WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trovi search bar, causing failed internet! Logs are ready. [Solved

Started by jeff matthews , Jan 07 2015 04:54 PM

Viruses Maleware Infection CCcleaner Internet connection issue Rootkits trovi search bar

This topic is locked

100 replies to this topic

#16 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 09 January 2015 - 06:50 PM

Fix Log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Ashley at 2015-01-09 16:43:31 Run:2
Running from C:\Users\Ashley\Desktop
Loaded Profile: Ashley (Available profiles: Ashley & Chuck)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
(SUPER PC TOOLS LIMITED) C:\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe
C:\Program Files (x86)\Super Optimizer
() C:\Users\Ashley\AppData\Local\wincheck\wincheck.exe
C:\Users\Ashley\AppData\Local\wincheck
HKLM-x32\...\Run: [WinCheck] => C:\Users\Ashley\AppData\Local\wincheck\wincheck.exe [529920 2015-01-07] ()
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Ashley\AppData\Local\SmartWeb\SmartWebHelper.exe
C:\Users\Ashley\AppData\Local\SmartWeb
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676968 2014-12-26] (SUPER PC TOOLS LIMITED)
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\...\MountPoints2: {c5429e11-26f2-11e4-8f1f-806e6f6e6963} - D:\Bin\ASSETUP.exe
Startup: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
ShortcutTarget: SmartWeb.lnk -> C:\Users\Ashley\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
Startup: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (No File)
Startup: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Program Files (x86)\StormWatch\StormWatchApp.exe (No File)
C:\Program Files (x86)\StormWatch
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2650459626-1003566679-2177798267-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
Toolbar: HKU\S-1-5-21-2650459626-1003566679-2177798267-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=I63E6038F-1CE3-493F-959E-FB6BE7E3EB4F&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP169215C0-C634-4015-B514-907E872A5629
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchoholic.info/?pid=21073&r=2014/12/29&hid=10223791501083041900&lg=EN&cc=US&unqvl=72&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: Trovi search
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=I63E6038F-1CE3-493F-959E-FB6BE7E3EB4F&SearchSource=55&CUI=&UM=8&UP=SP169215C0-C634-4015-B514-907E872A5629&SSPV=
FF Extension: YoautubEAdBlloCCke - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\MXhp@Zr.edu [2014-12-29]
C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\MXhp@Zr.edu
FF Extension: uuniSaalEs - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\piBes4Vs@M.org [2014-12-29]
C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\piBes4Vs@M.org
FF HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\...\Firefox\Extensions: [{DEB3EF69-9903-4024-9D7D-EBB2D0AA4C96}] - C:\Program Files (x86)\ver3BlockAndSurf\185.xpi
C:\Program Files (x86)\ver3BlockAndSurf
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
R2 cae99edb; c:\Program Files (x86)\Super Optimizer\SupOptStats.dll [2801768 2015-01-07] ()
S0 lqffzi; No ImagePath
R2 webinstrNHK; C:\Windows\system32\Drivers\webinstrNHK.sys [56432 2015-01-07] (Corsica)
C:\Windows\system32\Drivers\webinstrNHK.sys
S0 wjtvys; No ImagePath
S3 ALSysIO; \??\C:\Users\Ashley\AppData\Local\Temp\ALSysIO64.sys [X]
2015-01-07 09:10 - 2015-01-08 20:52 - 00003254 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-01-07 09:10 - 2015-01-07 09:10 - 00000000 ____D () C:\Users\Ashley\Documents\Super Optimizer
2015-01-07 09:10 - 2015-01-07 09:10 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Super Optimizer
2015-01-07 09:06 - 2015-01-08 20:51 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-01-07 09:06 - 2015-01-08 20:51 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-01-07 09:06 - 2015-01-08 20:51 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-01-07 09:06 - 2015-01-07 09:06 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-01-07 09:06 - 2015-01-07 09:06 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-01-07 09:06 - 2015-01-07 09:06 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-01-07 09:06 - 2015-01-07 09:06 - 00001049 _____ () C:\Users\Ashley\Desktop\AnyProtect.lnk
2015-01-07 09:06 - 2015-01-07 09:06 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-01-07 09:06 - 2015-01-07 09:06 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-01-07 09:05 - 2015-01-07 09:06 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-01-07 09:05 - 2015-01-07 09:05 - 00613057 _____ (CMI Limited) C:\Users\Ashley\AppData\Local\nsy3251.tmp
2015-01-07 09:05 - 2015-01-07 09:05 - 00002019 _____ () C:\Windows\patsearch.bin
2015-01-07 09:05 - 2015-01-07 09:05 - 00000000 __SHD () C:\Users\Ashley\AppData\Roaming\AnyProtectEx
2015-01-07 09:05 - 2015-01-07 09:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHK_01009.Wdf
2015-01-07 09:04 - 2015-01-07 09:06 - 00000000 ____D () C:\Users\Ashley\AppData\Local\F12554C8-33A4-1849-80EB-56C2622F6A30
2015-01-07 09:04 - 2015-01-07 09:04 - 00004626 _____ () C:\Windows\System32\Tasks\Runner IC
2015-01-07 09:04 - 2015-01-07 09:04 - 00001090 _____ () C:\Users\Ashley\Desktop\Super Optimizer.lnk
2015-01-07 09:04 - 2015-01-07 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-01-07 09:04 - 2015-01-07 09:04 - 00000000 ____D () C:\Program Files (x86)\Super Optimizer
2015-01-07 09:04 - 2015-01-07 09:04 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-07 09:00 - 2015-01-07 17:04 - 00000000 ____D () C:\Users\Ashley\AppData\Local\SmartWeb
2015-01-07 08:51 - 2015-01-07 08:51 - 04645232 _____ (Piriform Ltd) C:\Users\Ashley\Desktop\ccsetup409.exe
2015-01-07 08:50 - 2015-01-07 17:04 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-07 08:50 - 2015-01-07 08:50 - 00001344 _____ () C:\Windows\Tasks\XSNOUNY.job
2015-01-07 08:50 - 2015-01-07 08:50 - 00001342 _____ () C:\Windows\Tasks\BLPMKG.job
2015-01-07 08:50 - 2015-01-07 08:50 - 00000470 _____ () C:\Windows\Tasks\Client.job
2015-01-07 08:50 - 2015-01-07 08:50 - 00000454 _____ () C:\Windows\Tasks\Validate Uninstaller.job
2015-01-07 08:50 - 2015-01-07 08:50 - 00000450 _____ () C:\Windows\Tasks\Validate Updater.job
2015-01-07 08:50 - 2015-01-07 08:50 - 00000414 _____ () C:\Windows\Tasks\Check Updates.job
2015-01-07 08:50 - 2015-01-07 08:50 - 00000410 _____ () C:\Windows\Tasks\Run Tasks.job
2015-01-07 08:50 - 2015-01-07 08:50 - 00000064 _____ () C:\Users\Ashley\AppData\Local\55e2ee417d89b23c44dd0dae815edf92
2015-01-07 08:50 - 2015-01-07 08:50 - 00000000 ____D () C:\Users\Ashley\AppData\Local\globalUpdate
2015-01-07 08:50 - 2015-01-07 08:50 - 00000000 ____D () C:\Users\Ashley\AppData\Local\GeniusBox
2015-01-07 08:50 - 2015-01-07 08:50 - 00000000 ____D () C:\Program Files (x86)\28aeea84-e5dd-4769-9212-7eacddbe42a4
2015-01-07 08:49 - 2015-01-07 08:49 - 00000282 _____ () C:\Windows\Tasks\LaunchSignup.job
2015-01-07 08:35 - 2015-01-07 08:46 - 00000000 ____D () C:\ProgramData\makulitsidwe
2015-01-07 07:46 - 2015-01-07 07:46 - 00380416 _____ () C:\Users\Ashley\Downloads\gscxyzlt.exe
2014-12-29 01:30 - 2015-01-07 03:22 - 00000000 ____D () C:\Program Files (x86)\YoautubEAdBlloCCke
2014-12-29 01:29 - 2015-01-07 03:22 - 00000000 ____D () C:\Program Files (x86)\unisailees
2014-12-29 01:29 - 2014-12-29 01:29 - 00000000 ____D () C:\ProgramData\14357881760666442250
2014-12-29 01:29 - 2014-12-29 01:29 - 00000000 ____D () C:\Program Files (x86)\uuniSaalEs
C:\Users\Ashley\AppData\Local\Temp\99648137-C26F-E6FB-3819-EB158432D633.dll
C:\Users\Ashley\AppData\Local\Temp\99648137-C26F-E6FB-3819-EB158432D633.exe
C:\Users\Ashley\AppData\Local\Temp\A8B293B6-0520-1E1E-C444-05C89AD3F685.exe
C:\Users\Ashley\AppData\Local\Temp\amisetup8163__11003.exe
C:\Users\Ashley\AppData\Local\Temp\amisetup8199__11005.exe
C:\Users\Ashley\AppData\Local\Temp\CloudBackup4064.exe
C:\Users\Ashley\AppData\Local\Temp\supoptsetup.exe
C:\Users\Ashley\AppData\Local\Temp\vcredist_x64.exe
Task: {0A34076C-7C19-4B57-99E0-1511B5A565E3} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2014-12-26] (SUPER PC TOOLS LIMITED)
Task: {286B1FB2-E492-499A-A07C-2D391D99C79A} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-07] (AnyProtect.com) <==== ATTENTION
Task: {39F5A2DE-68ED-4E42-B65F-09BCF4BF3DA3} - \BlockAndSurf Update No Task File <==== ATTENTION
Task: {676D9544-1738-4D8A-8A0C-D6E5686DD943} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-07] (AnyProtect.com) <==== ATTENTION
Task: {7A7FAE54-D8BC-4C3E-8447-0D6C8F1A4071} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-07] (AnyProtect.com) <==== ATTENTION
Task: {9FC2D183-6C20-46F5-8FA2-73385FAFC75C} - \Voo Update No Task File <==== ATTENTION
Task: {A83040FC-1ADB-48FF-B060-2A22374D7315} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {A8F8A9B7-F3F5-4B87-A456-E62516B926AF} - System32\Tasks\Runner IC => %LOCALAPPDATA%\F12554C8-33A4-1849-80EB-56C2622F6A30\Runner.exe
Task: {D54B1E34-5209-4F5C-86C0-D3D1814714A2} - System32\Tasks\Microsoft\Windows\Maintenance\Update IC => %LOCALAPPDATA%\F12554C8-33A4-1849-80EB-56C2622F6A30\Runner.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BLPMKG.job => C:\Users\Ashley\AppData\Roaming\BLPMKG.exe <==== ATTENTION
C:\Users\Ashley\AppData\Roaming\BLPMKG.exe
Task: C:\Windows\Tasks\Check Updates.job => C:\Users\Ashley\AppData\Local\GeniusBox\Updater.exe
Task: C:\Windows\Tasks\Client.job => C:\Users\Ashley\AppData\Local\GeniusBox\client.exe
Task: C:\Windows\Tasks\LaunchSignup.job => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: C:\Windows\Tasks\Run Tasks.job => C:\Users\Ashley\AppData\Local\GeniusBox\Tasks.exe
Task: C:\Windows\Tasks\Validate Uninstaller.job => C:\Users\Ashley\AppData\Local\GeniusBox\Uninstall.exe
Task: C:\Windows\Tasks\Validate Updater.job => C:\Users\Ashley\AppData\Local\GeniusBox\Updater.exe
Task: C:\Windows\Tasks\XSNOUNY.job => C:\Users\Ashley\AppData\Roaming\XSNOUNY.exe <==== ATTENTION
C:\Users\Ashley\AppData\Roaming\XSNOUNY.exe
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CltMngSvc" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdate" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdatem" /f
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe => No running process found
"C:\Program Files (x86)\Super Optimizer" => File/Directory not found.
C:\Users\Ashley\AppData\Local\wincheck\wincheck.exe => No running process found
"C:\Users\Ashley\AppData\Local\wincheck" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WinCheck => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value deleted successfully.
C:\Users\Ashley\AppData\Local\SmartWeb => Moved successfully.
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Super Optimizer => Value not found.
"HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5429e11-26f2-11e4-8f1f-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{c5429e11-26f2-11e4-8f1f-806e6f6e6963} => Key not found.
C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => Moved successfully.
C:\Users\Ashley\AppData\Local\SmartWeb\SmartWebHelper.exe not found.
C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk => Moved successfully.
C:\Program Files (x86)\StormWatch\StormWatch.exe not found.
C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk => Moved successfully.
C:\Program Files (x86)\StormWatch\StormWatchApp.exe not found.
"C:\Program Files (x86)\StormWatch" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\MXhp@Zr.edu => Moved successfully.
"C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\MXhp@Zr.edu" => File/Directory not found.
C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\piBes4Vs@M.org => Moved successfully.
"C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\piBes4Vs@M.org" => File/Directory not found.
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\Software\Mozilla\Firefox\Extensions\\{DEB3EF69-9903-4024-9D7D-EBB2D0AA4C96} => value deleted successfully.
"C:\Program Files (x86)\ver3BlockAndSurf" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
cae99edb => Service not found.
lqffzi => Service deleted successfully.
webinstrNHK => Service stopped successfully.
webinstrNHK => Service deleted successfully.
C:\Windows\system32\Drivers\webinstrNHK.sys => Moved successfully.
wjtvys => Service deleted successfully.
ALSysIO => Service deleted successfully.
C:\Windows\System32\Tasks\Super Optimizer Schedule => Moved successfully.
"C:\Users\Ashley\Documents\Super Optimizer" => File/Directory not found.
"C:\Users\Ashley\AppData\Roaming\Super Optimizer" => File/Directory not found.
C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"C:\Users\Ashley\Desktop\AnyProtect.lnk" => File/Directory not found.

