Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack maybe? Win7 computer.


  • This topic is locked This topic is locked
39 replies to this topic

#1 philipvw

philipvw

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 03 September 2015 - 04:42 PM

Hi, thanks for the help!
I think this is a browser hijack. When it IE, if you open the IE browser it gets hijacked with all sorts of "you have been infected, call XXX-XXX-XXXX now for resolution! Obviously I am NOT going to call. IE appears to be the only browser on the machine, It's my daughter's not mine, and I am sure it had Chrome on it before, but seems long gone. I dont know if she deleted it or some malware did.
 
Programs logs below!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Katt (administrator) on KATT-PC (03-09-2015 17:23:37)
Running from C:\Virus Removal
Loaded Profiles: Katt (Available Profiles: Katt)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Creepy Dress\Creepy Dress.exe
() C:\Program Files (x86)\Deceitful Outcome\Deceitful Outcome.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files (x86)\DNS Unlocker\dnskingston.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [594080 2010-07-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [377504 2010-07-29] (Atheros Commnucations)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SearchProtection] => C:\ProgramData\Search Protection\_run.bat
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7553] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat [49102 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD3057] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat [49102 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3153] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat [3656 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD6363] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat [3656 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5841] => C:\Users\Katt\AppData\Local\SearchProtect\UI\rep\UIRepository.dat [5686 2015-09-02] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD467] => C:\Users\Katt\AppData\Local\SearchProtect\UI\rep\UIRepository.dat [5686 2015-09-02] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB250] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png [2240 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2226] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png [2240 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2026] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png [2328 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9051] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png [2328 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB4003] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png [2348 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD159] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png [2348 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB6413] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png [9731 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1940] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png [9731 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB9141] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png [11390 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2189] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png [11390 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7291] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png [35253 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD4642] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png [35253 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7795] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png [31085 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1058] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png [31085 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB763] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png [9918 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9164] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png [9918 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1256] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png [12299 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9637] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png [12299 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3965] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png [9198 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD8195] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png [9198 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2594] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png [16798 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9244] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png [16798 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7830] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png [1256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png [1256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1608] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png [933 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2522] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png [933 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5600] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png [1065 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD316] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png [1065 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB9015] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png [1364 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7018] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png [1364 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3463] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png [378 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9351] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png [378 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2880] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png [360 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD8060] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png [360 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB9497] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png [274 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1134] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png [274 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB611] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png [1264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1909] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png [1264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3064] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png [1405 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9632] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png [1405 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB6865] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png [2993 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9472] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png [2993 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1014] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png [1119 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2530] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png [1119 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB8255] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png [1038 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7501] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png [1038 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7153] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png [1049 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2240] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png [1049 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2227] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png [256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2683] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png [256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1162] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png [1339 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7739] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png [1339 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB8016] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png [424 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9379] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png [424 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB370] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png [1014 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD759] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png [1014 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7388] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png [3264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1238] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png [3264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB8114] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png [1553 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD5414] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png [1553 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5677] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png [1715 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7178] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png [1715 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB490] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png [859 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2632] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png [859 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3405] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png [886 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD5585] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png [886 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7961] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png [1257 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD3665] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png [1257 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5471] => command.com /c del ""
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9163] => cmd.exe /c del ""
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-08-16] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-08-16] (Client Connect LTD)
AppInit_DLLs-x32:  c:\progra~3\winfil~1\winfil~1.dll => c:\ProgramData\WinFilter\WinFilter.dll [4126720 2013-12-28] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2642284316-3603185689-148077862-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0503017A-7316-4E4B-AF5B-3E62B3E774F2}: [NameServer] 199.203.131.145,82.163.143.167
Tcpip\..\Interfaces\{7F00933A-5A30-4DA1-B7C1-BBFF650106A7}: [NameServer] 199.203.131.145,82.163.143.167
Tcpip\..\Interfaces\{7F00933A-5A30-4DA1-B7C1-BBFF650106A7}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.search-guide.info/?l=1&q={searchTerms}&pid=1153&r=2013/11/12&hid=13365719374647196976&lg=EN&cc=US&unqvl=40
SearchScopes: HKU\S-1-5-21-2642284316-3603185689-148077862-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2642284316-3603185689-148077862-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=MDD64B8B9-B066-4CC3-945A-5FB0387BC794&SearchSource=58&CUI=&UM=8&UP=SP82ECA886-CBFA-461F-999D-81FCDCB3B5C0&D=081615&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2642284316-3603185689-148077862-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: FuunDeals -> {2C3CE956-A010-4DBF-BDA4-B2376A0189C2} -> C:\Program Files (x86)\FuunDeals\eOafLdAdUJ6tKm.x64.dll [2015-08-19] ()
BHO-x32: FuunDeals -> {2C3CE956-A010-4DBF-BDA4-B2376A0189C2} -> C:\Program Files (x86)\FuunDeals\eOafLdAdUJ6tKm.dll [2015-08-19] ()
Toolbar: HKU\S-1-5-21-2642284316-3603185689-148077862-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-22]
CHR Extension: (Google Docs) - C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-22]
CHR Extension: (Google Drive) - C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-22]
CHR Extension: (Mahjong) - C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\beoldljceodklpdmkgelhbdllhhciinh [2015-08-19]
CHR Extension: (YouTube) - C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-22]
CHR Extension: (Bing) - C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-07-22]
CHR Extension: (Google Search) - C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-22]
CHR Extension: (Google Sheets) - C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-22]
CHR Extension: (No Name) - C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-22]
CHR HKU\S-1-5-21-2642284316-3603185689-148077862-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 03e661da; c:\ProgramData\WinFilter\WinFilterSvc.dll [176976 2013-12-28] () [File not signed]
R2 6e058918; c:\Program Files (x86)\QuickShopper\QuickShopper.dll [2586624 2015-08-19] () [File not signed]
R2 9bfdc3db; c:\Program Files (x86)\TampaTrim\TampaTrim.dll [2420736 2015-08-19] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-07-29] (Atheros Commnucations) [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3240208 2015-08-16] (Client Connect LTD)
R2 Creepy Dress; C:\Program Files (x86)\Creepy Dress\Creepy Dress.exe [8016491 2015-07-22] () [File not signed] <==== ATTENTION
R2 Deceitful Outcome; C:\Program Files (x86)\Deceitful Outcome\Deceitful Outcome.exe [8016498 2015-06-07] () [File not signed] <==== ATTENTION
R2 GREGService; C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [28832 2010-07-29] (Atheros) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-16] (GFI Software)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 17:23 - 2015-09-03 17:23 - 00000000 ____D C:\Virus Removal
2015-09-03 17:23 - 2015-09-03 17:23 - 00000000 ____D C:\FRST
2015-09-01 22:35 - 2015-09-01 23:08 - 00003242 _____ C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-09-01 22:35 - 2015-09-01 22:35 - 00000000 ____D C:\Users\Katt\Documents\Super Optimizer
2015-09-01 22:35 - 2015-09-01 22:35 - 00000000 ____D C:\Users\Katt\AppData\Roaming\Super Optimizer
2015-09-01 22:30 - 2015-09-01 22:30 - 00001093 _____ C:\Users\Katt\Desktop\Super Optimizer.lnk
2015-09-01 22:30 - 2015-09-01 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-09-01 22:30 - 2015-09-01 22:30 - 00000000 ____D C:\ProgramData\{2061df41-349b-f2ce-2061-1df413497d04}
2015-09-01 22:30 - 2015-09-01 22:30 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-08-23 16:46 - 2015-09-02 01:24 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-08-23 16:46 - 2015-08-23 16:46 - 00026356 _____ C:\Windows\System32\Tasks\DNSKINGSTON
2015-08-23 16:26 - 2015-08-23 16:26 - 00003448 _____ C:\Windows\System32\Tasks\bvxvbxvd
2015-08-23 16:26 - 2015-08-23 16:26 - 00000000 ____D C:\Users\Katt\AppData\Local\bvxvbxvd
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\ProgramData\1207212995743438252
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\Mahjong
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\FuunDeals
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\FuNDealS
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\FunDeaelas
2015-08-19 16:30 - 2015-08-19 16:30 - 00000000 ____D C:\Program Files (x86)\TampaTrim
2015-08-19 16:30 - 2015-08-19 16:30 - 00000000 ____D C:\Program Files (x86)\QuickShopper
2015-08-18 09:13 - 2015-08-18 09:13 - 00000000 ____D C:\Users\Katt\AppData\Local\SearchProtect
2015-08-17 14:08 - 2015-09-01 23:34 - 00022537 _____ C:\Windows\wininit.ini
2015-08-16 17:55 - 2015-09-03 16:30 - 00000338 _____ C:\Windows\Tasks\Superclean.job
2015-08-16 17:55 - 2015-09-01 22:30 - 00003248 _____ C:\Windows\System32\Tasks\Superclean
2015-08-16 17:55 - 2015-08-22 15:14 - 00000000 ____D C:\ProgramData\{906a5843-adc7-7e3d-906a-a5843adc610e}
2015-08-16 17:34 - 2015-08-16 17:34 - 00001548 _____ C:\Users\Katt\AppData\Local\PDLSetup.20150816.173447.txt
2015-08-16 17:32 - 2015-08-16 17:33 - 00019968 ___SH C:\Users\Katt\Downloads\Thumbs.db
2015-08-16 09:46 - 2015-08-23 16:26 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-08-16 09:44 - 2015-08-16 09:44 - 00000020 _____ C:\Users\Katt\AppData\Roaming\appdataFr2.bin
2015-08-10 16:57 - 2015-08-10 16:57 - 00000000 ____D C:\Program Files (x86)\RooboSaveer
2015-08-10 16:41 - 2015-08-10 16:41 - 00000000 ____D C:\Program Files (x86)\RoBuoSaver
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\ProgramData\iobfmkopdhfmfkmpdbeigkcipojmecfg
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\ProgramData\afidjlfbookaefgkjigkkmkjecojgicg
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\Program Files (x86)\DEaLExprEsS
2015-08-06 12:42 - 2015-08-06 12:42 - 00000000 ____D C:\Program Files (x86)\FuNDeAuLs
2015-08-06 12:41 - 2015-08-06 12:41 - 00000000 ____D C:\Program Files (x86)\FuunDaeoals
2015-08-06 12:41 - 2015-08-06 12:41 - 00000000 ____D C:\Program Files (x86)\FunDeAAls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 17:22 - 2009-07-14 00:51 - 00175320 _____ C:\Windows\setupact.log
2015-09-03 16:55 - 2012-07-17 16:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-03 12:33 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 12:33 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-02 21:29 - 2011-07-10 07:56 - 01214784 _____ C:\Windows\WindowsUpdate.log
2015-09-02 01:24 - 2015-04-07 09:49 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-02 01:23 - 2012-09-26 16:33 - 00000000 __RHD C:\MSOCache
2015-09-02 01:23 - 2012-09-25 17:07 - 00000000 ____D C:\Users\Katt\AppData\Roaming\SoftGrid Client
2015-09-02 01:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-09-01 23:11 - 2009-07-14 01:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-01 23:06 - 2014-01-02 21:17 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-09-01 23:06 - 2013-01-24 16:53 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2015-09-01 23:06 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 22:09 - 2011-12-01 17:46 - 00000000 ____D C:\Users\Katt
2015-09-01 21:26 - 2014-01-31 00:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-08-24 13:42 - 2012-02-17 05:16 - 00000000 ____D C:\Users\Katt\AppData\Local\CrashDumps
2015-08-21 23:21 - 2010-11-20 23:47 - 00968976 _____ C:\Windows\PFRO.log
2015-08-19 16:30 - 2013-12-28 10:56 - 00000000 ____D C:\ProgramData\WinFilter
2015-08-16 17:27 - 2015-07-22 17:42 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-15 23:04 - 2015-05-27 13:29 - 00000024 _____ C:\Users\Katt\AppData\Roaming\appdataFr25.bin
2015-08-11 16:55 - 2012-07-17 16:26 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 16:55 - 2012-07-17 16:26 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 16:55 - 2012-07-17 16:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-10 16:58 - 2015-02-26 19:03 - 00000000 ____D C:\ProgramData\1207212995743438252UL
 
