I am working on my daughters computer and am thinking she has spyware issues. Had to fight to download a new browser (Chrome) due to not being able to get anything to work on Internet Explorer without getting pop-ups ad fake Windows security alerts. Her computer is also running super slow and is to the point that she does not even play on her own computer because she can not do anything. I have restored the computer back to January 2015 date because before doing that I could not get anything at all to work on the internet. Below are the logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by Kerri (administrator) on KERRI (10-10-2015 00:09:54)
Running from C:\Users\Kerri\Desktop
Loaded Profiles: Kerri (Available Profiles: Kerri)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
() C:\Program Files (x86)\Solution Real\updateSolutionReal.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.26\OptProSmartScan.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [OfferBoulevard] => C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe [378888 2014-09-09] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.26\OptProLauncher.exe [148048 2015-01-06] (PC Utilities Software Limited)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
Startup: C:\Users\Kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2014-05-11]
ShortcutTarget: IMVU.lnk -> C:\Users\Kerri\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50359;https=127.0.0.1:50359
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F5B27B23-926A-45AB-B151-31B474FF1A30}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://Vosteran.com/?f=1&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> DefaultScope {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^man000^YYA^&ptb=B04A13E7-F7AB-46AA-950E-BE13EC599A59&psa=&ind=2014062917&st=sb&n=780c2945&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> DefaultScope {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> {364DB82F-1976-430E-9DE3-887805ED23E4} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_omxmedia_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyD0E0EyE0AtA0CyC0B0EtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StByC0A0ByBzyyCtDtG0FyD0EyDtG0CyDzyzztG0FtD0EzztGtCyBzytDyCzz0EyC0C0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyCtDtD0FtBtDtG0C0FyBtBtGyEyBzztDtGzyzyzy0EtG0C0CtBtAyC0B0ByBzz0CyB0F2Q&cr=1325538413&ir=
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^man000^YYA^&ptb=B04A13E7-F7AB-46AA-950E-BE13EC599A59&psa=&ind=2014062917&st=sb&n=780c2945&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2947971214-2564108716-2143810627-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-05-20] (Microsoft Corporation)
BHO: dealsteeR -> {36fc43c3-e717-4159-a945-81bdbb1b510d} -> C:\ProgramData\dealsteeR\h1SIgDS9S9Ws4y.x64.dll [2015-01-11] ()
BHO: saaveitkeep. -> {ae18ecdc-f14b-49f3-847d-5e781c7faff7} -> C:\ProgramData\saaveitkeep\ffgo6tGUWjWeU2.x64.dll [2015-01-11] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
BHO-x32: Solution Real 1.0.0.6 -> {1bb456da-878f-44a5-b013-4bfe0ae02fce} -> C:\Program Files (x86)\Solution Real\SolutionRealbho.dll [2015-01-09] (Solution Real)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-06-20] (Microsoft Corporation)
BHO-x32: dealsteeR -> {36fc43c3-e717-4159-a945-81bdbb1b510d} -> C:\ProgramData\dealsteeR\h1SIgDS9S9Ws4y.dll [2015-01-11] ()
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-05] (Oracle Corporation)
BHO-x32: saaveitkeep. -> {ae18ecdc-f14b-49f3-847d-5e781c7faff7} -> C:\ProgramData\saaveitkeep\ffgo6tGUWjWeU2.dll [2015-01-11] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-05] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\1.bin\NPgtEISB.dll [2013-12-25] (GamingWonderland)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2947971214-2564108716-2143810627-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kerri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-14] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-11-30]
FF HKLM-x32\...\Firefox\Extensions: [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] - 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => not found
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 0\extensions\{jid1-eFRcA0eiPxecTQ@jetpack} => not found
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-10]
CHR Extension: (Google Docs) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-09]
CHR Extension: (Google Drive) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-09]
CHR Extension: (YouTube) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Google Search) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-09]