"C:\Windows\SysWOW64\Flash" directory move:

C:\Windows\SysWOW64\Flash\Flash32_11_8_800_94.ocx => Moved successfully.
Could not move "C:\Windows\SysWOW64\Flash" directory. => Scheduled to move on reboot.

"C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup" => File/Directory not found.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
C:\Users\Ashley\AppData\Local\nsy3251.tmp => Moved successfully.
C:\Windows\patsearch.bin => Moved successfully.
C:\Users\Ashley\AppData\Roaming\AnyProtectEx => Moved successfully.
C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHK_01009.Wdf => Moved successfully.
"C:\Users\Ashley\AppData\Local\F12554C8-33A4-1849-80EB-56C2622F6A30" => File/Directory not found.
C:\Windows\System32\Tasks\Runner IC => Moved successfully.
"C:\Users\Ashley\Desktop\Super Optimizer.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer" => File/Directory not found.
"C:\Program Files (x86)\Super Optimizer" => File/Directory not found.
C:\Program Files (x86)\predm => Moved successfully.
"C:\Users\Ashley\AppData\Local\SmartWeb" => File/Directory not found.
C:\Users\Ashley\Desktop\ccsetup409.exe => Moved successfully.
C:\Program Files (x86)\globalUpdate => Moved successfully.
C:\Windows\Tasks\XSNOUNY.job => Moved successfully.
C:\Windows\Tasks\BLPMKG.job => Moved successfully.
C:\Windows\Tasks\Client.job => Moved successfully.
C:\Windows\Tasks\Validate Uninstaller.job => Moved successfully.
C:\Windows\Tasks\Validate Updater.job => Moved successfully.
C:\Windows\Tasks\Check Updates.job => Moved successfully.
C:\Windows\Tasks\Run Tasks.job => Moved successfully.
C:\Users\Ashley\AppData\Local\55e2ee417d89b23c44dd0dae815edf92 => Moved successfully.
C:\Users\Ashley\AppData\Local\globalUpdate => Moved successfully.
"C:\Users\Ashley\AppData\Local\GeniusBox" => File/Directory not found.
C:\Program Files (x86)\28aeea84-e5dd-4769-9212-7eacddbe42a4 => Moved successfully.
C:\Windows\Tasks\LaunchSignup.job => Moved successfully.
C:\ProgramData\makulitsidwe => Moved successfully.
C:\Users\Ashley\Downloads\gscxyzlt.exe => Moved successfully.
C:\Program Files (x86)\YoautubEAdBlloCCke => Moved successfully.
C:\Program Files (x86)\unisailees => Moved successfully.
C:\ProgramData\14357881760666442250 => Moved successfully.
C:\Program Files (x86)\uuniSaalEs => Moved successfully.
C:\Users\Ashley\AppData\Local\Temp\99648137-C26F-E6FB-3819-EB158432D633.dll => Moved successfully.
C:\Users\Ashley\AppData\Local\Temp\99648137-C26F-E6FB-3819-EB158432D633.exe => Moved successfully.
C:\Users\Ashley\AppData\Local\Temp\A8B293B6-0520-1E1E-C444-05C89AD3F685.exe => Moved successfully.
C:\Users\Ashley\AppData\Local\Temp\amisetup8163__11003.exe => Moved successfully.
C:\Users\Ashley\AppData\Local\Temp\amisetup8199__11005.exe => Moved successfully.
C:\Users\Ashley\AppData\Local\Temp\CloudBackup4064.exe => Moved successfully.
C:\Users\Ashley\AppData\Local\Temp\supoptsetup.exe => Moved successfully.
C:\Users\Ashley\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A34076C-7C19-4B57-99E0-1511B5A565E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A34076C-7C19-4B57-99E0-1511B5A565E3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Super Optimizer Schedule not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{286B1FB2-E492-499A-A07C-2D391D99C79A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{286B1FB2-E492-499A-A07C-2D391D99C79A}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39F5A2DE-68ED-4E42-B65F-09BCF4BF3DA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39F5A2DE-68ED-4E42-B65F-09BCF4BF3DA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{676D9544-1738-4D8A-8A0C-D6E5686DD943}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{676D9544-1738-4D8A-8A0C-D6E5686DD943}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A7FAE54-D8BC-4C3E-8447-0D6C8F1A4071}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A7FAE54-D8BC-4C3E-8447-0D6C8F1A4071}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FC2D183-6C20-46F5-8FA2-73385FAFC75C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FC2D183-6C20-46F5-8FA2-73385FAFC75C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Voo Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A83040FC-1ADB-48FF-B060-2A22374D7315}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A83040FC-1ADB-48FF-B060-2A22374D7315}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8F8A9B7-F3F5-4B87-A456-E62516B926AF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F8A9B7-F3F5-4B87-A456-E62516B926AF}" => Key deleted successfully.
C:\Windows\System32\Tasks\Runner IC not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Runner IC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D54B1E34-5209-4F5C-86C0-D3D1814714A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D54B1E34-5209-4F5C-86C0-D3D1814714A2}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Update IC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Update IC" => Key deleted successfully.
C:\Windows\Tasks\APSnotifierPP1.job not found.
C:\Windows\Tasks\APSnotifierPP2.job not found.
C:\Windows\Tasks\APSnotifierPP3.job not found.
C:\Windows\Tasks\BLPMKG.job not found.
"C:\Users\Ashley\AppData\Roaming\BLPMKG.exe" => File/Directory not found.
C:\Windows\Tasks\Check Updates.job not found.
C:\Windows\Tasks\Client.job not found.
C:\Windows\Tasks\LaunchSignup.job not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
C:\Windows\Tasks\Run Tasks.job not found.
C:\Windows\Tasks\Validate Uninstaller.job not found.
C:\Windows\Tasks\Validate Updater.job not found.
C:\Windows\Tasks\XSNOUNY.job not found.
"C:\Users\Ashley\AppData\Roaming\XSNOUNY.exe" => File/Directory not found.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CltMngSvc" /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdate" /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdatem" /f =========

The operation completed successfully.