==================== Files in the root of some directories =======
 
2015-08-16 09:44 - 2015-08-16 09:44 - 0000020 _____ () C:\Users\Katt\AppData\Roaming\appdataFr2.bin
2015-05-27 13:29 - 2015-08-15 23:04 - 0000024 _____ () C:\Users\Katt\AppData\Roaming\appdataFr25.bin
2015-01-21 17:23 - 2015-02-25 15:06 - 0000020 _____ () C:\Users\Katt\AppData\Roaming\appdataFr3.bin
2012-02-17 22:23 - 2012-02-17 22:23 - 0001524 _____ () C:\Users\Katt\AppData\Local\PDLSetup.20120217.212341.txt
2014-01-02 21:25 - 2014-01-02 21:25 - 0001549 _____ () C:\Users\Katt\AppData\Local\PDLSetup.20140102.202547.txt
2015-08-16 17:34 - 2015-08-16 17:34 - 0001548 _____ () C:\Users\Katt\AppData\Local\PDLSetup.20150816.173447.txt
2013-01-07 21:29 - 2013-01-07 21:29 - 0000032 _____ () C:\ProgramData\Temp.log
 
Some files in TEMP:
====================
C:\Users\Katt\AppData\Local\Temp\Setup.exe
C:\Users\Katt\AppData\Local\Temp\supoptsetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-01 21:55
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Katt (2015-09-03 17:24:17)
Running from C:\Virus Removal
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2642284316-3603185689-148077862-500 - Administrator - Disabled)
Guest (S-1-5-21-2642284316-3603185689-148077862-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2642284316-3603185689-148077862-1002 - Limited - Enabled)
Katt (S-1-5-21-2642284316-3603185689-148077862-1000 - Administrator - Enabled) => C:\Users\Katt

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.90 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.6 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1615_36053b - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2912.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DNS Unlocker version 1.3 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.3 - www.vidcreek.tv) <==== ATTENTION
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FuunDeals (HKLM-x32\...\{478472F9-9E09-492A-BDAB-42EE595EF1AD}) (Version: - "") <==== ATTENTION
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.90 - NTI Corporation)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3501 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.1022.2010 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.2913 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 2.0.2913 - CyberLink Corp.) Hidden
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Gateway Incorporated)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 2.0.8520 - CyberLink Corporation)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Gateway)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickShopper (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6e058918}) (Version: - Software Publisher) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.0.30.5 - Client Connect LTD) <==== ATTENTION
Skype 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TampaTrim (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9bfdc3db}) (Version: - Software Publisher) <==== ATTENTION
The AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - The AdBlocker) <==== ATTENTION
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Video Web Camera (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3018.00 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.5.3018.00 - CyberLink Corp.) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3501 - Gateway Incorporated)
WildTangent Games App (Gateway Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFilter (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e661da}) (Version: - Team Work) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