CHR Extension: (Google Sheets) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-10]
CHR Extension: (Google Docs Offline) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-10]
CHR Extension: (Norton Identity Safe) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-10-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-09]
CHR Extension: (Norton Security Toolbar) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-10]
CHR Extension: (Gmail) - C:\Users\Kerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx <not found>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 afa5aa21; c:\Program Files (x86)\SystemEnterprise\SystemEnterprise.dll [2286080 2015-01-10] () [File not signed]
R2 b0551d12; c:\Program Files (x86)\Optimizer Pro 3.26\OptProMon.dll [2763344 2015-01-09] () <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2015-01-09] (RaMMicHaeL)
R2 Update Solution Real; C:\Program Files (x86)\Solution Real\updateSolutionReal.exe [529656 2015-01-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-29] (Symantec Corporation)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131227.001\IDSvia64.sys [521944 2013-12-20] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131228.006\ENG64.SYS [126040 2013-12-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131228.006\EX64.SYS [2099288 2013-12-21] (Symantec Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-16] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-10 00:11 - 2015-10-10 00:11 - 00001079 _____ C:\Users\Kerri\Desktop\Super Optimizer.lnk
2015-10-10 00:11 - 2015-10-10 00:11 - 00000352 _____ C:\Windows\Tasks\Superclean.job
2015-10-10 00:11 - 2015-10-10 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-10-10 00:11 - 2015-10-10 00:11 - 00000000 ____D C:\ProgramData\{083b5f04-dece-0d40-083b-b5f04dec7c13}
2015-10-10 00:09 - 2015-10-10 00:10 - 00023275 _____ C:\Users\Kerri\Desktop\FRST.txt
2015-10-10 00:08 - 2015-10-10 00:08 - 02194944 _____ (Farbar) C:\Users\Kerri\Desktop\FRST64.exe
2015-10-10 00:06 - 2015-10-10 00:09 - 00000000 ____D C:\FRST
2015-10-10 00:06 - 2015-10-10 00:06 - 02194944 _____ (Farbar) C:\Users\Kerri\Downloads\FRST64 (1).exe
2015-10-10 00:05 - 2015-10-10 00:05 - 02194944 _____ (Farbar) C:\Users\Kerri\Downloads\FRST64.exe
2015-10-10 00:03 - 2015-10-10 00:03 - 01698304 _____ (Farbar) C:\Users\Kerri\Downloads\FRST.exe
2015-10-09 23:59 - 2015-10-09 23:59 - 00002250 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-09 23:59 - 2015-10-09 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-09 19:54 - 2015-10-09 19:54 - 00000000 ____D C:\Users\Kerri\Documents\Super Optimizer
2015-10-09 19:54 - 2015-10-09 19:54 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\Super Optimizer
2015-10-09 19:51 - 2015-10-09 19:51 - 00000000 _____ C:\Users\Kerri\AppData\Local\Temp.dat
2015-10-09 19:48 - 2015-10-09 21:39 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-10-09 19:47 - 2015-10-09 21:38 - 00000000 ____D C:\ProgramData\{7055f81c-1e73-dd53-7055-5f81c1e7e070}
2015-09-13 08:25 - 2015-10-09 21:34 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-10 00:03 - 2013-11-29 19:50 - 00000000 ____D C:\Users\Kerri\AppData\Local\Packages
2015-10-10 00:03 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-10 00:02 - 2014-12-26 23:02 - 00000304 _____ C:\Windows\Tasks\PennyBee.job
2015-10-10 00:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-09 23:59 - 2013-11-29 22:58 - 00000000 ____D C:\Users\Kerri\AppData\Local\Google
2015-10-09 23:59 - 2013-10-16 22:41 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-09 23:56 - 2013-10-16 22:06 - 01298492 _____ C:\Windows\WindowsUpdate.log
2015-10-09 23:55 - 2013-11-29 19:56 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2947971214-2564108716-2143810627-1001
2015-10-09 23:53 - 2014-07-09 23:09 - 00000000 ____D C:\ProgramData\Npackd
2015-10-09 23:52 - 2014-07-09 22:52 - 00000304 _____ C:\Windows\Tasks\Rocket Updater.job
2015-10-09 23:51 - 2013-11-29 19:55 - 00000000 ___DO C:\Users\Kerri\SkyDrive
2015-10-09 23:50 - 2014-05-11 12:11 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\IMVU
2015-10-09 23:50 - 2013-11-29 19:47 - 00000000 ____D C:\Users\Kerri
2015-10-09 23:50 - 2013-10-16 22:41 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-09 23:33 - 2015-01-09 22:33 - 00000304 _____ C:\Windows\Tasks\WSE_Vosteran.job
2015-10-09 23:28 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-09 23:25 - 2013-10-16 22:41 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-09 23:14 - 2013-09-12 23:25 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-09 23:06 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 23:05 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-10-09 23:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