========= End of Reg: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => Removed 100.7 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-09 16:45:11)<=

C:\Windows\SysWOW64\Flash => Is moved successfully.

==== End of Fixlog 16:45:11 ====

Advertisements

Register to Remove

#17 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 09 January 2015 - 06:51 PM

FRST LOG

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Ashley (administrator) on ASHLEY-PC on 09-01-2015 16:46:47
Running from C:\Users\Ashley\Desktop
Loaded Profile: Ashley (Available profiles: Ashley & Chuck)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(BitTorrent Inc.) C:\Users\Ashley\AppData\Roaming\uTorrent\uTorrent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CCE] => C:\Users\Ashley\Documents\Virus Utilities\cce_2.5.242177.201_x64\CCE\CCE.exe [7002032 2012-07-09] (COMODO)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ospd_us_611] => "C:\Program Files (x86)\ospd_us_611\ospd_us_611.exe"
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\...\Run: [uTorrent] => C:\Users\Ashley\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2014-12-16] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65

FireFox:
========
FF ProfilePath: C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\user.js
FF Extension: WOT - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-01-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-20]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-20]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [133912 2012-10-30] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-07] (Emsisoft GmbH)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [132864 2012-10-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-09-21] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [262656 2012-10-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-07] (Emsisoft GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-07] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:54 - 2015-01-09 15:54 - 00000000 ____D () C:\ProgramData\2355320829
2015-01-08 21:17 - 2015-01-08 21:17 - 00364920 _____ (Fusion Install ) C:\Users\Ashley\Downloads\Unconfirmed 380096.crdownload
2015-01-08 21:16 - 2015-01-08 21:16 - 00364920 _____ (Fusion Install ) C:\Users\Ashley\Downloads\Unconfirmed 949649.crdownload
2015-01-08 21:07 - 2015-01-08 21:07 - 00364920 _____ (Fusion Install ) C:\Users\Ashley\Downloads\Unconfirmed 788712.crdownload
2015-01-08 21:07 - 2015-01-08 21:07 - 00364920 _____ (Fusion Install ) C:\Users\Ashley\Downloads\Unconfirmed 442184.crdownload
2015-01-08 21:06 - 2015-01-08 21:06 - 00370552 _____ () C:\Users\Ashley\Downloads\Unconfirmed 681424.crdownload
2015-01-08 21:06 - 2015-01-08 21:06 - 00370552 _____ () C:\Users\Ashley\Downloads\Unconfirmed 593765.crdownload
2015-01-08 21:06 - 2015-01-08 21:06 - 00364920 _____ (Fusion Install ) C:\Users\Ashley\Downloads\Unconfirmed 386228.crdownload
2015-01-08 21:03 - 2015-01-08 21:04 - 00370552 _____ () C:\Users\Ashley\Downloads\Unconfirmed 163258.crdownload
2015-01-08 00:30 - 2015-01-09 15:59 - 00024551 _____ () C:\Users\Ashley\Desktop\Addition.txt
2015-01-08 00:29 - 2015-01-09 16:47 - 00013488 _____ () C:\Users\Ashley\Desktop\FRST.txt
2015-01-08 00:29 - 2015-01-09 16:46 - 00000000 ____D () C:\FRST
2015-01-08 00:29 - 2015-01-08 00:25 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Ashley\Desktop\tdsskiller.exe
2015-01-08 00:29 - 2015-01-08 00:23 - 02124288 _____ (Farbar) C:\Users\Ashley\Desktop\FRST64.exe
2015-01-07 19:42 - 2015-01-07 19:42 - 00014009 _____ () C:\Users\Ashley\Desktop\dds.txt
2015-01-07 19:42 - 2015-01-07 19:42 - 00007121 _____ () C:\Users\Ashley\Desktop\attach.txt
2015-01-07 19:41 - 2015-01-07 19:38 - 00688992 ____R (Swearware) C:\Users\Ashley\Desktop\dds.com
2015-01-07 09:17 - 2015-01-07 09:17 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 405fe981-ffa0-480d-8fba-2444e54b8324.job
2015-01-07 09:17 - 2015-01-07 09:17 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0508beb0-306f-4a8a-8ee8-3eeefbc167d1.job
2015-01-07 09:17 - 2015-01-07 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-07 09:15 - 2015-01-07 09:15 - 00000000 __SHD () C:\Users\Ashley\AppData\Local\EmieBrowserModeList
2015-01-07 09:09 - 2015-01-07 09:09 - 00000000 ____D () C:\SUPERDelete
2015-01-07 09:00 - 2015-01-09 16:44 - 00074002 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 08:59 - 2015-01-07 08:59 - 00001056 _____ () C:\Users\Ashley\Desktop\Continue Live Installation.lnk
2015-01-07 08:58 - 2015-01-07 08:58 - 00001973 _____ () C:\Users\Ashley\Desktop\Sync Folder.lnk
2015-01-07 08:56 - 2015-01-09 16:44 - 00001221 _____ () C:\Windows\setupact.log
2015-01-07 08:56 - 2015-01-07 08:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-07 08:55 - 2015-01-09 15:56 - 00142022 _____ () C:\Windows\PFRO.log
2015-01-07 08:51 - 2015-01-07 08:51 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-07 08:51 - 2015-01-07 08:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-07 08:45 - 2015-01-07 08:45 - 00001332 _____ () C:\Users\Ashley\Desktop\SUPERAntiSpyware Scan Log - 01-07-2015 - 08-44-22.log
2015-01-07 08:14 - 2015-01-07 08:14 - 00000176 _____ () C:\Users\Ashley\Desktop\Scan_150107-081418.txt
2015-01-07 07:41 - 2015-01-07 07:42 - 00000000 ____D () C:\EEK
2015-01-07 07:41 - 2015-01-07 07:41 - 00000743 _____ () C:\Users\Ashley\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-07 07:39 - 2015-01-07 07:39 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-07 07:38 - 2015-01-07 07:38 - 00004722 _____ () C:\Users\Ashley\Desktop\HitmanPro_20150107_0738.log
2015-01-07 07:37 - 2015-01-07 07:37 - 00001714 _____ () C:\Windows\system32\.crusader
2015-01-07 04:43 - 2015-01-07 07:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-07 04:38 - 2015-01-07 04:42 - 165090088 _____ () C:\Users\Ashley\Downloads\EmsisoftEmergencyKit.exe
2015-01-07 04:16 - 2015-01-07 04:16 - 04166770 _____ () C:\Users\Ashley\Downloads\tdsskiller.zip
2015-01-07 03:27 - 2015-01-07 09:03 - 00000000 ____D () C:\Users\Ashley\Documents\Virus Utilities
2015-01-07 03:20 - 2015-01-07 03:24 - 25543261 _____ () C:\Users\Ashley\Downloads\cce_2.5.242177.201_x64.zip
2015-01-07 00:26 - 2013-06-18 17:12 - 26190240 _____ (SUPERAntiSpyware.com) C:\Users\Ashley\Desktop\SUPERAntiSpyware.exe
2015-01-07 00:19 - 2015-01-09 16:36 - 00000000 ____D () C:\Windows\pss
2014-12-29 22:43 - 2014-12-29 22:43 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-12-29 22:43 - 2014-12-29 22:43 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-12-29 22:43 - 2014-12-29 22:43 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-12-29 22:43 - 2014-12-29 22:43 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-12-29 22:43 - 2014-12-29 22:43 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-12-29 22:43 - 2014-12-29 22:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-12-29 22:43 - 2014-12-29 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-12-29 22:43 - 2014-12-29 22:43 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-12-29 01:31 - 2014-12-29 01:31 - 00000000 ____D () C:\Windows\SysWOW64\X86
2014-12-29 01:31 - 2014-12-29 01:31 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2014-12-29 01:30 - 2014-12-29 01:30 - 00000000 ____D () C:\Program Files (x86)\Ghostery
2014-12-29 01:00 - 2014-12-29 00:52 - 504015269 _____ () C:\Users\Ashley\Desktop\wolfblood.s03e08.720p.webrip.x264-failed.mkv
2014-12-29 01:00 - 2014-12-29 00:51 - 498921497 _____ () C:\Users\Ashley\Desktop\wolfblood.s03e07.720p.webrip.x264-failed.mkv
2014-12-28 23:56 - 2014-12-31 17:34 - 00000000 ____D () C:\Users\Ashley\Downloads\Wolfblood S3
2014-12-17 13:47 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 13:47 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 02:33 - 2014-12-11 05:54 - 00000000 ____D () C:\Users\Ashley\Downloads\Heroes
2014-12-10 03:20 - 2014-12-10 03:20 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:01 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:01 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 01:50 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 01:50 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 01:50 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 01:50 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 01:50 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 01:50 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 01:50 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 01:49 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 01:49 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 01:49 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 01:49 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 01:49 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 01:49 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 01:49 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 01:49 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 01:49 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 01:49 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 01:49 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 01:49 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 01:49 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 01:49 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 01:49 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 01:49 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 01:49 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 01:49 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 01:49 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 01:49 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 01:49 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 01:49 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 01:49 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 01:49 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 01:49 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 01:49 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 01:49 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 01:49 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 01:49 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 01:49 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 01:49 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 01:49 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 01:49 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 01:49 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 01:49 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 01:49 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 01:49 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 01:49 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 01:49 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 01:49 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 01:49 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 01:49 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 01:49 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 01:49 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 01:49 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 01:49 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 01:49 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 01:49 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 01:49 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 01:49 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 01:49 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 01:49 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 01:49 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 01:49 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 01:49 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 01:49 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 01:49 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 01:49 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 01:46 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 01:46 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 01:46 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 01:46 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 01:46 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 01:46 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 01:46 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 01:46 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 01:46 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 01:46 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 01:46 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 01:46 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 01:46 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 01:46 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 16:45 - 2014-08-20 15:01 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\uTorrent
2015-01-09 16:45 - 2014-08-17 17:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 16:44 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 16:43 - 2009-07-13 20:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 16:43 - 2009-07-13 20:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 16:42 - 2009-07-13 21:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 16:41 - 2014-08-17 17:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 21:15 - 2014-08-17 18:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 16:41 - 2014-08-23 22:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 09:17 - 2014-08-23 22:37 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-07 09:17 - 2014-08-23 22:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-07 08:54 - 2014-11-13 12:33 - 00000000 ____D () C:\Users\Ashley\AppData\Local\CrashDumps
2015-01-07 08:54 - 2014-10-22 01:16 - 00000000 ____D () C:\Windows\Minidump
2015-01-07 08:54 - 2014-08-18 09:14 - 00000000 ____D () C:\Windows\Panther
2015-01-07 08:50 - 2014-08-17 17:40 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2015-01-07 04:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Web
2015-01-07 03:15 - 2014-08-23 22:31 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-07 03:15 - 2014-08-23 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-07 03:15 - 2014-08-23 22:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-07 00:21 - 2014-08-26 17:38 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-06 04:36 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-01 21:21 - 2014-08-17 17:29 - 00000000 ____D () C:\ProgramData\Norton
2014-12-31 05:14 - 2009-07-13 20:45 - 00409568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-30 00:49 - 2014-08-23 12:12 - 00109688 _____ () C:\Users\Chuck\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-30 00:49 - 2014-08-17 17:52 - 00109688 _____ () C:\Users\Ashley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-29 21:54 - 2014-11-07 16:36 - 00000000 ____D () C:\Users\Chuck\AppData\Local\CrashDumps
2014-12-11 16:48 - 2014-08-17 17:33 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 02:33 - 2014-12-05 03:32 - 00000000 ____D () C:\Users\Ashley\Downloads\Buffy the Vampire Slayer Classics (Dark Horse, 2011-...) (01-...)
2014-12-11 02:21 - 2014-08-17 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 05:24 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 04:15 - 2014-08-17 18:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 04:15 - 2014-08-17 18:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 04:15 - 2014-08-17 18:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 03:20 - 2014-08-19 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:05 - 2014-11-28 16:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:04 - 2014-08-21 01:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:02 - 2014-08-21 01:39 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 00:58