14-07-2015 17:48:38 Scheduled Checkpoint
10-08-2015 17:57:40 Scheduled Checkpoint
16-08-2015 17:24:20 Removed LogMeIn Hamachi
24-08-2015 14:07:29 Scheduled Checkpoint
01-09-2015 22:02:37 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1890AADD-E523-4C2A-9021-459848A6011B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {1A361233-13F7-4783-A4FD-A7DBE166D3A0} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {1D722729-6F7B-4342-A38A-F00D5D9989C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {2E00FB6B-6522-49C7-B59C-796AEBC4210C} - System32\Tasks\bvxvbxvd => C:\Users\Katt\AppData\Local\bvxvbxvd\bvxvbxvd.exe [2015-08-16] () <==== ATTENTION
Task: {329BAFE2-AC66-4E8F-941F-BE0D0293ECE3} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {5EEA6ACF-9209-4DA0-B639-EFC270E1B7DD} - System32\Tasks\{F302970E-FFB0-4B77-8148-292180809310} => C:\Program Files (x86)\Video Web Camera\WebCam.exe [2012-06-18] (CyberLink Corp.)
Task: {71C55241-387D-4786-8C7E-F05C88D0241F} - System32\Tasks\DNSKINGSTON => C:\Program Files (x86)\DNS Unlocker\dnskingston.exe [2015-08-23] ()
Task: {7765C176-BECA-4BAB-888C-FBDCC316DD68} - System32\Tasks\Superclean => c:\programdata\{2061df41-349b-f2ce-2061-1df413497d04}\hqghumeaylnlf.exe [2014-09-01] (Super PC Tools Ltd) <==== ATTENTION
Task: {7BA695F0-F6FE-462B-8A91-1310AAA6AC13} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-04-15] (CyberLink)
Task: {CE746432-2B73-4D3B-AE2C-BD1EAD79E36D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DC8BB9D9-5F29-464A-898E-6C03F22D728F} - System32\Tasks\{92A26E62-2F4F-4BAE-B343-028AFDA472CF} => C:\Program Files (x86)\Video Web Camera\WebCam.exe [2012-06-18] (CyberLink Corp.)
Task: {DE3D1D13-8821-4294-A7E8-8746C2746595} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{2061df41-349b-f2ce-2061-1df413497d04}\hqghumeaylnlf.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2011-05-02 16:41 - 2011-05-02 16:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-22 16:14 - 2015-07-22 16:14 - 08016491 _____ () C:\Program Files (x86)\Creepy Dress\Creepy Dress.exe
2015-06-07 11:52 - 2015-06-07 11:52 - 08016498 _____ () C:\Program Files (x86)\Deceitful Outcome\Deceitful Outcome.exe
2011-06-08 07:57 - 2011-04-15 13:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-02 16:41 - 2011-05-02 16:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-08-23 16:46 - 2015-08-23 15:39 - 00628224 _____ () C:\Program Files (x86)\DNS Unlocker\dnskingston.exe
2013-12-28 10:56 - 2013-12-28 10:56 - 04126720 _____ () c:\ProgramData\WinFilter\WinFilter.dll
2013-12-28 10:56 - 2013-12-28 10:56 - 00176976 _____ () c:\ProgramData\WinFilter\WinFilterSvc.dll
2015-08-19 16:30 - 2015-08-19 16:30 - 02586624 _____ () c:\Program Files (x86)\QuickShopper\QuickShopper.dll
2015-08-19 16:30 - 2015-08-19 16:30 - 02420736 _____ () c:\Program Files (x86)\TampaTrim\TampaTrim.dll
2011-03-09 13:13 - 2011-03-09 13:13 - 00465640 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2011-03-09 13:12 - 2011-03-09 13:12 - 01081664 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2011-03-09 13:12 - 2011-03-09 13:12 - 00125760 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2014-10-16 21:00 - 2014-10-16 21:00 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-06-08 07:16 - 2010-09-13 21:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Katt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 199.203.131.145 - 82.163.143.167
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4FFD458E-8CD4-46CB-89F4-EF30FF918192}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C1410AE5-2687-40AA-967C-CD5DACE8F4D0}] => (Allow) LPort=2869
FirewallRules: [{841D04E3-0FFD-4117-BAD0-A5DE9E90F364}] => (Allow) LPort=1900
FirewallRules: [{47DECE92-DFDB-4CD1-94A9-E5F312ED6E3B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CE854273-206A-44D3-A013-DBF537703395}] => (Allow) C:\Program Files (x86)\CyberLink\HomeMedia\HomeMedia.exe
FirewallRules: [{C1EB5B3D-CD80-4D4F-8A9C-738C0BAC06A1}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{5ED0FF0B-2BBE-42BF-8F54-5F1A73FF71BD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{BD58DED1-BB7E-4F76-8B55-D6B01471354E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D7020E31-53D1-42BD-A226-DD97F1842065}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B8498A9C-1F2A-4BA6-AE32-AC8D175CB825}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{35203087-B73F-4236-BB81-E4D2AF933438}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{397B4528-BC0F-4A79-BA56-635A01EC636C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D69C5BE-8549-4501-BA33-562E8F98E6FC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{A423ED3C-EA7A-41FC-B8B3-9309BE94653E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{C5E6F47D-4E4F-437F-9266-FC9C4E644F79}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{B0841926-4287-416B-9952-21C6494D4A02}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{50E88991-7598-4E7C-BB61-0D8B9F8476C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A6E649AE-C24B-47F1-9247-1AD5B0A7E461}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{100FD9BC-7B7A-4C1D-9867-125FB3424176}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2015 11:06:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 09:26:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 09:17:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2015 02:52:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2048

Start Time: 01d0e28b9d8e2c64

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/29/2015 02:39:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6131

Error: (08/29/2015 02:39:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6131

Error: (08/29/2015 02:39:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/29/2015 02:39:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5117

Error: (08/29/2015 02:39:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5117

Error: (08/29/2015 02:39:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/01/2015 11:08:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (09/01/2015 09:28:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/21/2015 11:25:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/21/2015 11:22:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:20:11 PM on ‎8/‎21/‎2015 was unexpected.

Error: (08/17/2015 02:13:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/16/2015 06:35:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/16/2015 05:22:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/05/2015 02:59:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/05/2015 02:57:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/03/2015 09:48:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}


Microsoft Office:
=========================
Error: (09/01/2015 11:06:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 09:26:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 09:17:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2015 02:52:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840204801d0e28b9d8e2c640C:\Program Files\Internet Explorer\IEXPLORE.EXE

Error: (08/29/2015 02:39:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6131

Error: (08/29/2015 02:39:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6131

Error: (08/29/2015 02:39:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/29/2015 02:39:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5117

Error: (08/29/2015 02:39:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5117

Error: (08/29/2015 02:39:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 31%
Total physical RAM: 5995.86 MB
Available physical RAM: 4078.59 MB
Total Virtual: 11989.93 MB
Available Virtual: 9955 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:450.66 GB) (Free:385.99 GB) NTFS
Drive e: () (Removable) (Total:7.4 GB) (Free:4.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CA4AA7E3)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 03 September 2015 - 10:37 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 PM

