\AppData\Local\NSManager
C:\Program Files (x86)\Driver Pro
C:\Program Files (x86)\MyPC Backup
C:\Users\Kerri\AppData\Roaming\PennyBee
C:\Users\Kerri\AppData\Roaming\WSE_VO~1
c:\programdata\{083b5f04-dece-0d40-083b-b5f04dec7c13}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\OfferBoulevard => value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => value not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{364DB82F-1976-430E-9DE3-887805ED23E4} => key not found. 
HKCR\CLSID\{364DB82F-1976-430E-9DE3-887805ED23E4} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => key not found. 
HKCR\Wow6432Node\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => key not found. 
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{364DB82F-1976-430E-9DE3-887805ED23E4} => key not found. 
HKCR\CLSID\{364DB82F-1976-430E-9DE3-887805ED23E4} => key not found. 
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => key not found. 
HKCR\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36fc43c3-e717-4159-a945-81bdbb1b510d} => key not found. 
HKCR\CLSID\{36fc43c3-e717-4159-a945-81bdbb1b510d} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18ecdc-f14b-49f3-847d-5e781c7faff7} => key not found. 
HKCR\CLSID\{ae18ecdc-f14b-49f3-847d-5e781c7faff7} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36fc43c3-e717-4159-a945-81bdbb1b510d} => key not found. 
HKCR\Wow6432Node\CLSID\{36fc43c3-e717-4159-a945-81bdbb1b510d} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18ecdc-f14b-49f3-847d-5e781c7faff7} => key not found. 
HKCR\Wow6432Node\CLSID\{ae18ecdc-f14b-49f3-847d-5e781c7faff7} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{[email protected]} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{[email protected]} => value not found.
afa5aa21 => service not found.
b0551d12 => service not found.
"C:\Users\Kerri\Desktop\Super Optimizer.lnk" => File/Folder not found.
"C:\Windows\Tasks\Superclean.job" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer" => File/Folder not found.
"C:\ProgramData\{083b5f04-dece-0d40-083b-b5f04dec7c13}" => File/Folder not found.
"C:\Users\Kerri\Documents\Super Optimizer" => File/Folder not found.
"C:\Users\Kerri\AppData\Roaming\Super Optimizer" => File/Folder not found.
"C:\Users\Kerri\AppData\Local\Temp.dat" => File/Folder not found.
"C:\Program Files (x86)\Super Optimizer" => File/Folder not found.
"C:\ProgramData\{7055f81c-1e73-dd53-7055-5f81c1e7e070}" => File/Folder not found.
"C:\Windows\System32\Tasks\Remediation" => File/Folder not found.
"C:\Windows\Tasks\PennyBee.job" => File/Folder not found.
"C:\ProgramData\Npackd" => File/Folder not found.
"C:\Windows\Tasks\Rocket Updater.job" => File/Folder not found.
"C:\Windows\Tasks\WSE_Vosteran.job" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2" => File/Folder not found.
"C:\ProgramData\UltraCoupon" => File/Folder not found.
"C:\Users\Kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran" => File/Folder not found.
"C:\Users\Kerri\AppData\Local\Vosteran" => File/Folder not found.
"C:\Users\Kerri\AppData\Roaming\WSE_Vosteran" => File/Folder not found.
"C:\ProgramData\saaveitkeep" => File/Folder not found.
"C:\ProgramData\dealsteeR" => File/Folder not found.
"C:\Program Files (x86)\RoyalCCOupon" => File/Folder not found.
"C:\Program Files (x86)\Instair New Tab" => File/Folder not found.
"C:\Program Files (x86)\RoyaleCoaupon" => File/Folder not found.
"C:\Program Files (x86)\RoyaLCoouipon" => File/Folder not found.
"C:\Program Files (x86)\ClickForSealEE" => File/Folder not found.
"C:\Program Files (x86)\ClickFOrSAlee" => File/Folder not found.
"C:\Program Files (x86)\CClicckForSaalee" => File/Folder not found.
"C:\Program Files (x86)\IP Address" => File/Folder not found.
"C:\Program Files (x86)\ShopperMaaster" => File/Folder not found.
"C:\Program Files (x86)\ExettraSohoopper" => File/Folder not found.