==================== End Of Log ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Ashley at 2015-01-09 16:47:29
Running from C:\Users\Ashley\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Internet Security (Disabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Internet Security (Disabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
avast! Internet Security (HKLM-x32\...\avast) (Version: 7.0.1474.0 - AVAST Software)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
DVDFab 9.0.4.2 (27/05/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
KCP-0.5.4.0 (HKLM-x32\...\Kawaii Codec Pack_is1) (Version: 0.5.4.0 - Haruhichan.com)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

23-12-2014 03:37:16 Windows Update
29-12-2014 22:43:06 DCInstallRestorePoint
29-12-2014 23:11:09 Windows Update
02-01-2015 18:21:56 Windows Update
07-01-2015 00:20:10 Windows Update
09-01-2015 16:43:34 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D4568D6-E7ED-4FD4-81D4-9E06C08D619A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-30] (AVAST Software)
Task: {2383CADB-BC8D-4B03-B1A7-15B2FB86CBC7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3E12A637-10FC-47A1-9B4A-3F2CF0945231} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {56F93B1D-8557-4713-9DC9-9C4AF49842B8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {664DDD14-3249-429B-A4C1-40969E91B163} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {6B801873-B3A2-4C74-9CED-08B4638255B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {6D58477C-6572-4645-86EA-089A577D9752} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {733874A1-2C90-47B6-8205-029879364D7D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7BD730F5-2D2C-414D-A96B-028036691365} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {7DE2E9BE-06FC-4B78-AE19-C87EBB01D6BB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8D2A1FB9-D9D6-4FCC-93A6-B4440188F340} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {99F973DB-AE0B-4CC3-B8A6-9B202955A605} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {D1B6C965-176F-4907-8FB2-CC155BB3EEA1} - System32\Tasks\{BA9F18D4-E395-4EAF-AA1F-E68AC28632A5} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0508beb0-306f-4a8a-8ee8-3eeefbc167d1.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 405fe981-ffa0-480d-8fba-2444e54b8324.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2014-08-26 17:38 - 2011-09-06 03:32 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-20 01:54 - 2012-10-30 23:35 - 01825280 _____ () C:\Program Files\AVAST Software\Avast\defs\12103100\algo.dll
2014-10-15 03:34 - 2014-10-15 03:34 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2014-08-17 17:41 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: serverca => 2
MSCONFIG\Services: servervo => 2
MSCONFIG\Services: SWUpdater => 2

========================= Accounts: ==========================

Administrator (S-1-5-21-2650459626-1003566679-2177798267-500 - Administrator - Disabled)
Ashley (S-1-5-21-2650459626-1003566679-2177798267-1000 - Administrator - Enabled) => C:\Users\Ashley
Chuck (S-1-5-21-2650459626-1003566679-2177798267-1001 - Administrator - Enabled) => C:\Users\Chuck
Guest (S-1-5-21-2650459626-1003566679-2177798267-501 - Limited - Enabled)
Kristi (S-1-5-21-2650459626-1003566679-2177798267-1002 - Limited - Enabled)
Teri (S-1-5-21-2650459626-1003566679-2177798267-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 04:46:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 04:43:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a2740375-75fe-4dd4-b209-d14b189a9de9}

Error: (01/09/2015 04:39:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 03:58:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 09:20:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 08:52:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 09:33:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...F5B856976AD.crt> with error: 12007 (0x2ee7).

Error: (01/07/2015 09:28:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...F5B856976AD.crt> with error: 12007 (0x2ee7).

Error: (01/07/2015 09:01:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nsb2C67.tmp version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 158c

Start Time: 01d02a9b3da0ab52

Termination Time: 14

Application Path: C:\Users\Ashley\AppData\Local\Temp\nsb2C67.tmp

Report Id:

Error: (01/07/2015 08:57:57 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (01/09/2015 04:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/09/2015 04:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/09/2015 04:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/09/2015 04:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/09/2015 04:43:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/09/2015 04:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/09/2015 04:43:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (01/09/2015 04:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Identity Safe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/09/2015 04:43:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/09/2015 04:43:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Canon Inkjet Printer/Scanner/Fax Extended Survey Program service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (01/09/2015 04:46:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 04:43:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a2740375-75fe-4dd4-b209-d14b189a9de9}

Error: (01/09/2015 04:39:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 03:58:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 09:20:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 08:52:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 09:33:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windows...6976AD.crt12007 (0x2ee7)

Error: (01/07/2015 09:28:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windows...6976AD.crt12007 (0x2ee7)

Error: (01/07/2015 09:01:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nsb2C67.tmp0.0.0.0158c01d02a9b3da0ab5214C:\Users\Ashley\AppData\Local\Temp\nsb2C67.tmp

Error: (01/07/2015 08:57:57 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 18%
Total physical RAM: 8134.5 MB
Available physical RAM: 6657.89 MB
Total Pagefile: 16267.17 MB
Available Pagefile: 14499.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.66 GB) (Free:116.72 GB) NTFS
Drive e: () (Removable) (Total:14.9 GB) (Free:12.5 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 7C7BECB8)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

#18 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 10 January 2015 - 01:12 PM

Hello,

To answer your earlier questions -

Arn't you supposed to like Drag the script into the program?

No. Simply follow the instructions I provide.

I don't think it is supposed to be taking this long.

FRST scripts usually take 5-10 minutes to process. There are a variety of factors involved that may cause the programme to take longer. FRST should be given at least an hour before manually closing the programme.

Its just supposed to fix the registry errors right?

No. The script dealt with the vast amount of adware and malware that was present on this machine, which includes files and folders, as well as registry items.

---------------------

Moving on -

As I asked earlier, please refrain from using your P2P programmes and downloading other files during this process. This will complicate matters.

(BitTorrent Inc.) C:\Users\Ashley\AppData\Roaming\uTorrent\uTorrent.exe

2015-01-08 21:17 - 2015-01-08 21:17 - 00364920 _____ (Fusion Install ) C:\Users\Ashley\Downloads\Unconfirmed 380096.crdownload
2015-01-08 21:16 - 2015-01-08 21:16 - 00364920 _____ (Fusion Install ) C:\Users\Ashley\Downloads\Unconfirmed 949649.crdownload
2015-01-08 21:07 - 2015-01-08 21:07 - 00364920 _____ (Fusion Install ) C:\Users\Ashley\Downloads\Unconfirmed 788712.crdownload
2015-01-08 21:07 - 2015-01-08 21:07 - 00364920 _____ (Fusion Install ) C:\Users\Ashley\Downloads\Unconfirmed 442184.crdownload
2015-01-08 21:06 - 2015-01-08 21:06 - 00370552 _____ () C:\Users\Ashley\Downloads\Unconfirmed 681424.crdownload
2015-01-08 21:06 - 2015-01-08 21:06 - 00370552 _____ () C:\Users\Ashley\Downloads\Unconfirmed 593765.crdownload
2015-01-08 21:06 - 2015-01-08 21:06 - 00364920 _____ (Fusion Install ) C:\Users\Ashley\Downloads\Unconfirmed 386228.crdownload
2015-01-08 21:03 - 2015-01-08 21:04 - 00370552 _____ () C:\Users\Ashley\Downloads\Unconfirmed 163258.crdownload

There are a variety of errors and other issues that involve certain Windows services and Windows Updates amongst other things.
For now, we will continue the malware removal process, and address these issues (either caused by the malware, or are unrelated) afterwards. You may end up being referred to the Windows section if there is considerable damage.