2015-10-09 23:00 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-10-09 23:00 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\servicing
2015-10-09 22:59 - 2014-11-01 15:27 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2015-10-09 22:59 - 2014-08-14 11:25 - 00000000 ____D C:\Windows\Minidump
2015-10-09 22:58 - 2015-01-09 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-10-09 22:58 - 2014-11-01 13:35 - 00000000 ____D C:\ProgramData\UltraCoupon
2015-10-09 22:58 - 2014-05-20 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-09 22:58 - 2013-11-30 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-09 22:58 - 2013-11-30 18:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-09 22:58 - 2013-11-30 18:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-09 22:58 - 2013-10-16 22:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-10-09 21:54 - 2014-07-11 08:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-09 21:54 - 2013-08-22 15:12 - 00000000 ____D C:\Windows\ShellNew
2015-10-09 21:54 - 2013-08-22 15:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 __RSD C:\Windows\Media
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\MSDRM
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\MSDRM
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\icsxml
2015-10-09 21:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Camera
2015-10-09 21:54 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\oobe
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\sppui
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\ras
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Bthprops
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\WinMetadata
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-10-09 21:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system\Speech
2015-10-09 21:53 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-10-09 21:53 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-10-09 21:52 - 2014-12-30 00:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___SD C:\Windows\system32\dsc
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sppui
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\setup
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\ras
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\ias
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Com
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Bthprops
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\MediaViewer
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\L2Schemas
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\IME
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\FileManager
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\addins
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-09 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-10-09 21:52 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Sysprep
2015-10-09 21:52 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Dism
2015-10-09 21:44 - 2013-10-16 22:36 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ___SD C:\Windows\system32\Configuration
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\IME
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\InputMethod
2015-10-09 21:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\IME
2015-10-09 21:43 - 2015-01-09 22:35 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-10-09 21:43 - 2015-01-09 22:35 - 00000000 ____D C:\Users\Kerri\AppData\Local\Vosteran
2015-10-09 21:43 - 2015-01-09 22:33 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\WSE_Vosteran
2015-10-09 21:40 - 2015-01-11 09:47 - 00000000 ____D C:\ProgramData\saaveitkeep
2015-10-09 21:40 - 2015-01-11 09:46 - 00000000 ____D C:\ProgramData\dealsteeR
2015-10-09 21:40 - 2013-10-16 22:06 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-09 21:40 - 2013-09-12 23:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-09 21:40 - 2013-09-12 23:53 - 00000000 ____D C:\ProgramData\Norton
2015-10-09 21:39 - 2015-06-25 14:14 - 00000000 ____D C:\Program Files (x86)\RoyalCCOupon
2015-10-09 21:39 - 2015-06-21 14:56 - 00000000 ____D C:\Program Files (x86)\Instair New Tab
2015-10-09 21:39 - 2015-06-21 12:56 - 00000000 ____D C:\Program Files (x86)\RoyaleCoaupon
2015-10-09 21:39 - 2015-06-21 12:56 - 00000000 ____D C:\Program Files (x86)\RoyaLCoouipon
2015-10-09 21:39 - 2015-06-21 12:38 - 00000000 ____D C:\Program Files (x86)\ClickForSealEE
2015-10-09 21:39 - 2015-06-21 12:38 - 00000000 ____D C:\Program Files (x86)\ClickFOrSAlee
2015-10-09 21:39 - 2015-06-21 12:37 - 00000000 ____D C:\Program Files (x86)\CClicckForSaalee