"C:\Program Files (x86)\FlaSHCeoupon" => File/Folder not found.
"C:\Program Files (x86)\PerroShhopper" => File/Folder not found.
"C:\Program Files (x86)\saVingtoyaou" => File/Folder not found.
"C:\Program Files (x86)\DiscOuNtLoCAtor" => File/Folder not found.
"C:\Program Files (x86)\SystemEnterprise" => File/Folder not found.
"C:\Program Files (x86)\OfferBoulevard" => File/Folder not found.
"C:\ProgramData\ProductData" => File/Folder not found.
"C:\ProgramData\IObit" => File/Folder not found.
"C:\Users\Kerri\AppData\Roaming\IObit" => File/Folder not found.
"C:\Users\Kerri\AppData\LocalLow\IObit" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13B5FDAC-9781-4749-996A-81C1587C9249} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C842700-2D89-49A7-8153-6C6C74A03735} => key not found. 
C:\Windows\System32\Tasks\Rocket Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rocket Updater => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A1A2F93-2F19-4149-ADDC-BE74C06FFDB9} => key not found. 
C:\Windows\System32\Tasks\Optimum_LogOn => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimum_LogOn => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB6DFA0-30ED-40D3-8B43-1C164B8D638A} => key not found. 
C:\Windows\System32\Tasks\Optimum_Daily => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimum_Daily => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{529DC282-7AB8-450F-AAEE-C2DC458117A3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{670F765C-8DAD-4190-80B0-8BFA9D61A15C} => key not found. 
C:\Windows\System32\Tasks\NSManager => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NSManager => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E2BDF84-3706-4F7D-8DA4-58AA78FFE732} => key not found. 
C:\Windows\System32\Tasks\Optimizer Pro Schedule => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8557D8DE-D16F-402F-9B8D-35F158DD344C} => key not found. 
C:\Windows\System32\Tasks\Driver Pro Schedule => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Pro Schedule => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A47E90A9-A42C-4ADE-B826-F497E754DE9F} => key not found. 
C:\Windows\System32\Tasks\WSE_Vosteran => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBBB58E2-A68E-4341-8F11-0F4555E8F24A} => key not found. 
C:\Windows\System32\Tasks\LaunchSignup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9E9DFC6-A9BF-4216-BB98-9B5E2C3988D1} => key not found. 
C:\Windows\System32\Tasks\PennyBee => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PennyBee => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFD4B4FA-B239-476D-A4AC-8BABA7106D5F} => key not found. 
C:\Windows\System32\Tasks\{0265AAAB-612E-46E2-B07E-1622D358DF42} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0265AAAB-612E-46E2-B07E-1622D358DF42} => key not found. 
C:\Windows\Tasks\PennyBee.job => not found.
C:\Windows\Tasks\Rocket Updater.job => not found.
C:\Windows\Tasks\Superclean.job => not found.
C:\Windows\Tasks\WSE_Vosteran.job => not found.
"C:\Users\Kerri\AppData\Local\Temp\optprosetup.exe" => File/Folder not found.
"C:\Users\Kerri\AppData\Local\Temp\supoptsetup.exe" => File/Folder not found.
"C:\Program Files (x86)\OfferBoulevard" => File/Folder not found.
"C:\Program Files (x86)\Optimizer Pro 3.26" => File/Folder not found.
"C:\ProgramData\dealsteeR" => File/Folder not found.
"C:\ProgramData\saaveitkeep" => File/Folder not found.
"c:\Program Files (x86)\SystemEnterprise" => File/Folder not found.
"C:\Users\Kerri\AppData\Roaming\ROCKET~1" => File/Folder not found.
"C:\Program Files (x86)\Optimum PC Boost" => File/Folder not found.
"C:\Users\Kerri\AppData\Local\NSManager" => File/Folder not found.
"C:\Program Files (x86)\Driver Pro" => File/Folder not found.
"C:\Program Files (x86)\MyPC Backup" => File/Folder not found.
"C:\Users\Kerri\AppData\Roaming\PennyBee" => File/Folder not found.
"C:\Users\Kerri\AppData\Roaming\WSE_VO~1" => File/Folder not found.