Posted 03 September 2015 - 10:42 PM

Greetings philipvw and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Program Files (x86)\Creepy Dress
C:\Program Files (x86)\Deceitful Outcome
C:\Program Files (x86)\DNS Unlocker
HKLM-x32\...\Run: [SearchProtection] => C:\ProgramData\Search Protection\_run.bat
C:\ProgramData\Search Protection
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7553] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat [49102 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD3057] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat [49102 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3153] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat [3656 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD6363] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat [3656 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5841] => C:\Users\Katt\AppData\Local\SearchProtect\UI\rep\UIRepository.dat [5686 2015-09-02] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD467] => C:\Users\Katt\AppData\Local\SearchProtect\UI\rep\UIRepository.dat [5686 2015-09-02] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB250] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png [2240 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2226] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png [2240 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2026] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png [2328 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9051] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png [2328 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB4003] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png [2348 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD159] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png [2348 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB6413] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png [9731 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1940] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png [9731 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB9141] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png [11390 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2189] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png [11390 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7291] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png [35253 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD4642] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png [35253 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7795] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png [31085 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1058] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png [31085 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB763] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png [9918 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9164] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png [9918 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1256] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png [12299 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9637] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png [12299 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3965] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png [9198 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD8195] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png [9198 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2594] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png [16798 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9244] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png [16798 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7830] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png [1256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png [1256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1608] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png [933 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2522] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png [933 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5600] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png [1065 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD316] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png [1065 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB9015] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png [1364 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7018] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png [1364 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3463] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png [378 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9351] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png [378 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2880] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png [360 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD8060] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png [360 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB9497] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png [274 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1134] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png [274 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB611] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png [1264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1909] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png [1264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3064] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png [1405 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9632] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png [1405 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB6865] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png [2993 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9472] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png [2993 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1014] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png [1119 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2530] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png [1119 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB8255] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png [1038 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7501] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png [1038 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7153] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png [1049 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2240] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png [1049 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2227] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png [256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2683] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png [256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1162] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png [1339 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7739] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png [1339 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB8016] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png [424 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9379] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png [424 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB370] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png [1014 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD759] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png [1014 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7388] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png [3264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1238] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png [3264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB8114] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png [1553 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD5414] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png [1553 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5677] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png [1715 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7178] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png [1715 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB490] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png [859 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2632] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png [859 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3405] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png [886 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD5585] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png [886 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7961] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png [1257 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD3665] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png [1257 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5471] => command.com /c del ""
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9163] => cmd.exe /c del ""
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-08-16] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-08-16] (Client Connect LTD)
AppInit_DLLs-x32:  c:\progra~3\winfil~1\winfil~1.dll => c:\ProgramData\WinFilter\WinFilter.dll [4126720 2013-12-28] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2642284316-3603185689-148077862-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
c:\ProgramData\WinFilter
Tcpip\..\Interfaces\{0503017A-7316-4E4B-AF5B-3E62B3E774F2}: [NameServer] 199.203.131.145,82.163.143.167
Tcpip\..\Interfaces\{7F00933A-5A30-4DA1-B7C1-BBFF650106A7}: [NameServer] 199.203.131.145,82.163.143.167
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.search-guide.info/?l=1&q={searchTerms}&pid=1153&r=2013/11/12&hid=13365719374647196976&lg=EN&cc=US&unqvl=40
SearchScopes: HKU\S-1-5-21-2642284316-3603185689-148077862-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=MDD64B8B9-B066-4CC3-945A-5FB0387BC794&SearchSource=58&CUI=&UM=8&UP=SP82ECA886-CBFA-461F-999D-81FCDCB3B5C0&D=081615&q={searchTerms}&SSPV=
BHO: FuunDeals -> {2C3CE956-A010-4DBF-BDA4-B2376A0189C2} -> C:\Program Files (x86)\FuunDeals\eOafLdAdUJ6tKm.x64.dll [2015-08-19] ()
BHO-x32: FuunDeals -> {2C3CE956-A010-4DBF-BDA4-B2376A0189C2} -> C:\Program Files (x86)\FuunDeals\eOafLdAdUJ6tKm.dll [2015-08-19] ()
Toolbar: HKU\S-1-5-21-2642284316-3603185689-148077862-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx <not found>
R2 03e661da; c:\ProgramData\WinFilter\WinFilterSvc.dll [176976 2013-12-28] () [File not signed]
R2 6e058918; c:\Program Files (x86)\QuickShopper\QuickShopper.dll [2586624 2015-08-19] () [File not signed]
R2 9bfdc3db; c:\Program Files (x86)\TampaTrim\TampaTrim.dll [2420736 2015-08-19] () [File not signed]
c:\ProgramData\WinFilter
c:\Program Files (x86)\QuickShopper
c:\Program Files (x86)\TampaTrim
R2 Creepy Dress; C:\Program Files (x86)\Creepy Dress\Creepy Dress.exe [8016491 2015-07-22] () [File not signed] <==== ATTENTION
R2 Deceitful Outcome; C:\Program Files (x86)\Deceitful Outcome\Deceitful Outcome.exe [8016498 2015-06-07] () [File not signed] <==== ATTENTION
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
2015-09-01 22:35 - 2015-09-01 23:08 - 00003242 _____ C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-09-01 22:35 - 2015-09-01 23:08 - 00003242 _____ C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-09-01 22:35 - 2015-09-01 22:35 - 00000000 ____D C:\Users\Katt\Documents\Super Optimizer
2015-09-01 22:35 - 2015-09-01 22:35 - 00000000 ____D C:\Users\Katt\AppData\Roaming\Super Optimizer
2015-09-01 22:30 - 2015-09-01 22:30 - 00001093 _____ C:\Users\Katt\Desktop\Super Optimizer.lnk
2015-09-01 22:30 - 2015-09-01 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-09-01 22:30 - 2015-09-01 22:30 - 00000000 ____D C:\ProgramData\{2061df41-349b-f2ce-2061-1df413497d04}
2015-08-23 16:46 - 2015-08-23 16:46 - 00026356 _____ C:\Windows\System32\Tasks\DNSKINGSTON
2015-08-23 16:26 - 2015-08-23 16:26 - 00003448 _____ C:\Windows\System32\Tasks\bvxvbxvd
2015-08-23 16:26 - 2015-08-23 16:26 - 00000000 ____D C:\Users\Katt\AppData\Local\bvxvbxvd
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\ProgramData\1207212995743438252
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\Mahjong
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\FuunDeals
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\FuNDealS
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\FunDeaelas
2015-08-19 16:30 - 2015-08-19 16:30 - 00000000 ____D C:\Program Files (x86)\TampaTrim
2015-08-19 16:30 - 2015-08-19 16:30 - 00000000 ____D C:\Program Files (x86)\QuickShopper
2015-08-18 09:13 - 2015-08-18 09:13 - 00000000 ____D C:\Users\Katt\AppData\Local\SearchProtect
2015-08-18 09:13 - 2015-08-18 09:13 - 00000000 ____D C:\Users\Katt\AppData\Local\SearchProtect
2015-08-16 17:55 - 2015-09-03 16:30 - 00000338 _____ C:\Windows\Tasks\Superclean.job
2015-08-16 17:55 - 2015-09-01 22:30 - 00003248 _____ C:\Windows\System32\Tasks\Superclean
2015-08-16 17:55 - 2015-08-22 15:14 - 00000000 ____D C:\ProgramData\{906a5843-adc7-7e3d-906a-a5843adc610e}
2015-08-16 09:44 - 2015-08-16 09:44 - 00000020 _____ C:\Users\Katt\AppData\Roaming\appdataFr2.bin
2015-08-10 16:57 - 2015-08-10 16:57 - 00000000 ____D C:\Program Files (x86)\RooboSaveer
2015-08-10 16:41 - 2015-08-10 16:41 - 00000000 ____D C:\Program Files (x86)\RoBuoSaver
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\ProgramData\iobfmkopdhfmfkmpdbeigkcipojmecfg
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\ProgramData\afidjlfbookaefgkjigkkmkjecojgicg
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\Program Files (x86)\DEaLExprEsS
2015-08-06 12:42 - 2015-08-06 12:42 - 00000000 ____D C:\Program Files (x86)\FuNDeAuLs
2015-08-06 12:41 - 2015-08-06 12:41 - 00000000 ____D C:\Program Files (x86)\FuunDaeoals
2015-08-06 12:41 - 2015-08-06 12:41 - 00000000 ____D C:\Program Files (x86)\FunDeAAls
2015-08-10 16:58 - 2015-02-26 19:03 - 00000000 ____D C:\ProgramData\1207212995743438252UL
2015-05-27 13:29 - 2015-08-15 23:04 - 0000024 _____ () C:\Users\Katt\AppData\Roaming\appdataFr25.bin
2015-01-21 17:23 - 2015-02-25 15:06 - 0000020 _____ () C:\Users\Katt\AppData\Roaming\appdataFr3.bin
2012-02-17 22:23 - 2012-02-17 22:23 - 0001524 _____ () C:\Users\Katt\AppData\Local\PDLSetup.20120217.212341.txt
2014-01-02 21:25 - 2014-01-02 21:25 - 0001549 _____ () C:\Users\Katt\AppData\Local\PDLSetup.20140102.202547.txt
2015-08-16 17:34 - 2015-08-16 17:34 - 0001548 _____ () C:\Users\Katt\AppData\Local\PDLSetup.20150816.173447.txt
C:\Users\Katt\AppData\Local\Temp\Setup.exe
C:\Users\Katt\AppData\Local\Temp\supoptsetup.exe
Task: {2E00FB6B-6522-49C7-B59C-796AEBC4210C} - System32\Tasks\bvxvbxvd => C:\Users\Katt\AppData\Local\bvxvbxvd\bvxvbxvd.exe [2015-08-16] () <==== ATTENTION
Task: {71C55241-387D-4786-8C7E-F05C88D0241F} - System32\Tasks\DNSKINGSTON => C:\Program Files (x86)\DNS Unlocker\dnskingston.exe [2015-08-23] ()
Task: {7765C176-BECA-4BAB-888C-FBDCC316DD68} - System32\Tasks\Superclean => c:\programdata\{2061df41-349b-f2ce-2061-1df413497d04}\hqghumeaylnlf.exe [2014-09-01] (Super PC Tools Ltd) <==== ATTENTION
Task: {DE3D1D13-8821-4294-A7E8-8746C2746595} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{2061df41-349b-f2ce-2061-1df413497d04}\hqghumeaylnlf.exe <==== ATTENTION
c:\programdata\{2061df41-349b-f2ce-2061-1df413497d04}
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer behavior

Edited by Oh My!, 04 September 2015 - 09:57 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 philipvw

philipvw
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 04 September 2015 - 06:56 AM

Hi Gary,

Thank you for your quick reply. I will get started on downloading and running these, but a quick check shows me that the link to the junkware removal tool is a dead one. I am using a different computer than the infected one, which has zero issues, so I do not think it is a redirection, it comes up with their 404 page.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 PM

Posted 04 September 2015 - 09:57 AM

Well that was rude of me, was it not? :)

Try the link again.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 philipvw

philipvw
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 04 September 2015 - 03:20 PM

Ha ha! No, not rude. You have plenty going on, I am sure.