2015-10-09 21:39 - 2015-06-21 12:35 - 00000000 ____D C:\Program Files (x86)\IP Address
2015-10-09 21:39 - 2015-03-07 14:17 - 00000000 ____D C:\Program Files (x86)\ShopperMaaster
2015-10-09 21:39 - 2015-02-17 20:03 - 00000000 ____D C:\Program Files (x86)\ExettraSohoopper
2015-10-09 21:39 - 2015-02-17 20:02 - 00000000 ____D C:\Program Files (x86)\FlaSHCeoupon
2015-10-09 21:39 - 2015-02-13 22:55 - 00000000 ____D C:\Program Files (x86)\PerroShhopper
2015-10-09 21:39 - 2015-02-13 22:36 - 00000000 ____D C:\Program Files (x86)\saVingtoyaou
2015-10-09 21:39 - 2015-02-13 22:36 - 00000000 ____D C:\Program Files (x86)\DiscOuNtLoCAtor
2015-10-09 21:39 - 2015-01-10 14:10 - 00000000 ____D C:\Program Files (x86)\SystemEnterprise
2015-10-09 21:39 - 2015-01-09 22:33 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-10-09 21:39 - 2014-12-29 21:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-09 21:39 - 2014-12-26 23:02 - 00000000 ____D C:\Program Files (x86)\OfferBoulevard
2015-10-09 21:39 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-09 21:38 - 2015-02-18 22:19 - 00000000 ____D C:\ProgramData\ProductData
2015-10-09 21:38 - 2015-02-18 22:19 - 00000000 ____D C:\ProgramData\IObit
2015-10-09 21:36 - 2015-02-18 22:19 - 00000000 ____D C:\Users\Kerri\AppData\Roaming\IObit
2015-10-09 21:36 - 2015-02-18 22:19 - 00000000 ____D C:\Users\Kerri\AppData\LocalLow\IObit
2015-10-09 20:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
2015-10-09 19:49 - 2015-02-18 21:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-09 19:44 - 2015-02-17 21:41 - 00000000 ____D C:\Program Files\CCleaner
==================== Files in the root of some directories =======
2014-08-10 16:52 - 2015-01-24 18:33 - 0000131 _____ () C:\Users\Kerri\AppData\Roaming\WB.CFG
2015-01-10 10:33 - 2015-01-10 10:33 - 0000010 _____ () C:\Users\Kerri\AppData\Local\DSI.DAT
2015-01-10 10:33 - 2015-01-10 10:33 - 0022528 _____ () C:\Users\Kerri\AppData\Local\dsisetup9847691712.exe
2015-10-09 19:51 - 2015-10-09 19:51 - 0000000 _____ () C:\Users\Kerri\AppData\Local\Temp.dat
2013-10-16 22:12 - 2013-10-16 22:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Kerri\AppData\Local\Temp\optprosetup.exe
C:\Users\Kerri\AppData\Local\Temp\supoptsetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-02 18:26
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by Kerri (2015-10-10 00:12:00)
Running from C:\Users\Kerri\Desktop
Windows 8.1 (X64) (2013-11-29 23:49:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2947971214-2564108716-2143810627-500 - Administrator - Disabled)
Guest (S-1-5-21-2947971214-2564108716-2143810627-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2947971214-2564108716-2143810627-1003 - Limited - Enabled)
Kerri (S-1-5-21-2947971214-2564108716-2143810627-1001 - Administrator - Enabled) => C:\Users\Kerri
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B280788C-B671-E08D-4219-CE907B7BFF75}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
dealsteeR (HKLM-x32\...\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}) (Version: - "") <==== ATTENTION
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
saaveitkeep. (HKLM-x32\...\{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE}) (Version: - "") <==== ATTENTION
Solution Real (HKLM\...\Solution Real) (Version: 2015.01.10.022310 - Solution Real) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
SystemEnterprise (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{afa5aa21}) (Version: - Software Publisher) <==== ATTENTION
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL)
Unity Web Player (HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Vosteran (HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\...\Vosteran) (Version: 31.0.1650.23 - Vosteran) <==== ATTENTION
WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version: - WSE_Vosteran) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
18-02-2015 22:46:38 Windows Modules Installer
07-06-2015 09:14:01 Windows Update
21-06-2015 12:18:53 Windows Update
09-10-2015 19:28:03 Windows Update
09-10-2015 20:10:00 Restore Operation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2015-10-09 23:07 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00DB3031-ECBC-41E6-95E7-EADDF2AD876F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {12A65E19-3717-4346-9133-CD81534D068C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Task: {13B5FDAC-9781-4749-996A-81C1587C9249} - \Advanced System Protector_startup -> No File <==== ATTENTION