STEP 1
AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

STEP 2
Junkware Removal Tool (JRT)

Please download Junkware Removal Tool and save the file to your Desktop.
Create a System Restore Point. For instructions, please refer to the following link (W7).
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Right-Click JRT.exe and select Run as administrator to run the programme.
Follow the prompts and allow the scan to run uninterrupted.
Upon completion, a log (JRT.txt) will open on your desktop.
Re-enable your anti-virus software.
Copy the contents of JRT.txt and paste in your next reply.

STEP 3
Malwarebytes Anti-Malware (MBAM)

Open Malwarebytes Anti-Malware and click Update Now.
Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
Click Copy to Clipboard and paste the log in your next reply.

STEP 4
ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Hide advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click . If no threats were found, skip the next two bullet points.
Click and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to and click .
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

STEP 5
RogueKiller

Please download RogueKiller (x64) and save the file to your Desktop.
Close any running programmes.
Right-Click RogueKiller.exe and select Run as administrator to run the programme.
Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
A browser window may open. Close the browser window.
Click . Upon completion, click .
Close the programme. Do not fix anything!
A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.

======================================================

STEP 6
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

AdwCleaner[S0].txt
JRT.txt
MBAM Scan log
ESET Online Scan log
RKreport.txt

Would you like to help others with malware removal? Join our Classroom and learn how!

#19 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 11 January 2015 - 02:40 PM

Well this computer is a family pc and my sister is the one that uses it mostly. Her name is Ashley. She specifically told me that she has not used Utorrent which is the p2p sharing program on here in a long while. I don't think that Utorrent was the cause behind most of these infections, i think it was mostly the file that i downloaded my self. To think that one file could have that many infections. In any case, the program that i downloaded was a CE application, i was going to use it to clean up the browsers cause i was having an issue with browser extensions and firefox was crashing due to much memory. I did not intend to heavily infect the machine.

No. The script dealt with the vast amount of adware and malware that was present on this machine, which includes files and folders, as well as registry items.

So its really that bad huh? Were there rootkits as well?

Ok so here are my logs.

# AdwCleaner v4.107 - Report created 10/01/2015 at 19:42:20
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ashley - ASHLEY-PC
# Running from : C:\Users\Ashley\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Video Converter
Folder Deleted : C:\Users\Ashley\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\qkuoglkh.default\Extensions\MXhp@Zr.edu
Folder Deleted : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\qkuoglkh.default\Extensions\piBes4Vs@M.org
File Deleted : C:\Users\Ashley\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Ashley\Desktop\Sync Folder.lnk
File Deleted : C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\StormWatch
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[yrwqb25u.default\prefs.js] - Line Deleted : user_pref("extensions.ac6d10446ffd84587ac59c8230189815dffea895e418f9d9fd8cfcom69061.69061.cookie.previous_page.value", "%22hxxp%3A//www.trovi.com/%3Fgd%3D%26ctid%3DCT3332128%26octid%3DEB_ORIGINAL_CTID[...]
[yrwqb25u.default\prefs.js] - Line Deleted : user_pref("extensions.ac6d10446ffd84587ac59c8230189815dffea895e418f9d9fd8cfcom69061.69061.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%[...]
[yrwqb25u.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14ac54e8dd6395292bd6315905c61044");
[qkuoglkh.default\prefs.js] - Line Deleted : user_pref("extensions.HSB7kaxakOGf860h.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[qkuoglkh.default\prefs.js] - Line Deleted : user_pref("extensions.SqrqD2cy1IvaGzYi.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[qkuoglkh.default\prefs.js] - Line Deleted : user_pref("extensions.SqrqD2cy1IvaGzYi.url", "hxxp://skybardownloadstar.net/sync2/?q=hfZ9oflKAfqZBylHrGhEAen0rTwEqHrMg708BNmGWj8lkGhGheDUojw9rjsGpja4rTUHqShIC7n0rjnFrTs4rjs9rjnHtNhVCT94tMVKhd9HrdC9rTr[...]

-\\ Google Chrome v39.0.2171.95

*************************

AdwCleaner[R0].txt - [7187 octets] - [10/01/2015 19:36:10]
AdwCleaner[S0].txt - [7103 octets] - [10/01/2015 19:42:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7163 octets] ##########

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ashley on Sat 01/10/2015 at 19:55:44.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Ashley\AppData\Roaming\mozilla\firefox\profiles\yrwqb25u.default\prefs.js

user_pref("extensions.HSB7kaxakOGf860h.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.HSB7kaxakOGf860h.url", "hxxp://groupstyleusa.info/sync2/?q=hfZ9ofV9CShEAen0rTwEqHrMg708BNmGWj8lkGhGheDUojw9rjsGpja4rHaErihIC7n0rjnFrTs4rdUHrjwFtNhVCT94tM
user_pref("extensions.SqrqD2cy1IvaGzYi.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
Emptied folder: C:\Users\Ashley\AppData\Roaming\mozilla\firefox\profiles\yrwqb25u.default\minidumps [13 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/10/2015 at 19:58:48.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MBAM LOG:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/7/2015
Scan Time: 3:15:50 AM
Logfile: Malewarebytes Viruses log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.07.07
Rootkit Database: v2015.01.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ashley

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369393
Time Elapsed: 5 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 30
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{bad76e7a-2b19-4fdc-8e9d-7eb10c282ef0}, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BAD76E7A-2B19-4FDC-8E9D-7EB10C282EF0}, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BAD76E7A-2B19-4FDC-8E9D-7EB10C282EF0}, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\., Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\..9, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\., Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\..9, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BAD76E7A-2B19-4FDC-8E9D-7EB10C282EF0}, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKU\S-1-5-21-2650459626-1003566679-2177798267-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BAD76E7A-2B19-4FDC-8E9D-7EB10C282EF0}, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKU\S-1-5-21-2650459626-1003566679-2177798267-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BAD76E7A-2B19-4FDC-8E9D-7EB10C282EF0}, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BAD76E7A-2B19-4FDC-8E9D-7EB10C282EF0}, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BAD76E7A-2B19-4FDC-8E9D-7EB10C282EF0}, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{BAD76E7A-2B19-4FDC-8E9D-7EB10C282EF0}\INPROCSERVER32, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{e12189c7-255b-456e-a853-7f863c7450d9}, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E12189C7-255B-456E-A853-7F863C7450D9}, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E12189C7-255B-456E-A853-7F863C7450D9}, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E12189C7-255B-456E-A853-7F863C7450D9}, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
PUP.Optional.Multiplug, HKU\S-1-5-21-2650459626-1003566679-2177798267-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E12189C7-255B-456E-A853-7F863C7450D9}, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
PUP.Optional.Multiplug, HKU\S-1-5-21-2650459626-1003566679-2177798267-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E12189C7-255B-456E-A853-7F863C7450D9}, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E12189C7-255B-456E-A853-7F863C7450D9}, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E12189C7-255B-456E-A853-7F863C7450D9}, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{E12189C7-255B-456E-A853-7F863C7450D9}\INPROCSERVER32, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}, Quarantined, [b4dfe1135039c175d104a659bb4659a7],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}, Quarantined, [0e855e96612843f3369fed126b96728e],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [118207eda5e4b2841db8807fcf32d32d],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [b7dc26cef4959b9b8c9fc81ae91be41c],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}, Quarantined, [a1f26094c7c23105bc0d4f37cb3812ee],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [326100f41b6e1e188cfffc7d798a8779],
PUP.Optional.DeltaFix.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fc67e7a0, Quarantined, [e8ab36be14755fd7f5ee86e219eaed13],
PUP.Optional.EZDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],

Registry Values: 1
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [c1d2876da0e9a88e61066f75e51f0ff1]

Registry Data: 2
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.sea...&cc=US&unqvl=72, Good: (www.google.com), Bad: (http://websearch.searchoholic.info/?pid=21073&r=2014/12/29&hid=10223791501083041900&lg=EN&cc=US&unqvl=72),Replaced,[266d8f6549403ff742d5dea484813ec2]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-2650459626-1003566679-2177798267-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.sea...&cc=US&unqvl=72, Good: (www.google.com), Bad: (http://websearch.searchoholic.info/?pid=21073&r=2014/12/29&hid=10223791501083041900&lg=EN&cc=US&unqvl=72),Replaced,[b5deb2429dec50e6c94d02800bfa7789]

Folders: 3
PUP.Optional.DeltaFix.A, C:\Program Files (x86)\DeltaFix, Quarantined, [a6ed9a5a1277fb3b865e3335fa09956b],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader, Quarantined, [2f64f4001f6ae353bb79f262fb08aa56],