"c:\programdata\{083b5f04-dece-0d40-083b-b5f04dec7c13}" => File/Folder not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2607:fcc8:8480:f800:bd26:d4fd:240:ddc0
   Temporary IPv6 Address. . . . . . : 2607:fcc8:8480:f800:4093:ba77:b6c2:b473
   Link-local IPv6 Address . . . . . : fe80::bd26:d4fd:240:ddc0%4
   Default Gateway . . . . . . . . . : fe80::eaed:5ff:fe59:2d57%4
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2607:fcc8:8480:f800:bd26:d4fd:240:ddc0
   Temporary IPv6 Address. . . . . . : 2607:fcc8:8480:f800:4093:ba77:b6c2:b473
   Link-local IPv6 Address . . . . . : fe80::bd26:d4fd:240:ddc0%4
   IPv4 Address. . . . . . . . . . . : 192.168.0.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::eaed:5ff:fe59:2d57%4
                                       192.168.0.1
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{D11598ED-6B43-4B40-BCB2-90C47A794083} canceled.
Unable to cancel {DC5A3370-DCEE-43D1-BF31-5C56B71B60F2}.
Unable to cancel {56A3C085-0DB8-4989-88DE-523EFF92A266}.
Unable to cancel {32F13719-DA3B-472B-B917-77C7CFD1CB63}.
Unable to cancel {E3DFC202-CE90-47E8-98E5-52C37C9A7373}.
Unable to cancel {870A8521-D3E6-4EDF-A2C7-37A84B282848}.
Unable to cancel {E0C8F9E5-DB1C-4386-8E4C-A849DE1BED5F}.
Unable to cancel {712CE998-88FF-42B4-9979-829F52CC187E}.
Unable to cancel {7DBD6AAD-6A1B-4B38-9E8F-257B5E0E1AD4}.
Unable to cancel {05CF94E5-32FA-4D4F-855C-CEE414D0DAA2}.
Unable to cancel {567902D5-CAA4-4512-A0E1-F2D5DC5E4090}.
Unable to cancel {0FFC303D-2CAA-4248-8EFA-540F91AFB653}.
Unable to cancel {2DB95B1E-D039-4BFC-8C0D-1C38A4B06B96}.
Unable to cancel {2F6857C2-4E3F-4E91-87C5-C5B8D4C0D7A0}.
Unable to cancel {14D1956C-321C-439A-BC47-2A80303515ED}.
Unable to cancel {22135F96-EA48-4359-ADD7-984775724A75}.
Unable to cancel {687D17B8-CB45-4913-BC6E-9BAE028CB127}.
Unable to cancel {B2D8357C-0A61-47FF-A4D0-EAA66B70A95A}.
Unable to cancel {DDBEAD29-37B9-41A5-A872-A0106CDB962B}.
Unable to cancel {D8E17EA0-0037-4C01-AC47-D0CF86F5AC6C}.
Unable to cancel {402A5B5A-6FA7-4446-8661-6CABFA35083A}.
Unable to cancel {6992373F-80CB-48F5-89A6-397F87E8A1FC}.
Unable to cancel {E7237188-197B-4827-9AD0-7FA82BB9AC47}.
Unable to cancel {BFD80FC1-3B6A-4A0B-9B32-12FA3AD1E04D}.
Unable to cancel {7FA7804E-9E04-4E20-A368-27712B7171CF}.
Unable to cancel {28ABE193-EC83-401E-81CA-084D5E312E76}.
Unable to cancel {F762C35B-34C6-4DDA-A188-53E42A6ACA2C}.
Unable to cancel {6109A936-362E-4938-9401-13F0936767DF}.
Unable to cancel {64A92CB5-477E-4676-916F-E55EF17A378C}.
Unable to cancel {41A75B59-7372-488A-9C72-647601C9350C}.
Unable to cancel {97CD4716-D3A7-4684-AA7F-E19D0A4A7E40}.
Unable to cancel {EA64CB98-4869-453B-B1E7-ED3BE39A029F}.
Unable to cancel {38932780-BD17-44AF-BB13-B259E050920D}.
Unable to cancel {B883BA1D-E406-40D3-9EBF-AD9146C6D8FC}.
Unable to cancel {9B2D0DF7-C544-43BC-9449-87FDE4FAC004}.