Task: {1B3DFD5A-4400-4DEA-ACE6-3CB6B0E55D9B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2C842700-2D89-49A7-8153-6C6C74A03735} - System32\Tasks\Rocket Updater => C:\Users\Kerri\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3A1A2F93-2F19-4149-ADDC-BE74C06FFDB9} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {3BF0ED5B-ED2D-4793-8C70-8E4DC9AA4422} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {3EB6DFA0-30ED-40D3-8B43-1C164B8D638A} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {529DC282-7AB8-450F-AAEE-C2DC458117A3} - \RegClean Pro -> No File <==== ATTENTION
Task: {552AA5F4-1E84-4C96-8F9D-214F99D4DB05} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {64E2365E-5340-4D65-9E8F-400D1042928B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {670F765C-8DAD-4190-80B0-8BFA9D61A15C} - System32\Tasks\NSManager => C:\Users\Kerri\AppData\Local\NSManager\manager.exe [2014-04-04] ()
Task: {6E2BDF84-3706-4F7D-8DA4-58AA78FFE732} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.26\OptProLauncher.exe [2015-01-06] (PC Utilities Software Limited) <==== ATTENTION
Task: {838D5780-AB0F-4FE0-8064-C6F41BAB63C0} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {8557D8DE-D16F-402F-9B8D-35F158DD344C} - System32\Tasks\Driver Pro Schedule => C:\Program Files (x86)\Driver Pro\DPTray.exe <==== ATTENTION
Task: {8E0498AD-70D6-4535-93A3-05E9D641FB66} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Task: {9A34E58C-DA65-40F2-A070-F8BF1704B735} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9B645169-6233-4087-81D8-9656ED515749} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {A335A6DC-2116-4977-AE06-EA13C7A035B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {A47E90A9-A42C-4ADE-B826-F497E754DE9F} - System32\Tasks\WSE_Vosteran => C:\Users\Kerri\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A5A3C234-804A-4672-AB06-F0C1D0E24D6C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A7A1688F-8E3E-485F-92DC-9ED4306A172A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B811FA9E-AEF8-410A-861E-CF77C8C98642} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {CA8DC40F-3845-4C58-BAA1-76DC20330271} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {D3D941C7-E1F1-48F1-B505-BC3128B12C87} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DBBB58E2-A68E-4341-8F11-0F4555E8F24A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E9E9DFC6-A9BF-4216-BB98-9B5E2C3988D1} - System32\Tasks\PennyBee => C:\Users\Kerri\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EFD4B4FA-B239-476D-A4AC-8BABA7106D5F} - System32\Tasks\{0265AAAB-612E-46E2-B07E-1622D358DF42} => pcalua.exe -a C:\Users\Kerri\AppData\Local\Roblox\Versions\version-1fc13f51ea764eb7\RobloxPlayerLauncher.exe -c -uninstall
Task: {F86875CD-03D4-45D3-B737-0390E07DF79E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-30] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2947971214-2564108716-2143810627-1001Core.job => C:\Users\Kerri\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PennyBee.job => C:\Users\Kerri\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Kerri\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{083b5f04-dece-0d40-083b-b5f04dec7c13}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Kerri\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2014-06-03 08:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-10 15:54 - 2013-09-10 15:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-01-09 22:24 - 2015-01-09 22:24 - 00529656 _____ () C:\Program Files (x86)\Solution Real\updateSolutionReal.exe
2014-07-11 08:57 - 2014-05-20 12:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-09-09 10:35 - 2014-09-09 10:35 - 00378888 _____ () C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe
2015-01-10 14:10 - 2015-01-10 14:10 - 02286080 _____ () c:\Program Files (x86)\SystemEnterprise\SystemEnterprise.dll
2015-01-09 22:33 - 2015-01-09 22:33 - 02763344 _____ () c:\Program Files (x86)\Optimizer Pro 3.26\OptProMon.dll
2014-12-29 21:53 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-29 21:53 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-29 21:53 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-29 21:53 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-29 21:53 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-09 10:35 - 2014-09-09 10:35 - 00316936 _____ () C:\Program Files (x86)\OfferBoulevard\DPHelper.dll
2015-01-11 09:46 - 2015-01-11 09:46 - 00566272 _____ () C:\ProgramData\dealsteeR\h1SIgDS9S9Ws4y.dll
2015-01-11 09:47 - 2015-01-11 09:47 - 00566272 _____ () C:\ProgramData\saaveitkeep\ffgo6tGUWjWeU2.dll
2015-10-09 23:59 - 2015-09-23 22:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-09 23:59 - 2015-09-23 22:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-09 23:59 - 2015-09-23 22:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