Files: 37
PUP.Optional.Multiplug, C:\Program Files (x86)\YoautubEAdBlloCCke\KnDW1dpMeXodaX.x64.dll, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, C:\Program Files (x86)\YoautubEAdBlloCCke\KnDW1dpMeXodaX.dll, Quarantined, [c0d336beee9b69cdfe5738a49e647b85],
PUP.Optional.Multiplug, C:\Program Files (x86)\unisailees\py1Ozx49q9wx3q.x64.dll, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
PUP.Optional.Multiplug, C:\Program Files (x86)\unisailees\py1Ozx49q9wx3q.dll, Quarantined, [deb5d91b63267fb790c5e0fc9c669a66],
Trojan.Agent, C:\Program Files (x86)\Ghostery\Ghostery.exe, Quarantined, [b4dfe1135039c175d104a659bb4659a7],
Trojan.Agent, C:\Program Files (x86)\unisailees\py1Ozx49q9wx3q.exe, Quarantined, [0e855e96612843f3369fed126b96728e],
Trojan.Agent, C:\Program Files (x86)\uuniSaalEs\uuniSaalEs.exe, Quarantined, [eaa935bfb6d31224ede832cdb44dc13f],
Trojan.Agent, C:\Program Files (x86)\YoautubEAdBlloCCke\KnDW1dpMeXodaX.exe, Quarantined, [118207eda5e4b2841db8807fcf32d32d],
PUP.Optional.MultiPlug.A, C:\Users\Ashley\AppData\Local\Temp\10Ceb997092.exe, Quarantined, [fb985f95cabfa78f3276f0150200af51],
PUP.Optional.Amonetize, C:\Users\Ashley\AppData\Local\Temp\Buffy The Vampire Slayer Pale Downloader__3687_i1413358371_il801979.exe, Quarantined, [4b489a5a860386b03f6c7d7753ae3ac6],
PUP.Optional.MultiPlug.A, C:\Users\Ashley\AppData\Local\Temp\8172c8c513D\temp\Download WolfBlood S03E13 HDTV x264-FaiLED Torrent - KickassTorrents(1).exe, Quarantined, [bcd7569eea9fb77f0f9929dcc240718f],
PUP.Optional.EZDownloader.A, C:\Users\Ashley\AppData\Local\Temp\8172c8c513D\temp\EzDownloader_setup.exe, Quarantined, [692aa450d8b183b3699063bc54ac936d],
PUP.Optional.MultiPlug.A, C:\Users\Ashley\AppData\Local\Temp\8172c8c513D\temp\hpds_setup.exe, Quarantined, [b9da92627b0e979fb9e3ba5cf70bce32],
PUP.Optional.Amonetize, C:\Users\Ashley\Downloads\Buffy The Vampire Slayer Pale Downloader__3687_i1413358371_il801979.exe, Quarantined, [3261a2522a5f41f5cae17d77a75ab44c],
PUP.Optional.MultiPlug.A, C:\Users\Ashley\Downloads\Download WolfBlood S03E11 HDTV x264-FaiLED Torrent - KickassTorrents.exe, Quarantined, [3d56757f7a0fd36301a755b028da54ac],
PUP.Optional.MultiPlug.A, C:\Users\Ashley\Downloads\Download WolfBlood S03E13 HDTV x264-FaiLED Torrent - KickassTorrents(1).exe, Quarantined, [860d856fc7c26fc7c4e47392a45e18e8],
PUP.Optional.MultiPlug.A, C:\Users\Ashley\Downloads\Download WolfBlood S03E13 HDTV x264-FaiLED Torrent - KickassTorrents(2).exe, Quarantined, [d2c1b341f69385b1258331d4a75be41c],
PUP.Optional.MultiPlug.A, C:\Users\Ashley\Downloads\Download WolfBlood S03E13 HDTV x264-FaiLED Torrent - KickassTorrents.exe, Quarantined, [94ffa054f99076c01a8e15f08181728e],
PUP.Optional.MultiPlug.A, C:\Users\Ashley\Downloads\Download Wolfblood S03E13 Moonrise 720p HDTV x264-RDVAS Torrent - KickassTorrents(1).exe, Quarantined, [c9caa450cdbc5dd9f2b63fc6c240cc34],
PUP.Optional.MultiPlug.A, C:\Users\Ashley\Downloads\Download Wolfblood S03E13 Moonrise 720p HDTV x264-RDVAS Torrent - KickassTorrents.exe, Quarantined, [415284702762c5712d7b28dd758d9769],
PUP.Optional.Montiera, C:\Users\Ashley\Downloads\HD_Player__CD5MTCD13345_35216973516cb1d58f5d1ae3c982a3e0.exe, Quarantined, [d0c39163eb9e7cba2ed5e3ef6e9409f7],
PUP.Optional.DeltaFix.A, C:\Program Files (x86)\DeltaFix\DeltaFix.dll, Quarantined, [a6ed9a5a1277fb3b865e3335fa09956b],
PUP.Optional.WebSearch.A, C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\searchplugins\WebSearch.xml, Quarantined, [0b88b3416b1ef1456b88b9e7679c4db3],
PUP.Optional.EZDownloader.A, C:\Users\Public\Desktop\EZDownloader.lnk, Quarantined, [e3b0f103ee9b979f83ac6d53c83c1fe1],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Core.dll, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.exe, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.exe.config, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Extension.dll, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Spider.dll, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\ICSharpCode.SharpZipLib.dll, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\Interop.SHDocVw.dll, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\TabStrip.dll, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\unins000.dat, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\unins000.exe, Quarantined, [f49f1fd5b4d50036ce0d16193cc71ae6],
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader\EZDownloader.lnk, Quarantined, [2f64f4001f6ae353bb79f262fb08aa56],
PUP.Optional.Searchoholic.A, C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://websearch.sea...&cc=US&unqvl=72") , Replaced,[8310ca2a1b6eb87e4188facdfe0716ea]
PUP.Optional.Searchoholic.A, C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://websearch.sea...unqvl=72&l=1&q=") , Replaced,[e7ac84708702082e408be5e242c320e0]

Physical Sectors: 0
(No malicious items detected)

(end)

ESET ONLINE SCAN LOGS:

C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\qkuoglkh.default\Extensions\MXhp@Zr.edu\content\bg.js.vir   JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\qkuoglkh.default\Extensions\piBes4Vs@M.org\content\bg.js.vir   JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Program Files (x86)\28aeea84-e5dd-4769-9212-7eacddbe42a4\e388cde8-5264-4499-9bde-e1539bb46d16.dll   a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\nsy3251.tmp.xBAD   Win32/VOPackage.BC potentially unwanted application
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\amisetup8163__11003.exe.xBAD   a variant of Win32/Amonetize.CS potentially unwanted application
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\amisetup8199__11005.exe.xBAD   a variant of Win32/Amonetize.CS potentially unwanted application
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\CloudBackup4064.exe.xBAD   MSIL/MyPCBackup.D potentially unwanted application
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\supoptsetup.exe.xBAD   multiple threats
C:\FRST\Quarantine\C\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\MXhp@Zr.edu\content\bg.js   JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\piBes4Vs@M.org\content\bg.js   JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Users\Ashley\Desktop\ccsetup409.exe.xBAD   Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\FRST\Quarantine\C\Windows\system32\Drivers\webinstrNHK.sys.xBAD   Win64/Adware.AddLyrics.F application
C:\Program Files (x86)\ASM104xUSB3\28aeea84-e5dd-4769-9212-7eacddbe42a4.dll   a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\Users\Ashley\AppData\Roaming\BLPMKG   JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Ashley\AppData\Roaming\XSNOUNY   JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\prefs.js   Win32/Adware.MultiPlug.DU application
C:\Users\Ashley\Downloads\cbsidlm-cbsi213-ConvertXtoDVD-SEO-10341695.exe   a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Ashley\Downloads\Core-Temp-installer.exe   Win32/Somoto.Q potentially unwanted application

RKREPORT LOGS:

RogueKiller V10.1.2.0 (x64) [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ashley [Administrator]
Mode : Scan -- Date : 01/10/2015 22:49:19

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2650459626-1003566679-2177798267-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2650459626-1003566679-2177798267-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.65 [UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.65 [UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.65 [UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7D96FBD0-0833-4217-8B3A-B0673E8F6CD4} | DhcpNameServer : 192.168.0.1 205.171.2.65 [UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7D96FBD0-0833-4217-8B3A-B0673E8F6CD4} | DhcpNameServer : 192.168.0.1 205.171.2.65 [UNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7D96FBD0-0833-4217-8B3A-B0673E8F6CD4} | DhcpNameServer : 192.168.0.1 205.171.2.65 [UNITED STATES (US)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 70 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7728010a (jmp 0x15d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7728010a (jmp 0x15ed30|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x7728010a (jmp 0x15eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7728010a (jmp 0x15e2e0|jmp 0xfffffffffffffb89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7728010a (jmp 0x15ee40|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x7728010a (jmp 0x15ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7728010a (jmp 0x15e840|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7728010a (jmp 0x15dbf0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7728010a (jmp 0x15ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7728010a (jmp 0x15e2e0|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x7728010a (jmp 0x15f080|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7728010a (jmp 0x15e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7728010a (jmp 0x15ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7728010a (jmp 0x15e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7728010a (jmp 0x15e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7728010a (jmp 0x15e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x7728010a (jmp 0x15e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x7728010a (jmp 0x15e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x7728010a (jmp 0x15e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7728010a (jmp 0x15e670|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x7728010a (jmp 0x15ebe0|jmp 0xfffffffffffffc39|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7728010a (jmp 0x15d970|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x7728010a (jmp 0x15ed10|jmp 0xfffffffffffffbe9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7728010a (jmp 0x15e960|jmp 0xfffffffffffffb99|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7728010a (jmp 0x15de60|jmp 0xfffffffffffffbd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7728010a (jmp 0x15d700|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x7728010a (jmp 0x15e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7728010a (jmp 0x15e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateSection : Unknown @ 0x15010a (jmp 0xffffffff8902ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x15010a (jmp 0xffffffff8902ebe0|jmp 0xfffffffffffffc39|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtQueryObject : Unknown @ 0x15010a (jmp 0xffffffff8902f080|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x15010a (jmp 0xffffffff8902ed30|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x15010a (jmp 0xffffffff8902ee40|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x15010a (jmp 0xffffffff8902e670|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateThread : Unknown @ 0x15010a (jmp 0xffffffff8902ec00|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x15010a (jmp 0xffffffff8902d970|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x15010a (jmp 0xffffffff8902dbf0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetBootOptions : Unknown @ 0x15010a (jmp 0xffffffff8902daa0|jmp 0xfffffffffffffd89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x15010a (jmp 0xffffffff8902e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x15010a (jmp 0xffffffff8902e2e0|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSuspendProcess : Unknown @ 0x15010a (jmp 0xffffffff8902d970|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x15010a (jmp 0xffffffff8902e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x15010a (jmp 0xffffffff8902d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x15010a (jmp 0xffffffff8902e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtModifyBootEntry : Unknown @ 0x15010a (jmp 0xffffffff8902e0f0|jmp 0xfffffffffffffda9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x15010a (jmp 0xffffffff8902e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetSystemPowerState : Unknown @ 0x15010a (jmp 0xffffffff8902d860|jmp 0xfffffffffffffde9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtReplyWaitReceivePortEx : Unknown @ 0x15010a (jmp 0xffffffff8902eef0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtShutdownSystem : Unknown @ 0x15010a (jmp 0xffffffff8902d7e0|jmp 0xfffffffffffffdf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenIoCompletion : Unknown @ 0x15010a (jmp 0xffffffff8902e180|jmp 0xfffffffffffffc99|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtAddBootEntry : Unknown @ 0x15010a (jmp 0xffffffff8902e8f0|jmp 0xfffffffffffffdc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtReplyWaitReceivePort : Unknown @ 0x15010a (jmp 0xffffffff8902f0e0|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtDeleteBootEntry : Unknown @ 0x15010a (jmp 0xffffffff8902e460|jmp 0xfffffffffffffdb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetBootEntryOrder : Unknown @ 0x15010a (jmp 0xffffffff8902daa0|jmp 0xfffffffffffffd99|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenSection : Unknown @ 0x15010a (jmp 0xffffffff8902ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtDebugActiveProcess : Unknown @ 0x15010a (jmp 0xffffffff8902e630|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x15010a (jmp 0xffffffff8902e840|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x15010a (jmp 0xffffffff8902ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x15010a (jmp 0xffffffff8902e960|jmp 0xfffffffffffffb99|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x15010a (jmp 0xffffffff8902e2e0|jmp 0xfffffffffffffb89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x15010a (jmp 0xffffffff8902e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x15010a (jmp 0xffffffff8902eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x15010a (jmp 0xffffffff8902e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x15010a (jmp 0xffffffff8902ed10|jmp 0xfffffffffffffbe9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSystemDebugControl : Unknown @ 0x15010a (jmp 0xffffffff8902d780|jmp 0xfffffffffffffdd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x15010a (jmp 0xffffffff8902e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x15010a (jmp 0xffffffff8902e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateEventPair : Unknown @ 0x15010a (jmp 0xffffffff8902e6e0|jmp 0xfffffffffffffd09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x15010a (jmp 0xffffffff8902de60|jmp 0xfffffffffffffbd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x15010a (jmp 0xffffffff8902e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAKX-00ERMA0 +++++
--- User ---
[MBR] 08201b4b19b7641d30349ef5ded088bd
[BSP] 53c97a6b662ec6be8e6f186169092eac : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