Unable to cancel {891B4C9F-3FEF-49F0-B663-4557B498CE78}.
Unable to cancel {EAE278D0-8271-4C98-AE1B-CAA76C405085}.
Unable to cancel {63E7118A-28AE-4BC2-A7DB-1BE8DE9CB23C}.
Unable to cancel {97017402-35A6-4C73-A145-BEAE0EDDCC18}.
Unable to cancel {C4830671-A153-49CF-B3FC-98647FFA1F15}.
Unable to cancel {563D03CD-15EC-421F-822B-D36EA022EE20}.
Unable to cancel {57F2CB73-83C1-4B14-BE74-49E2091F4D76}.
Unable to cancel {71159810-A9ED-4305-BE41-A426C3D24F8F}.
Unable to cancel {87E16A69-8B91-4F70-A7EE-21C7859363EE}.
Unable to cancel {2FB7FE15-ACA1-41F8-A97C-F67276C7D327}.
Unable to cancel {543E268C-6D64-41DC-A3DC-873788E15499}.
Unable to cancel {6F79DDF9-FDAC-4601-9342-FD20615D91D2}.
1 out of 47 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 64.9 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:40:23 ====
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/10/2015
Scan Time: 2:02 PM
Logfile: scanlog.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.10.04
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kerri
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352277
Time Elapsed: 33 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 27
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [4ffd5ff69dee0b2b77ea2f906b9738c8], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [4ffd5ff69dee0b2b77ea2f906b9738c8], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [4ffd5ff69dee0b2b77ea2f906b9738c8], 
PUP.Optional.SolutionReal, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1bb456da-878f-44a5-b013-4bfe0ae02fce}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.SolutionReal, HKLM\SOFTWARE\CLASSES\TYPELIB\{88e14f4a-b9ff-4d14-8fba-af56edd73a5c}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.SolutionReal, HKLM\SOFTWARE\CLASSES\INTERFACE\{E4DBD29D-C2CE-4BBD-9C31-1C86EFD1636C}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.SolutionReal, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E4DBD29D-C2CE-4BBD-9C31-1C86EFD1636C}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.SolutionReal, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E4DBD29D-C2CE-4BBD-9C31-1C86EFD1636C}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.SolutionReal, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{88e14f4a-b9ff-4d14-8fba-af56edd73a5c}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.SolutionReal, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{88e14f4a-b9ff-4d14-8fba-af56edd73a5c}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.SolutionReal, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1BB456DA-878F-44A5-B013-4BFE0AE02FCE}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.SolutionReal, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1BB456DA-878F-44A5-B013-4BFE0AE02FCE}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.SolutionReal, HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1BB456DA-878F-44A5-B013-4BFE0AE02FCE}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.SolutionReal, HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1BB456DA-878F-44A5-B013-4BFE0AE02FCE}, Quarantined, [62eaafa629625adc89b89966748e5da3], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16FBDF8C-476F-4D6B-8009-84471903CF96}, Quarantined, [c6865ff692f93ff75138c2fe6e96fb05], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{82BACDC9-AFCE-41EE-92F5-B54F6DB45A1C}, Quarantined, [f755bb9afd8ea5913c4d0bb5a361768a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8B70E4E8-100A-4B4F-B928-6D8126B730BB}, Quarantined, [96b6b1a4622944f2ddac279964a06898], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5CE0D8E-0300-4A17-A89C-6CC8078348AD}, Quarantined, [202c97bebfcc6dc91079526ed92be020], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E65F4FE3-B8A9-408F-9E8D-37689E565618}, Quarantined, [a6a666ef67241224b1d8bf019a6ae31d], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\vosteran.exe, Quarantined, [29230f4624670630a762994238cc7e82], 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASAPI32, Quarantined, [69e33421ff8cb284205a8e5be51f9967], 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASMANCS, Quarantined, [b894e07529622c0abac06a7f2cd87e82], 