2015-10-10 00:11 - 2015-07-31 12:28 - 01183792 _____ () C:\Program Files (x86)\Super Optimizer\SupOptStart.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Kerri\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2947971214-2564108716-2143810627-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img5.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4D5270B1-0B8C-4F0F-BA21-168A1616FE62}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{592F843D-D917-4F0D-8A88-1414418C2182}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{84304C0A-EEF5-4340-8DDC-AAF19C527B93}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{132CCEE5-DABE-48ED-8606-BF266CD01343}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D0D2F67A-7EE3-4BFB-8523-BB67C9A26B70}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{FD508DC7-1D20-49D8-85A6-2174EA3C92CF}] => (Allow) C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BRT.Helper.exe
FirewallRules: [{5831BB7B-CA95-47D8-9909-F31913723DA7}] => (Allow) C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BRT.Helper.exe
FirewallRules: [{4CE62919-9A3D-4F71-A66E-97383DC6ED9A}] => (Allow) C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BRT.Helper.exe
FirewallRules: [{32E4ABD8-9A3D-4A25-9753-09447CA0B18A}] => (Allow) C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BRT.Helper.exe
FirewallRules: [{8F0F8E7F-3405-4C93-87C6-3F8B24FE7AED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2015 12:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1224) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU006D9.log.
Error: (10/09/2015 11:56:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KERRI)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (10/09/2015 11:52:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d14
Start Time: 01d1030ee2ac815b
Termination Time: 568
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 555ba7d6-6f02-11e5-827a-008cfa768bee
Faulting package full name:
Faulting package-relative application ID:
Error: (10/09/2015 11:51:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (10/09/2015 08:10:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
.
Error: (10/09/2015 08:09:54 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer WMI Writer experienced retryable error during shadow copy creation. Retrying...
More info: .
Error: (10/09/2015 08:09:54 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer MSSearch Service Writer experienced retryable error during shadow copy creation. Retrying...
More info: .
Error: (10/09/2015 08:09:54 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying...
More info: .
Error: (10/09/2015 08:09:54 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer COM+ REGDB Writer experienced retryable error during shadow copy creation. Retrying...
More info: .
Error: (10/09/2015 08:08:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 15dc
Start Time: 01d102ef18832edf
Termination Time: 4294967295
Application Path: C:\Windows\syswow64\wwahost.exe
Report Id: 0f9523ec-6ee3-11e5-8283-008cfa768bee
Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Faulting package-relative application ID: App
System errors:
=============
Error: (10/09/2015 10:56:25 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
Error: (10/09/2015 08:14:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
Error: (10/09/2015 08:14:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062
Error: (10/09/2015 08:13:29 PM) (Source: DCOM) (EventID: 10010) (User: KERRI)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/09/2015 08:03:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 664D3057.PirateJump2Free.
Error: (10/09/2015 08:03:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 48690VisheshOberoi.AngryRunMan.
Error: (10/09/2015 08:00:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 664D3057.PirateJump2Free.
Error: (10/09/2015 08:00:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 48690VisheshOberoi.AngryRunMan.
Error: (10/09/2015 08:00:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Update for Windows 8.1 for x64-based Systems (KB3024755).
Error: (10/09/2015 08:00:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Update for Windows 8.1 for x64-based Systems (KB3025417).
==================== Memory info ===========================
Processor: AMD E1-1200 APU with Radeon HD Graphics
Percentage of memory in use: 58%
Total physical RAM: 3658.26 MB
Available physical RAM: 1527.01 MB
Total Virtual: 4298.26 MB
Available Virtual: 1696.73 MB
==================== Drives ================================
Drive c: (TI10673700F) (Fixed) (Total:456.46 GB) (Free:412.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================