Ok one other thing i want to discuss. Many infections in the past have been due to browsing unsafe sites. I don't use this machine except to repair or maintain it. But my sister has a large history list in the browser of certain sites she visits. Now the infections on this machine are a combination of both i am pretty sure, cause the computer did have some issue's prior to when i downloaded the CE bundled application. That is the whole reason i was trying to fix it for her, by getting rid of unwanted extensions that was causing firefox to crash and i also scanned with maleware bytes prior to this topic.

I was wondering if it would be possibly to actually look through the history on the browser and determine which links are malicious. I think if i can root out which sites she visits and some how block them from the IP or something of that nature, it would minimise the risk of getting another infection on this machine. Or at the very least i can bring it up and tell her that these websites are no good. Let me know if that is something that i can accomplish. I am sure at the end of this topic you will provide preventative measures which will be helpful, but it would be nice if I could specifically find out which sites these infections are coming from. Or by looking at the logs, Is this something you can determine, let me know. Thanks!

Edited by jeff matthews, 11 January 2015 - 02:49 PM.

#20 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 11 January 2015 - 09:13 PM

Hello,

She specifically told me that she has not used Utorrent which is the p2p sharing program on here in a long while.

OK, that's fine.

Were there rootkits as well?

No.

So its really that bad huh?

The machine was badly infected in terms of the number of infections, but the individual infections were not particularly serious.

I was wondering if it would be possibly to actually look through the history on the browser and determine which links are malicious.

You can copy/paste each URL into VirusTotal. This will tell you if the site is malicious or not.

------------

Lets continue checking for malware by running a couple more scans.

STEP 1
Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

start
C:\Program Files (x86)\ASM104xUSB3\28aeea84-e5dd-4769-9212-7eacddbe42a4.dll
C:\Users\Ashley\AppData\Roaming\BLPMKG
C:\Users\Ashley\AppData\Roaming\XSNOUNY 
C:\Users\Ashley\Downloads\cbsidlm-cbsi213-ConvertXtoDVD-SEO-10341695.exe 
C:\Users\Ashley\Downloads\Core-Temp-installer.exe 
Folder: C:\ProgramData\2355320829
CMD: ipconfig /flushdns
EmptyTemp:
end

Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST64.exe and select Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
Emsisoft Emergency Kit (Portable)

Please download Emsisoft Emergency Kit and save the file to a your Desktop.
Double-click EmsisoftEmergencyKit.exe.
Click Extract.
Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
Click Yes to update the programme definitions.
Click Yes to detect Potentially Unwanted Programs (PUP's).
Click Scan now.
Select Full Scan and click Scan.
Close any High Risk notification screen that may appear.
When the scan is finished click Quarantine selected objects if malicious objects were found.
Click View Report, and open the most recent log.
Copy the contents of the log and paste in your next reply.

STEP 3
aswMBR

Please download aswMBR and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Right-Click aswMBR.exe and select Run as administrator to run the programme.
Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears.
If you are prompted to enable the use of "Virtualization Technology", click Yes.
Click the AV Scan: drop down box and click C:\.
Click Scan.
Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.

======================================================

STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Fixlog.txt
Emsisoft log
aswMBR log

Would you like to help others with malware removal? Join our Classroom and learn how!

#21 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 12 January 2015 - 05:50 AM

Ok here are the logs. The Emsisoft log quarentined all but 1 item.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Ashley at 2015-01-11 22:24:03 Run:3
Running from C:\Users\Ashley\Desktop
Loaded Profile: Ashley (Available profiles: Ashley & Chuck)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files (x86)\ASM104xUSB3\28aeea84-e5dd-4769-9212-7eacddbe42a4.dll
C:\Users\Ashley\AppData\Roaming\BLPMKG
C:\Users\Ashley\AppData\Roaming\XSNOUNY
C:\Users\Ashley\Downloads\cbsidlm-cbsi213-ConvertXtoDVD-SEO-10341695.exe
C:\Users\Ashley\Downloads\Core-Temp-installer.exe
Folder: C:\ProgramData\2355320829
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

C:\Program Files (x86)\ASM104xUSB3\28aeea84-e5dd-4769-9212-7eacddbe42a4.dll => Moved successfully.
C:\Users\Ashley\AppData\Roaming\BLPMKG => Moved successfully.
C:\Users\Ashley\AppData\Roaming\XSNOUNY => Moved successfully.
C:\Users\Ashley\Downloads\cbsidlm-cbsi213-ConvertXtoDVD-SEO-10341695.exe => Moved successfully.
C:\Users\Ashley\Downloads\Core-Temp-installer.exe => Moved successfully.

========================= Folder: C:\ProgramData\2355320829 ========================

Directory Not Found

========= ipconfig /flushdns =========

========= End of CMD: =========

EmptyTemp: => Removed 39.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog 22:24:05 ====

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-11 23:37:13
-----------------------------
23:37:13.254    OS Version: Windows x64 6.1.7601 Service Pack 1
23:37:13.254    Number of processors: 4 586 0x3A09
23:37:13.255    ComputerName: ASHLEY-PC UserName: Ashley
23:37:13.765    Initialize success
23:37:13.792    VM: initialized successfully
23:37:13.793    VM: Intel CPU BiosDisabled
23:37:14.191    AVAST engine defs: 12103100
23:37:57.177    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:37:57.179    Disk 0 Vendor: WDC_WD25 15.0 Size: 238475MB BusType: 3
23:37:57.267    Disk 0 MBR read successfully
23:37:57.269    Disk 0 MBR scan
23:37:57.381    Disk 0 unknown MBR code
23:37:57.385    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
23:37:58.078    Disk 0 scanning C:\Windows\system32\drivers
23:38:08.224    Service scanning
23:38:22.116    Modules scanning
23:38:22.123    Disk 0 trace - called modules:
23:38:22.139    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:38:22.469    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009a0e060]
23:38:22.474    3 CLASSPNP.SYS[fffff88001d1343f] -> nt!IofCallDriver -> [0xfffffa8008753be0]
23:38:22.479    5 ACPI.sys[fffff88000f547a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008756050]
23:38:23.006    AVAST engine scan C:\
00:09:54.148    Disk 0 statistics 21196955/0/0 @ 6.27 MB/s
00:09:54.157    Scan finished successfully
00:50:24.570    Disk 0 MBR has been saved successfully to "C:\Users\Ashley\Desktop\MBR.dat"
00:50:24.574    The log file has been saved successfully to "C:\Users\Ashley\Desktop\aswMBR.txt"

There are some increasingly noticable differences in how the machine operates right now. It almost seems like the machine has no infections at all, it runs faster, it boots quicker and there are no stuttering the computer is running pretty smooth. How ever i did have a slight issue with USB plugins not working correctly, they would not load for some reason and i had to reboot the machine. I am not sure if this could be a driver malfunction or a setting change in the registery. Considering the kind of infections that were on this computer, its possible. that it could be related in some way. Anyways just something to mention.

Despite all of the clean up tools you used, there were still 12 files found infected, so this machine must of just really been hammered with viruses and maleware.

Edited by jeff matthews, 12 January 2015 - 05:51 AM.