PUP.Optional.SolutionReal, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Solution Real, Quarantined, [13390e47cfbcf34375d2636f33d17888], 
PUP.Optional.SolutionReal, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Solution Real, Quarantined, [07451f36375481b51235c9098b796b95], 
PUP.Optional.Sanbreel, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64, Quarantined, [e369e174098261d548f41bb1c440ce32], 
PUP.Optional.OfferBoulevard, HKU\S-1-5-18\SOFTWARE\OfferBLVD, Quarantined, [0e3e66efeba06acc80a8be068c78e020], 
PUP.Optional.OfferBoulevard, HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\SOFTWARE\OfferBLVD, Quarantined, [3418a6af72199a9cc860a51fd33152ae], 
 
Registry Values: 6
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [53f974e1701b191d0ce7becc669e6898]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16fbdf8c-476f-4d6b-8009-84471903cf96}|AppPath, C:\Program Files (x86)\GamingWonderland\bar\1.bin, Quarantined, [c6865ff692f93ff75138c2fe6e96fb05]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{82bacdc9-afce-41ee-92f5-b54f6db45a1c}|AppPath, C:\Program Files (x86)\GamingWonderland\bar\1.bin, Quarantined, [f755bb9afd8ea5913c4d0bb5a361768a]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8b70e4e8-100a-4b4f-b928-6d8126b730bb}|AppPath, C:\Program Files (x86)\GamingWonderland\bar\1.bin, Quarantined, [96b6b1a4622944f2ddac279964a06898]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c5ce0d8e-0300-4a17-a89c-6cc8078348ad}|AppPath, C:\Program Files (x86)\GamingWonderland\bar\1.bin, Quarantined, [202c97bebfcc6dc91079526ed92be020]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e65f4fe3-b8a9-408f-9e8d-37689e565618}|AppPath, C:\Program Files (x86)\GamingWonderland\bar\1.bin, Quarantined, [a6a666ef67241224b1d8bf019a6ae31d]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 8
Rogue.Multiple, C:\ProgramData\2452707322, Quarantined, [f05c470e94f71e1823ba6a9731d2dc24], 
PUP.Optional.OptimizerPro, C:\Users\Kerri\AppData\Roaming\Optimizer Pro, Quarantined, [48044c09692260d65e3145f07e85c937], 
PUP.Optional.OptimizerPro, C:\Users\Kerri\AppData\Roaming\Optimizer Pro\Backup, Quarantined, [48044c09692260d65e3145f07e85c937], 
PUP.Optional.OptimizerPro, C:\Users\Kerri\AppData\Roaming\Optimizer Pro\Log, Quarantined, [48044c09692260d65e3145f07e85c937], 
PUP.Optional.OptimizerPro, C:\Users\Kerri\AppData\Roaming\Optimizer Pro\Undo, Quarantined, [48044c09692260d65e3145f07e85c937], 
PUP.Optional.SuperManCoupon, C:\ProgramData\SuperManCoupon, Quarantined, [62ea371ec2c9a29493f3f14c40c38977], 
PUP.Optional.TicTaCoupon, C:\ProgramData\TicTaCoupon, Quarantined, [0547381d6823d066b8f76ed0c14243bd], 
PUP.Optional.TicTaCoupon, C:\ProgramData\TicTaCoupon\.Npackd, Quarantined, [0547381d6823d066b8f76ed0c14243bd], 
 
Files: 6
PUP.Optional.MultiPlug.Uns, C:\ProgramData\SuperManCoupon\SuperManCoupon.exe, Quarantined, [0d3f5bfa2b60a88ebfb0702990722bd5], 
PUP.Optional.DsiLoad, C:\Users\Kerri\AppData\Local\dsisetup9847691712.exe, Quarantined, [d47802535c2f0531047eb3daf40dad53], 
PUP.Optional.TicTaCoupon, C:\ProgramData\TicTaCoupon\6HGUKG.dat, Quarantined, [0547381d6823d066b8f76ed0c14243bd], 
PUP.Optional.TicTaCoupon, C:\ProgramData\TicTaCoupon\6HGUKG.tlb, Quarantined, [0547381d6823d066b8f76ed0c14243bd], 
PUP.Optional.TicTaCoupon, C:\ProgramData\TicTaCoupon\.Npackd\Uninstall.bat, Quarantined, [0547381d6823d066b8f76ed0c14243bd], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ? Any problems ?
  • 0

#7
carebear04

carebear04

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Not that I have noticed. It seems to be moving much quicker now.


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP