Optimizer Pro

[Steinhiser]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Owner at 2015-01-07 13:17:41 Run:2
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & UpdatusUser (Available profiles: Owner & UpdatusUser & Scout & Wyatt & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
C:\Program Files (x86)\Common Files\Cache utility\node\conf.js
C:\Program Files (x86)\Common Files\Cache utility\node\service.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\8jvrrol3u88.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\8jvrt0zsq08.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\8jvrthtf6w8.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\8jvrttefjc8.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
C:\Program Files (x86)\Common Files\Display settings\node\conf.js
C:\Program Files (x86)\Common Files\Display settings\node\service.exe
C:\ProgramData\2ce8e63b-5e53-4efc-b4cf-6a6e52e017a4\maintainer.bak
C:\ProgramData\Optimizer\program\winapp_Test002.exe
C:\ProgramData\Optimizer\program\windows_chromeupdatebinno.exe
C:\ProgramData\Optimizer\program\windows_chromeupdateperion.exe
C:\ProgramData\Optimizer\program\windows_chromupdateweb.exe
C:\Users\All Users\2ce8e63b-5e53-4efc-b4cf-6a6e52e017a4\maintainer.bak
C:\Users\All Users\Optimizer\program\winapp_Test002.exe
C:\Users\All Users\Optimizer\program\windows_chromeupdatebinno.exe
C:\Users\All Users\Optimizer\program\windows_chromeupdateperion.exe
C:\Users\All Users\Optimizer\program\windows_chromupdateweb.exe
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm\0.3.3_0\js\background.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm\0.3.3_0\js\bootstrap.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm\0.3.3_0\js\newtab.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm\0.3.3_0\js\opentab.js
C:\Users\Owner\Desktop\manualdownload.exe
C:\Users\Owner\Desktop\Setup.exe
C:\Users\Owner\Downloads\InstallDropbox.exe
C:\Users\Scout\Downloads\BLACK-BUTLER-SEASON-1-ENGLISH-DUB-TORRENT_downloader.exe
C:\Users\Wyatt\Downloads\minecraft-setup (1).exe
C:\Users\Wyatt\Downloads\minecraft-setup.exe
C:\Users\Wyatt\Downloads\setup.exe
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Cache utility\node\conf.js => Moved successfully.
C:\Program Files (x86)\Common Files\Cache utility\node\service.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Diagnostics\node\8jvrrol3u88.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Diagnostics\node\8jvrt0zsq08.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Diagnostics\node\8jvrthtf6w8.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Diagnostics\node\8jvrttefjc8.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Display settings\node\conf.js => Moved successfully.
C:\Program Files (x86)\Common Files\Display settings\node\service.exe => Moved successfully.
C:\ProgramData\2ce8e63b-5e53-4efc-b4cf-6a6e52e017a4\maintainer.bak => Moved successfully.
C:\ProgramData\Optimizer\program\winapp_Test002.exe => Moved successfully.
C:\ProgramData\Optimizer\program\windows_chromeupdatebinno.exe => Moved successfully.
C:\ProgramData\Optimizer\program\windows_chromeupdateperion.exe => Moved successfully.
C:\ProgramData\Optimizer\program\windows_chromupdateweb.exe => Moved successfully.
"C:\Users\All Users\2ce8e63b-5e53-4efc-b4cf-6a6e52e017a4\maintainer.bak" => File/Directory not found.
"C:\Users\All Users\Optimizer\program\winapp_Test002.exe" => File/Directory not found.
"C:\Users\All Users\Optimizer\program\windows_chromeupdatebinno.exe" => File/Directory not found.
"C:\Users\All Users\Optimizer\program\windows_chromeupdateperion.exe" => File/Directory not found.
"C:\Users\All Users\Optimizer\program\windows_chromupdateweb.exe" => File/Directory not found.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm\0.3.3_0\js\background.js => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm\0.3.3_0\js\bootstrap.js => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm\0.3.3_0\js\newtab.js => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm\0.3.3_0\js\opentab.js => Moved successfully.
C:\Users\Owner\Desktop\manualdownload.exe => Moved successfully.
C:\Users\Owner\Desktop\Setup.exe => Moved successfully.
C:\Users\Owner\Downloads\InstallDropbox.exe => Moved successfully.
C:\Users\Scout\Downloads\BLACK-BUTLER-SEASON-1-ENGLISH-DUB-TORRENT_downloader.exe => Moved successfully.
C:\Users\Wyatt\Downloads\minecraft-setup (1).exe => Moved successfully.
C:\Users\Wyatt\Downloads\minecraft-setup.exe => Moved successfully.
C:\Users\Wyatt\Downloads\setup.exe => Moved successfully.
EmptyTemp: => Removed 150.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:17:52 ====

[Juliet]

There are a couple of entries I want to make sure are gone.

Please run a Threat Scan with Malwarebytes' Anti-Malware.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Please allow it to quarantine any items found.

[Steinhiser]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/8/2015
Scan Time: 5:28:37 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.08.18
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 534560
Time Elapsed: 13 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Diagnostic.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DIAGNOSTICS, , [c141a550aedb3df98786c1acc63d51af],
PUP.Optional.Proxy.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PROXY, , [b0527580f594989ecd3f8edf4bb82bd5],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, , [61a12fc60f7afd39cd197af3ab585fa1],

Registry Values: 2
PUP.Optional.Diagnostic.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DIAGNOSTICS|ImagePath, "C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe" -s "C:\Program Files (x86)\Common Files\Diagnostics\node\diagnostics.js", , [c141a550aedb3df98786c1acc63d51af]
PUP.Optional.Proxy.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PROXY|ImagePath, "C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe" -s "C:\Program Files (x86)\Common Files\Diagnostics\node\proxy_master.js", , [b0527580f594989ecd3f8edf4bb82bd5]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Juliet]

Was MBAM allowed to quarantine?
As you can see it wont show us.

How's the computer once more before we remove tools and folders....then I'll post preventive tips.

[Steinhiser]

MBAM was allowed to quarantine.

The computer is running a bit slow again and somehow Bing was suddenly my search provider on IE instead of Google. Google wasn't even listed as a search provider any longer in my internet settings.

Thanks again for all of your help.
Lori

[Juliet]

Find out which version of Internet Explorer you're using by clicking Help > About Internet Explorer.
Internet Explorer 11

Open Internet Explorer.
In the top right corner of the search box, click the down arrow.
Click Add.
Select Google.
Click Add to Internet Explorer.
Check the box next to"Make this my default search provider."
Click Add.

Internet Explorer 10

Open Internet Explorer.
In the top right corner of the page, click the gear icon.
Click Manage add-ons.
On the left side of the page, click Search Providers.
In the bottom left corner, click Find more providers.
Select Google.
Click Add to Internet Explorer.
Check the box next to "Make this my default search provider."
Click Add.

see if the above helps?

[Steinhiser]

Yes, I was able to get rid of Bing and set Google as my default search provider. Just not sure how Bing showed up in the first place.

[Juliet]

Let's see if there are any startup items we can disable to improve performance.

Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

~~~~~~~~~~~~~~

Please run this security check for my review.

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[Juliet]

Still need help?

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.