 

Okay ran everything, its looking very good. I did open IE, as no other browsers appear to be on this machine anymore, and even ie doesnt have an icon in the start menu anywhere, I just did run .... iexplore.exe .... and quickly browsed around a little, google, a motorcycle BBS I participate in, yahoo. It looks good. I have to grab some other browsers, IE is 11, so it should be current.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Katt (2015-09-04 08:07:40) Run:1
Running from C:\Users\Katt\Desktop
Loaded Profiles: Katt (Available Profiles: Katt)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Program Files (x86)\Creepy Dress
C:\Program Files (x86)\Deceitful Outcome
C:\Program Files (x86)\DNS Unlocker
HKLM-x32\...\Run: [SearchProtection] => C:\ProgramData\Search Protection\_run.bat
C:\ProgramData\Search Protection
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7553] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat [49102 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD3057] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat [49102 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3153] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat [3656 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD6363] => C:\Users\Katt\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat [3656 2015-09-03] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5841] => C:\Users\Katt\AppData\Local\SearchProtect\UI\rep\UIRepository.dat [5686 2015-09-02] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD467] => C:\Users\Katt\AppData\Local\SearchProtect\UI\rep\UIRepository.dat [5686 2015-09-02] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB250] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png [2240 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2226] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png [2240 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2026] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png [2328 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9051] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png [2328 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB4003] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png [2348 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD159] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png [2348 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB6413] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png [9731 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1940] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png [9731 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB9141] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png [11390 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2189] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png [11390 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7291] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png [35253 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD4642] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png [35253 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7795] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png [31085 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1058] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png [31085 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB763] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png [9918 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9164] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png [9918 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1256] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png [12299 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9637] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png [12299 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3965] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png [9198 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD8195] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png [9198 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2594] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png [16798 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9244] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png [16798 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7830] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png [1256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png [1256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1608] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png [933 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2522] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png [933 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5600] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png [1065 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD316] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png [1065 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB9015] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png [1364 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7018] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png [1364 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3463] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png [378 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9351] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png [378 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2880] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png [360 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD8060] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png [360 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB9497] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png [274 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1134] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png [274 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB611] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png [1264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1909] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png [1264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3064] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png [1405 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9632] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png [1405 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB6865] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png [2993 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9472] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png [2993 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1014] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png [1119 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2530] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png [1119 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB8255] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png [1038 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7501] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png [1038 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7153] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png [1049 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2240] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png [1049 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB2227] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png [256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2683] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png [256 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB1162] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png [1339 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7739] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png [1339 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB8016] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png [424 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9379] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png [424 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB370] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png [1014 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD759] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png [1014 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7388] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png [3264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD1238] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png [3264 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB8114] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png [1553 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD5414] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png [1553 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5677] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png [1715 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD7178] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png [1715 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB490] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png [859 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD2632] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png [859 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB3405] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png [886 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD5585] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png [886 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB7961] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png [1257 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD3665] => C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png [1257 2015-08-16] ()
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingB5471] => command.com /c del ""
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\...\RunOnce: [SpybotDeletingD9163] => cmd.exe /c del ""
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-08-16] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-08-16] (Client Connect LTD)
AppInit_DLLs-x32:  c:\progra~3\winfil~1\winfil~1.dll => c:\ProgramData\WinFilter\WinFilter.dll [4126720 2013-12-28] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2642284316-3603185689-148077862-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
c:\ProgramData\WinFilter
Tcpip\..\Interfaces\{0503017A-7316-4E4B-AF5B-3E62B3E774F2}: [NameServer] 199.203.131.145,82.163.143.167
Tcpip\..\Interfaces\{7F00933A-5A30-4DA1-B7C1-BBFF650106A7}: [NameServer] 199.203.131.145,82.163.143.167
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.search-guide.info/?l=1&q={searchTerms}&pid=1153&r=2013/11/12&hid=13365719374647196976&lg=EN&cc=US&unqvl=40
SearchScopes: HKU\S-1-5-21-2642284316-3603185689-148077862-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=MDD64B8B9-B066-4CC3-945A-5FB0387BC794&SearchSource=58&CUI=&UM=8&UP=SP82ECA886-CBFA-461F-999D-81FCDCB3B5C0&D=081615&q={searchTerms}&SSPV=
BHO: FuunDeals -> {2C3CE956-A010-4DBF-BDA4-B2376A0189C2} -> C:\Program Files (x86)\FuunDeals\eOafLdAdUJ6tKm.x64.dll [2015-08-19] ()
BHO-x32: FuunDeals -> {2C3CE956-A010-4DBF-BDA4-B2376A0189C2} -> C:\Program Files (x86)\FuunDeals\eOafLdAdUJ6tKm.dll [2015-08-19] ()
Toolbar: HKU\S-1-5-21-2642284316-3603185689-148077862-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx <not found>
R2 03e661da; c:\ProgramData\WinFilter\WinFilterSvc.dll [176976 2013-12-28] () [File not signed]
R2 6e058918; c:\Program Files (x86)\QuickShopper\QuickShopper.dll [2586624 2015-08-19] () [File not signed]
R2 9bfdc3db; c:\Program Files (x86)\TampaTrim\TampaTrim.dll [2420736 2015-08-19] () [File not signed]
c:\ProgramData\WinFilter
c:\Program Files (x86)\QuickShopper
c:\Program Files (x86)\TampaTrim
R2 Creepy Dress; C:\Program Files (x86)\Creepy Dress\Creepy Dress.exe [8016491 2015-07-22] () [File not signed] <==== ATTENTION
R2 Deceitful Outcome; C:\Program Files (x86)\Deceitful Outcome\Deceitful Outcome.exe [8016498 2015-06-07] () [File not signed] <==== ATTENTION
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
2015-09-01 22:35 - 2015-09-01 23:08 - 00003242 _____ C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-09-01 22:35 - 2015-09-01 23:08 - 00003242 _____ C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-09-01 22:35 - 2015-09-01 22:35 - 00000000 ____D C:\Users\Katt\Documents\Super Optimizer
2015-09-01 22:35 - 2015-09-01 22:35 - 00000000 ____D C:\Users\Katt\AppData\Roaming\Super Optimizer
2015-09-01 22:30 - 2015-09-01 22:30 - 00001093 _____ C:\Users\Katt\Desktop\Super Optimizer.lnk
2015-09-01 22:30 - 2015-09-01 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-09-01 22:30 - 2015-09-01 22:30 - 00000000 ____D C:\ProgramData\{2061df41-349b-f2ce-2061-1df413497d04}
2015-08-23 16:46 - 2015-08-23 16:46 - 00026356 _____ C:\Windows\System32\Tasks\DNSKINGSTON
2015-08-23 16:26 - 2015-08-23 16:26 - 00003448 _____ C:\Windows\System32\Tasks\bvxvbxvd
2015-08-23 16:26 - 2015-08-23 16:26 - 00000000 ____D C:\Users\Katt\AppData\Local\bvxvbxvd
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\ProgramData\1207212995743438252
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\Mahjong
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\FuunDeals
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\FuNDealS
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\FunDeaelas
2015-08-19 16:30 - 2015-08-19 16:30 - 00000000 ____D C:\Program Files (x86)\TampaTrim
2015-08-19 16:30 - 2015-08-19 16:30 - 00000000 ____D C:\Program Files (x86)\QuickShopper
2015-08-18 09:13 - 2015-08-18 09:13 - 00000000 ____D C:\Users\Katt\AppData\Local\SearchProtect
2015-08-18 09:13 - 2015-08-18 09:13 - 00000000 ____D C:\Users\Katt\AppData\Local\SearchProtect
2015-08-16 17:55 - 2015-09-03 16:30 - 00000338 _____ C:\Windows\Tasks\Superclean.job
2015-08-16 17:55 - 2015-09-01 22:30 - 00003248 _____ C:\Windows\System32\Tasks\Superclean
2015-08-16 17:55 - 2015-08-22 15:14 - 00000000 ____D C:\ProgramData\{906a5843-adc7-7e3d-906a-a5843adc610e}
2015-08-16 09:44 - 2015-08-16 09:44 - 00000020 _____ C:\Users\Katt\AppData\Roaming\appdataFr2.bin
2015-08-10 16:57 - 2015-08-10 16:57 - 00000000 ____D C:\Program Files (x86)\RooboSaveer
2015-08-10 16:41 - 2015-08-10 16:41 - 00000000 ____D C:\Program Files (x86)\RoBuoSaver
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\ProgramData\iobfmkopdhfmfkmpdbeigkcipojmecfg
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\ProgramData\afidjlfbookaefgkjigkkmkjecojgicg
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\Program Files (x86)\DEaLExprEsS
2015-08-06 12:42 - 2015-08-06 12:42 - 00000000 ____D C:\Program Files (x86)\FuNDeAuLs
2015-08-06 12:41 - 2015-08-06 12:41 - 00000000 ____D C:\Program Files (x86)\FuunDaeoals
2015-08-06 12:41 - 2015-08-06 12:41 - 00000000 ____D C:\Program Files (x86)\FunDeAAls
2015-08-10 16:58 - 2015-02-26 19:03 - 00000000 ____D C:\ProgramData\1207212995743438252UL
2015-05-27 13:29 - 2015-08-15 23:04 - 0000024 _____ () C:\Users\Katt\AppData\Roaming\appdataFr25.bin
2015-01-21 17:23 - 2015-02-25 15:06 - 0000020 _____ () C:\Users\Katt\AppData\Roaming\appdataFr3.bin
2012-02-17 22:23 - 2012-02-17 22:23 - 0001524 _____ () C:\Users\Katt\AppData\Local\PDLSetup.20120217.212341.txt
2014-01-02 21:25 - 2014-01-02 21:25 - 0001549 _____ () C:\Users\Katt\AppData\Local\PDLSetup.20140102.202547.txt
2015-08-16 17:34 - 2015-08-16 17:34 - 0001548 _____ () C:\Users\Katt\AppData\Local\PDLSetup.20150816.173447.txt
C:\Users\Katt\AppData\Local\Temp\Setup.exe
C:\Users\Katt\AppData\Local\Temp\supoptsetup.exe
Task: {2E00FB6B-6522-49C7-B59C-796AEBC4210C} - System32\Tasks\bvxvbxvd => C:\Users\Katt\AppData\Local\bvxvbxvd\bvxvbxvd.exe [2015-08-16] () <==== ATTENTION
Task: {71C55241-387D-4786-8C7E-F05C88D0241F} - System32\Tasks\DNSKINGSTON => C:\Program Files (x86)\DNS Unlocker\dnskingston.exe [2015-08-23] ()
Task: {7765C176-BECA-4BAB-888C-FBDCC316DD68} - System32\Tasks\Superclean => c:\programdata\{2061df41-349b-f2ce-2061-1df413497d04}\hqghumeaylnlf.exe [2014-09-01] (Super PC Tools Ltd) <==== ATTENTION
Task: {DE3D1D13-8821-4294-A7E8-8746C2746595} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{2061df41-349b-f2ce-2061-1df413497d04}\hqghumeaylnlf.exe <==== ATTENTION
c:\programdata\{2061df41-349b-f2ce-2061-1df413497d04}
*****************
 
C:\Program Files (x86)\Creepy Dress => moved successfully
C:\Program Files (x86)\Deceitful Outcome => moved successfully
 
"C:\Program Files (x86)\DNS Unlocker" folder move:
 
Could not move "C:\Program Files (x86)\DNS Unlocker" => Scheduled to move on reboot.
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => value removed successfully
"C:\ProgramData\Search Protection" => File/Folder not found.
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7553 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3057 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB3153 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6363 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB5841 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD467 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB250 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2226 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB2026 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9051 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB4003 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD159 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB6413 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD1940 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9141 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2189 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7291 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD4642 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7795 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD1058 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB763 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9164 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1256 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9637 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB3965 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD8195 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB2594 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9244 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7830 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1608 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2522 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB5600 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD316 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9015 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD7018 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB3463 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9351 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB2880 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD8060 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9497 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD1134 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB611 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD1909 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB3064 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9632 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB6865 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9472 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1014 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2530 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8255 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD7501 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7153 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2240 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB2227 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2683 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1162 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD7739 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8016 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9379 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB370 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD759 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7388 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD1238 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8114 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD5414 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB5677 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD7178 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB490 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2632 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB3405 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD5585 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7961 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3665 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB5471 => value removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9163 => value removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value data removed successfully.
" c:\progra~3\winfil~1\winfil~1.dll" => Value data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2642284316-3603185689-148077862-1000\SOFTWARE\Policies\Google" => key removed successfully
c:\ProgramData\WinFilter => moved successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0503017A-7316-4E4B-AF5B-3E62B3E774F2}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7F00933A-5A30-4DA1-B7C1-BBFF650106A7}\\NameServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. 
"HKU\S-1-5-21-2642284316-3603185689-148077862-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C3CE956-A010-4DBF-BDA4-B2376A0189C2}" => key removed successfully
"HKCR\CLSID\{2C3CE956-A010-4DBF-BDA4-B2376A0189C2}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C3CE956-A010-4DBF-BDA4-B2376A0189C2}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{2C3CE956-A010-4DBF-BDA4-B2376A0189C2}" => key removed successfully
HKU\S-1-5-21-2642284316-3603185689-148077862-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik" => key removed successfully
03e661da => service removed successfully
6e058918 => service removed successfully
9bfdc3db => service removed successfully
"c:\ProgramData\WinFilter" => File/Folder not found.
c:\Program Files (x86)\QuickShopper => moved successfully
c:\Program Files (x86)\TampaTrim => moved successfully
Creepy Dress => Service stopped successfully.
Creepy Dress => service removed successfully
Deceitful Outcome => Service stopped successfully.
Deceitful Outcome => service removed successfully
GamesAppService => service removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
SPPD => Service stopped successfully.
SPPD => service removed successfully
C:\Windows\System32\Tasks\Super Optimizer Schedule => moved successfully
"C:\Windows\System32\Tasks\Super Optimizer Schedule" => File/Folder not found.
C:\Users\Katt\Documents\Super Optimizer => moved successfully
C:\Users\Katt\AppData\Roaming\Super Optimizer => moved successfully
C:\Users\Katt\Desktop\Super Optimizer.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer => moved successfully
C:\ProgramData\{2061df41-349b-f2ce-2061-1df413497d04} => moved successfully
C:\Windows\System32\Tasks\DNSKINGSTON => moved successfully
C:\Windows\System32\Tasks\bvxvbxvd => moved successfully
C:\Users\Katt\AppData\Local\bvxvbxvd => moved successfully
C:\ProgramData\1207212995743438252 => moved successfully
C:\Program Files (x86)\Mahjong => moved successfully
C:\Program Files (x86)\FuunDeals => moved successfully
C:\Program Files (x86)\FuNDealS => moved successfully
C:\Program Files (x86)\FunDeaelas => moved successfully
"C:\Program Files (x86)\TampaTrim" => File/Folder not found.
"C:\Program Files (x86)\QuickShopper" => File/Folder not found.
 
"C:\Users\Katt\AppData\Local\SearchProtect" folder move:
 
Could not move "C:\Users\Katt\AppData\Local\SearchProtect" => Scheduled to move on reboot.
 
 
"C:\Users\Katt\AppData\Local\SearchProtect" folder move:
 
Could not move "C:\Users\Katt\AppData\Local\SearchProtect" => Scheduled to move on reboot.
 
C:\Windows\Tasks\Superclean.job => moved successfully
C:\Windows\System32\Tasks\Superclean => moved successfully
C:\ProgramData\{906a5843-adc7-7e3d-906a-a5843adc610e} => moved successfully
C:\Users\Katt\AppData\Roaming\appdataFr2.bin => moved successfully
C:\Program Files (x86)\RooboSaveer => moved successfully
C:\Program Files (x86)\RoBuoSaver => moved successfully
C:\ProgramData\iobfmkopdhfmfkmpdbeigkcipojmecfg => moved successfully
C:\ProgramData\afidjlfbookaefgkjigkkmkjecojgicg => moved successfully
C:\Program Files (x86)\DEaLExprEsS => moved successfully
C:\Program Files (x86)\FuNDeAuLs => moved successfully
C:\Program Files (x86)\FuunDaeoals => moved successfully
C:\Program Files (x86)\FunDeAAls => moved successfully
C:\ProgramData\1207212995743438252UL => moved successfully
C:\Users\Katt\AppData\Roaming\appdataFr25.bin => moved successfully
C:\Users\Katt\AppData\Roaming\appdataFr3.bin => moved successfully
C:\Users\Katt\AppData\Local\PDLSetup.20120217.212341.txt => moved successfully
C:\Users\Katt\AppData\Local\PDLSetup.20140102.202547.txt => moved successfully
C:\Users\Katt\AppData\Local\PDLSetup.20150816.173447.txt => moved successfully
C:\Users\Katt\AppData\Local\Temp\Setup.exe => moved successfully
C:\Users\Katt\AppData\Local\Temp\supoptsetup.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E00FB6B-6522-49C7-B59C-796AEBC4210C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E00FB6B-6522-49C7-B59C-796AEBC4210C}" => key removed successfully
C:\Windows\System32\Tasks\bvxvbxvd => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxvd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{71C55241-387D-4786-8C7E-F05C88D0241F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71C55241-387D-4786-8C7E-F05C88D0241F}" => key removed successfully
C:\Windows\System32\Tasks\DNSKINGSTON => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSKINGSTON" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7765C176-BECA-4BAB-888C-FBDCC316DD68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7765C176-BECA-4BAB-888C-FBDCC316DD68}" => key removed successfully
C:\Windows\System32\Tasks\Superclean => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE3D1D13-8821-4294-A7E8-8746C2746595}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE3D1D13-8821-4294-A7E8-8746C2746595}" => key removed successfully
C:\Windows\System32\Tasks\Super Optimizer Schedule => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => key removed successfully
C:\Windows\Tasks\Superclean.job => not found.
"c:\programdata\{2061df41-349b-f2ce-2061-1df413497d04}" => File/Folder not found.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-04 08:08:56)<=
 
C:\Program Files (x86)\DNS Unlocker => Is moved successfully
"C:\Users\Katt\AppData\Local\SearchProtect" => Could not move
"C:\Users\Katt\AppData\Local\SearchProtect" => Could not move
 
==== End of Fixlog 08:09:01 ====
 
# AdwCleaner v5.005 - Logfile created 04/09/2015 at 08:12:05
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Katt - KATT-PC
# Running from : C:\Users\Katt\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : CltMngSvc
[-] Service Deleted : SPPD
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\FilmFanatic
[#] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\Super Optimizer
[-] Folder Deleted : C:\Program Files (x86)\NetoCOUpoon
[-] Folder Deleted : C:\Program Files (x86)\NNetoCoouPon
[!] Folder Not Deleted : C:\Program Files (x86)\FilmFanatic
[-] Folder Deleted : C:\ProgramData\Premium
[-] Folder Deleted : C:\ProgramData\ShopDroP
[-] Folder Deleted : C:\ProgramData\WinterSoft
[-] Folder Deleted : C:\ProgramData\The AdBlocker
[-] Folder Deleted : C:\ProgramData\10c0e1d2d385d5ac
[-] Folder Deleted : C:\ProgramData\chmepeefgkndpmojaafgkcfinmjdmbnk
[-] Folder Deleted : C:\ProgramData\famneemlifdbfejdfalcjeleppfkimnp
[-] Folder Deleted : C:\ProgramData\ggcfaacnlbepmlddiklnklebamojocik
[-] Folder Deleted : C:\ProgramData\iegbhahepgjhkddnnhhpjfhppclpcpln
[#] Folder Deleted : C:\Users\Katt\AppData\Local\SearchProtect
[-] Folder Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[-] Folder Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\beoldljceodklpdmkgelhbdllhhciinh
[-] Folder Deleted : C:\Users\Katt\AppData\Local\Temp\AirInstaller
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfenflmklmpohipcckmagnmbmbibnolo_0.localstorage
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfenflmklmpohipcckmagnmbmbibnolo_0.localstorage-journal
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfenflmklmpohipcckmagnmbmbibnolo
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.freesearches.info_0.localstorage
[-] File Deleted : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.freesearches.info_0.localstorage-journal
[-] File Deleted : C:\Windows\apppatch\apppatch64\vcldr64.dll
[-] File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File Deleted : C:\Windows\AppPatch\nbin\VC32Loader.dll
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Super Optimizer]
[-] Key Deleted : HKLM\SOFTWARE\Classes\PECED6840_B1E5_4411_81DD_9209D07E7AF4_.PECED6840_B1E5_4411_81DD_9209D07E7AF4_
[-] Key Deleted : HKLM\SOFTWARE\Classes\PECED6840_B1E5_4411_81DD_9209D07E7AF4_.PECED6840_B1E5_4411_81DD_9209D07E7AF4_.9
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKLM\SOFTWARE\9d959f27-81ed-fccb-b537-effeb38c7f00
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-747939423
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6e058918}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9bfdc3db}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e661da}
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECED6840-B1E5-4411-81DD-9209D07E7AF4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1DB3812C-B5BC-4714-8F98-4669354B6000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{259F6B27-57AA-48B5-854B-B96D8FC7B3C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{33B8CF8E-1B37-40DD-A652-F97EDFCA9565}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5518881B-BB38-46C7-A27C-024DA02AD167}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D0F8586-7AD5-44A7-BD3D-31E63B3F18D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{917A80E3-C425-4F5F-B8D3-4804A0CCA924}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{94D4476C-892A-4FF2-AE91-1A5FB2D2F126}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AEF2BB85-DF75-41E2-8366-FB89A5F869F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ECED6840-B1E5-4411-81DD-9209D07E7AF4}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{ECED6840-B1E5-4411-81DD-9209D07E7AF4}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{ECED6840-B1E5-4411-81DD-9209D07E7AF4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\IGearSettings
[-] Key Deleted : HKCU\Software\Super Optimizer
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\SP Global
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6e058918}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{478472F9-9E09-492A-BDAB-42EE595EF1AD}
[!] Key Not Deleted : [x64] HKCU\Software\IGearSettings
[!] Key Not Deleted : [x64] HKCU\Software\Super Optimizer
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=MDD64B8B9-B066-4CC3-945A-5FB0387BC794&SearchSource=55&CUI=&UM=8&UP=SP82ECA886-CBFA-461F-999D-81FCDCB3B5C0&D=081615&SSPV=
[-] [C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=MDD64B8B9-B066-4CC3-945A-5FB0387BC794&SearchSource=58&CUI=&UM=8&UP=SP82ECA886-CBFA-461F-999D-81FCDCB3B5C0&D=081615&q={searchTerms}&SSPV=
[-] [C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : beoldljceodklpdmkgelhbdllhhciinh
[-] [C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=MDD64B8B9-B066-4CC3-945A-5FB0387BC794&SearchSource=55&CUI=&UM=8&UP=SP82ECA886-CBFA-461F-999D-81FCDCB3B5C0&D=081615&SSPV=
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13297 bytes] ##########
 
 
 
 
 
# AdwCleaner v5.005 - Logfile created 04/09/2015 at 08:10:47
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Katt - KATT-PC
# Running from : C:\Users\Katt\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : CltMngSvc
Service Found : SPPD
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\FilmFanatic
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Super Optimizer
Folder Found : C:\Program Files (x86)\NetoCOUpoon
Folder Found : C:\Program Files (x86)\NNetoCoouPon
Folder Found : C:\Program Files (x86)\FilmFanatic
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\ShopDroP
Folder Found : C:\ProgramData\WinterSoft
Folder Found : C:\ProgramData\The AdBlocker
Folder Found : C:\ProgramData\10c0e1d2d385d5ac
Folder Found : C:\ProgramData\chmepeefgkndpmojaafgkcfinmjdmbnk
Folder Found : C:\ProgramData\famneemlifdbfejdfalcjeleppfkimnp
Folder Found : C:\ProgramData\ggcfaacnlbepmlddiklnklebamojocik
Folder Found : C:\ProgramData\iegbhahepgjhkddnnhhpjfhppclpcpln
Folder Found : C:\Users\Katt\AppData\Local\SearchProtect
Folder Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Folder Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Extensions\beoldljceodklpdmkgelhbdllhhciinh
Folder Found : C:\Users\Katt\AppData\Local\Temp\AirInstaller
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
 
***** [ Files ] *****
 
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfenflmklmpohipcckmagnmbmbibnolo_0.localstorage
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfenflmklmpohipcckmagnmbmbibnolo_0.localstorage-journal
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jfenflmklmpohipcckmagnmbmbibnolo
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.freesearches.info_0.localstorage
File Found : C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.freesearches.info_0.localstorage-journal
File Found : C:\Windows\apppatch\apppatch64\vcldr64.dll
File Found : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\Windows\AppPatch\nbin\VC32Loader.dll
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Super Optimizer]
Key Found : HKLM\SOFTWARE\Classes\PECED6840_B1E5_4411_81DD_9209D07E7AF4_.PECED6840_B1E5_4411_81DD_9209D07E7AF4_
Key Found : HKLM\SOFTWARE\Classes\PECED6840_B1E5_4411_81DD_9209D07E7AF4_.PECED6840_B1E5_4411_81DD_9209D07E7AF4_.9
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Found : HKLM\SOFTWARE\9d959f27-81ed-fccb-b537-effeb38c7f00
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-747939423
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6e058918}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9bfdc3db}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e661da}
Key Found : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECED6840-B1E5-4411-81DD-9209D07E7AF4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1DB3812C-B5BC-4714-8F98-4669354B6000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{259F6B27-57AA-48B5-854B-B96D8FC7B3C1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{33B8CF8E-1B37-40DD-A652-F97EDFCA9565}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5518881B-BB38-46C7-A27C-024DA02AD167}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7D0F8586-7AD5-44A7-BD3D-31E63B3F18D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{917A80E3-C425-4F5F-B8D3-4804A0CCA924}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{94D4476C-892A-4FF2-AE91-1A5FB2D2F126}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AEF2BB85-DF75-41E2-8366-FB89A5F869F9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ECED6840-B1E5-4411-81DD-9209D07E7AF4}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{ECED6840-B1E5-4411-81DD-9209D07E7AF4}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{ECED6840-B1E5-4411-81DD-9209D07E7AF4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SP Global
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6e058918}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{478472F9-9E09-492A-BDAB-42EE595EF1AD}
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Super Optimizer
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL 
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL 
 
***** [ Web browsers ] *****
 
[C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.search
[C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.trovi.com/?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=MDD64B8B9-B066-4CC3-945A-5FB0387BC794&SearchSource=55&CUI=&UM=8&UP=SP82ECA886-CBFA-461F-999D-81FCDCB3B5C0&D=081615&SSPV=
[C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=MDD64B8B9-B066-4CC3-945A-5FB0387BC794&SearchSource=58&CUI=&UM=8&UP=SP82ECA886-CBFA-461F-999D-81FCDCB3B5C0&D=081615&q={searchTerms}&SSPV=
[C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : beoldljceodklpdmkgelhbdllhhciinh
[C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bmkckgpgekmanipelfidlhmkfcjicion
[C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Katt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www.trovi.com/?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=MDD64B8B9-B066-4CC3-945A-5FB0387BC794&SearchSource=55&CUI=&UM=8&UP=SP82ECA886-CBFA-461F-999D-81FCDCB3B5C0&D=081615&SSPV=
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12543 bytes] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Home Premium x64
Ran by Katt on Fri 09/04/2015 at 15:49:52.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Failed to delete: [Service] cltmngsvc
Successfully deleted: [Service] sppd [Reboot required]
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077047735}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{77777777-7777-7777-7777-770077047735}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{77777777-7777-7777-7777-770077047735}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077047735}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Katt\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
Successfully deleted: [File] C:\Users\Katt\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
 
 
 
~~~ Folders
 
Failed to delete: [Folder] C:\Program Files (x86)\searchprotect
Failed to delete: [Folder] C:\Users\Katt\Appdata\Local\searchprotect
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{03EEA097-2DC9-40A1-8387-90C98B9611E2}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{05613415-D139-4EE5-8252-CCCB58D9293A}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{08BCF1F2-5F81-4FE2-95BE-EF3A1A775B7A}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{0B88096E-B3DB-4BBB-A1C2-09C0C9B358E4}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{2EF15B83-248F-4C4E-8F56-7A8EB784CC96}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{491240C7-0127-4D61-B4CD-F13F1F2FC251}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{538721E6-36B0-45BC-87E2-AE9C6DCF29D5}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{5C446C63-ADE1-41DC-B5A9-401182FA1CEF}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{68066C55-5F92-4351-B3E3-8010A27A42FD}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{6E448107-B2F0-4E0A-97F1-C68AAB2DD426}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{6EB96FE2-0EC4-441D-9448-F9745FB818F8}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{6FA5F2FA-48CA-4C60-8492-9FDF7AB733F6}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{725A1661-8B74-45CC-ACA3-8E057EB27AB1}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{75E7D9B8-67A8-4C99-928B-10610556F195}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{79BF0A89-846C-4547-B140-61FA0344728A}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{8B06B528-C9A7-4476-BB3B-F5D654C5E50F}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{B1AF4789-23E3-408D-912E-0B0E8A06193F}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{B4AB50F9-F080-4F3A-8C10-B8B5C7E457F1}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{D314DA93-F962-4B7C-B3D6-402F7CCFDAED}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{DDE67A66-1A1D-41F1-B59C-B3BCC3AC6938}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{F254B049-8732-4567-A1F9-38E4AD4A8A7C}
Successfully deleted: [Empty Folder] C:\Users\Katt\Appdata\Local\{F3D07362-C499-478F-8D58-13CDA8C92D80}
Successfully deleted: [Folder] C:\ProgramData\youtubeadblocker
 
 
 
~~~ Chrome
 
 
[C:\Users\Katt\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Katt\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Katt\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Katt\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ogminpmldncgcmokldnmmapddoccmhfl
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/04/2015 at 15:53:17.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 PM

Posted 04 September 2015 - 03:32 PM

I need to be away from my computer for a couple hours or so but you can expect a reply from me when I return.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 PM

Posted 04 September 2015 - 05:12 PM

Looks like we took care of quite a bit.

Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • Copy and paste the following into the white box:

HKCU\Software\IGearSettings
HKCU\Software\Super Optimizer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6e058918}

  • Check the Delete Keys/Values including Locked/Null embedded radio button.
  • Press the Go button and post the result.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
closeprocesses:
SetDefaultFilePermissions: C:\Program Files (x86)\searchprotect
SetDefaultFilePermissions: C:\Users\Katt\Appdata\Local\searchprotect
C:\Program Files (x86)\searchprotect
C:\Users\Katt\Appdata\Local\searchprotect
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report
  • Fixlog
  • How is the computer running?

Edited by Oh My!, 04 September 2015 - 07:50 PM.
Modified instructions

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 philipvw

philipvw
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 05 September 2015 - 12:41 PM

 Computer still seems to be running okay. No pop ups. Have difficulty signing into bleepingcomputer.com though. Not sure if that is me or the computer. Still have not added any more browsers.

 

MiniRegTool64 by Farbar Version:21-07-2014
Ran by Katt (administrator) on 2015-09-05 13:03:06
 
====================================
"HKCU\Software\IGearSettings" not found.
"HKCU\Software\Super Optimizer" not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6e058918}" not found.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Katt (2015-09-05 13:05:20) Run:2
Running from C:\Users\Katt\Desktop
Loaded Profiles: Katt (Available Profiles: Katt)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
closeprocesses:
SetDefaultFilePermissions: C:\Program Files (x86)\searchprotect
SetDefaultFilePermissions: C:\Users\Katt\Appdata\Local\searchprotect
C:\Program Files (x86)\searchprotect
C:\Users\Katt\Appdata\Local\searchprotect
emptytemp:
*****************
 
Processes closed successfully.
"C:\Program Files (x86)\searchprotect" => Default permissions restored successfully.
"C:\Users\Katt\Appdata\Local\searchprotect" => Default permissions restored successfully.
 
"C:\Program Files (x86)\searchprotect" folder move:
 
Could not move "C:\Program Files (x86)\searchprotect" => Scheduled to move on reboot.
 
 
"C:\Users\Katt\Appdata\Local\searchprotect" folder move:
 
Could not move "C:\Users\Katt\Appdata\Local\searchprotect" => Scheduled to move on reboot.
 
EmptyTemp: => 1.5 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-05 13:08:35)<=
 
"C:\Program Files (x86)\searchprotect" => Could not move
"C:\Users\Katt\Appdata\Local\searchprotect" => Could not move
 
==== End of Fixlog 13:08:40 ====
 

 

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 PM

Posted 05 September 2015 - 04:33 PM

Thank you. Looks like we have a couple of stubborn entries. Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*searchprotect*
:folderfind
*searchprotect* /s
:regfind
*searchprotect*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 philipvw

philipvw
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 05 September 2015 - 07:28 PM

Hi Gary,

 

Wow that is a very pervasive virus!

 

Thank you so much for helping me with this.

 

I am attaching log file, tried several times and still wont send after a paste.

 

 

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 PM

Posted 05 September 2015 - 08:29 PM

Well it looks like the folders coming up in the report are not actually there. However, I am going to have you uninstall Spybo since SearchProtect is embedded in it. Please do it this way.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Spybot - Search & Destroy
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Spybot uninstall properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 philipvw

philipvw
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 06 September 2015 - 12:39 PM

Hello Gary,

I ran the Revo uninstaller as directed. no issues that I could spot,the list of files in the clean up step were 503, there were 3 in the Program Files folder, and the rest were in the Spybot Search and Destroy folder and all of them were zip files. I believe all gone now..



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:04 PM

Posted 06 September 2015 - 12:51 PM

Great, thanks.

I am not sure it is necessary to install additional browsers to troubleshoot our issues but did you want to do that?

Please run these.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Edited by Oh My!, 06 September 2015 - 02:25 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 philipvw

philipvw
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 06 September 2015 - 01:32 PM

Gary,

The eset online scanner seems to be a dead link also. Error 404. Running the other one now.



#15 philipvw

philipvw
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 06 September 2015 - 01:37 PM

No worries, google found it for me.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users