#22 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 12 January 2015 - 06:03 AM

Hello,

Please post the Emsisoft log, and we can go from there.

Would you like to help others with malware removal? Join our Classroom and learn how!

#23 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 12 January 2015 - 01:50 PM

Emsisoft Emergency Kit - Version 9.0
Last update: 1/11/2015 10:41:30 PM
User account: Ashley-PC\Ashley

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:   1/11/2015 10:42:31 PM
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\qkuoglkh.default\Searchplugins\safesearch.xml    detected: Application.SearchPlug (A)
Value: HKEY_USERS\S-1-5-21-2650459626-1003566679-2177798267-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2650459626-1003566679-2177798267-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}    detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}    detected: Application.Win32.InstallAd (A)
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\99648137-C26F-E6FB-3819-EB158432D633.exe.xBAD    detected: Gen:Variant.Adware.Graftor.163859 (
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\A8B293B6-0520-1E1E-C444-05C89AD3F685.exe.xBAD    detected: Gen:Variant.Graftor.170880 (
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\amisetup8163__11003.exe.xBAD    detected: Application.Bundler.Amonetize.AO (
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\amisetup8199__11005.exe.xBAD    detected: Application.Bundler.Amonetize.AO (
C:\FRST\Quarantine\C\Users\Ashley\AppData\Roaming\XSNOUNY.xBAD -> content/overlay.js    detected: Adware.JS.Mplug.A (
C:\FRST\Quarantine\C\Users\Ashley\Downloads\cbsidlm-cbsi213-ConvertXtoDVD-SEO-10341695.exe.xBAD    detected: Application.Win32.InstallAd (A)
C:\FRST\Quarantine\C\Users\Ashley\Downloads\Core-Temp-installer.exe.xBAD    detected: Application.InstallAd (A)

Scanned   173547
Found   12

Scan end:   1/11/2015 11:10:18 PM
Scan time:   0:27:47

C:\FRST\Quarantine\C\Users\Ashley\Downloads\Core-Temp-installer.exe.xBAD   Quarantined Application.InstallAd (A)
C:\FRST\Quarantine\C\Users\Ashley\Downloads\cbsidlm-cbsi213-ConvertXtoDVD-SEO-10341695.exe.xBAD   Quarantined Application.Win32.InstallAd (A)
C:\FRST\Quarantine\C\Users\Ashley\AppData\Roaming\XSNOUNY.xBAD   Quarantined Adware.JS.Mplug.A (
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\amisetup8199__11005.exe.xBAD   Quarantined Application.Bundler.Amonetize.AO (
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\amisetup8163__11003.exe.xBAD   Quarantined Application.Bundler.Amonetize.AO (
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\A8B293B6-0520-1E1E-C444-05C89AD3F685.exe.xBAD   Quarantined Gen:Variant.Graftor.170880 (
C:\FRST\Quarantine\C\Users\Ashley\AppData\Local\Temp\99648137-C26F-E6FB-3819-EB158432D633.exe.xBAD   Quarantined Gen:Variant.Adware.Graftor.163859 (
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}   Quarantined Application.Win32.InstallAd (A)
Value: HKEY_USERS\S-1-5-21-2650459626-1003566679-2177798267-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS   Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2650459626-1003566679-2177798267-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR   Quarantined Setting.DisableTaskMgr (A)
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\qkuoglkh.default\Searchplugins\safesearch.xml   Quarantined Application.SearchPlug (A)

Quarantined   11

#24 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 13 January 2015 - 12:26 AM

Hello,

That Emsisoft log looks OK. Most items are files/folders we've already removed using FRST. The other items are simply remnants; not active infections.

Please provide another update on your computer and concisely describe the exact issues that remain.

Would you like to help others with malware removal? Join our Classroom and learn how!

#25 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 13 January 2015 - 02:55 AM

I want to note that the CE program that i installed, still remains on the machine, so i took the liberty of just deleting it. I am quite surprised these tools didn't find and remove it from my system. But i just deleted the folder and the zip file, cause that is how i got most all these infections in the first place including the trovi search protect.

Honestly speaking it looks pretty good. I really don't think there is nothing left to really fix, there is a slight issue with the USB ports not working on the computer, that i know wasn't an issue before. But i am not sure what is causing that, could be damaged controllers, from the infections? Besides that i don't see anything really.

I also wanted to mention that i screwed up. you told me to back up my firefox links and your tools erased all of the history, is there any way of retrieving the history again from the browser? Just because i want to diagnose every link possible with virustotal and see which ones are malicious and not.

I guess besides that, is there any preventative measures you want to point out or other things like backing up my registry?, which fire walls to use (cause currently the fire wall avast sub service as expired). Any post procedures, let me know. Thanks!

Advertisements

Register to Remove

#26 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 13 January 2015 - 05:40 AM

Hello,

I want to note that the CE program that i installed, still remains on the machine, so i took the liberty of just deleting it.

OK. Out of interest, what was the name of the folder you deleted?

Honestly speaking it looks pretty good.

Excellent.

there is a slight issue with the USB ports not working on the computer

Unlikely caused by anything associated with the infections.

See if the following helps:
http://support.micro...kb/817900/en-gb

is there any way of retrieving the history again from the browser?

Try this:
http://stackoverflow...rowsing-history

No guarantees I'm afraid.

I guess besides that, is there any preventative measures you want to point out

Absolutely.
In regards to blocking malicious websites - we can discuss the various options you have if you wish. Using a custom HOSTS file, changing DNS server, etc.

We can discuss all this at the end.

Lets get a fresh set of FRST logs to double-check.

Farbar Recovery Scan Tool (FRST) Scan

Right-Click FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Would you like to help others with malware removal? Join our Classroom and learn how!

#27 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 13 January 2015 - 01:46 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Ashley (administrator) on ASHLEY-PC on 13-01-2015 11:42:29
Running from C:\Users\Ashley\Desktop
Loaded Profiles: Ashley & Chuck (Available profiles: Ashley & Chuck)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CCE] => "C:\Users\Ashley\Documents\Virus Utilities\cce_2.5.242177.201_x64\CCE\CCE.exe" -showlog
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2650459626-1003566679-2177798267-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65

FireFox:
========
FF ProfilePath: C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: WOT - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\yrwqb25u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-01-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-20]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-20]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [133912 2012-10-30] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-07] (Emsisoft GmbH)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [132864 2012-10-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-09-21] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [262656 2012-10-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-07] (Emsisoft GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-07] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 aswMBR; \??\C:\Users\Ashley\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Ashley\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 11:41 - 2015-01-13 11:41 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-12 00:50 - 2015-01-12 00:50 - 00001728 _____ () C:\Users\Ashley\Desktop\aswMBR.txt
2015-01-12 00:50 - 2015-01-12 00:50 - 00000512 _____ () C:\Users\Ashley\Desktop\MBR.dat
2015-01-11 23:36 - 2015-01-11 23:36 - 05198336 _____ (AVAST Software) C:\Users\Ashley\Downloads\aswMBR.exe
2015-01-11 23:36 - 2015-01-11 23:36 - 05198336 _____ (AVAST Software) C:\Users\Ashley\Desktop\aswMBR.exe
2015-01-11 23:35 - 2015-01-11 23:35 - 00007402 _____ () C:\Users\Ashley\Desktop\a2scan_150111-224231.txt
2015-01-11 22:29 - 2015-01-11 22:32 - 165872416 _____ () C:\Users\Ashley\Downloads\EmsisoftEmergencyKit(1).exe
2015-01-10 22:53 - 2015-01-10 22:53 - 00014095 _____ () C:\Users\Ashley\Desktop\RKreport_SCN_01102015_224919.log
2015-01-10 22:45 - 2015-01-10 22:45 - 18467928 _____ () C:\Users\Ashley\Desktop\RogueKillerX64.exe
2015-01-10 22:45 - 2015-01-10 22:45 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-10 22:45 - 2015-01-10 22:45 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-10 22:44 - 2015-01-10 22:45 - 18467928 _____ () C:\Users\Ashley\Downloads\RogueKillerX64.exe
2015-01-10 22:44 - 2015-01-10 22:44 - 00002401 _____ () C:\Users\Ashley\Desktop\MyEsetScan.txt
2015-01-10 20:16 - 2015-01-10 20:16 - 02347384 _____ (ESET) C:\Users\Ashley\Downloads\esetsmartinstaller_enu.exe
2015-01-10 20:16 - 2015-01-10 20:16 - 02347384 _____ (ESET) C:\Users\Ashley\Desktop\esetsmartinstaller_enu.exe
2015-01-10 20:01 - 2015-01-10 20:02 - 20447176 _____ (Malwarebytes Corporation ) C:\Users\Ashley\Downloads\mbam-setup(1).exe
2015-01-10 19:58 - 2015-01-10 19:58 - 00001424 _____ () C:\Users\Ashley\Desktop\JRT.txt
2015-01-10 19:55 - 2015-01-10 19:55 - 00000000 ____D () C:\Windows\ERUNT
2015-01-10 19:53 - 2015-01-10 19:53 - 01707939 _____ (Thisisu) C:\Users\Ashley\Downloads\JRT.exe
2015-01-10 19:53 - 2015-01-10 19:53 - 01707939 _____ (Thisisu) C:\Users\Ashley\Desktop\JRT.exe
2015-01-10 19:48 - 2015-01-10 19:48 - 00007247 _____ () C:\Users\Ashley\Desktop\AdwCleaner[S0].txt
2015-01-10 19:36 - 2015-01-10 19:42 - 00000000 ____D () C:\AdwCleaner
2015-01-10 19:34 - 2015-01-10 19:33 - 02191360 _____ () C:\Users\Ashley\Desktop\AdwCleaner.exe
2015-01-10 19:33 - 2015-01-10 19:33 - 02191360 _____ () C:\Users\Ashley\Downloads\AdwCleaner.exe
2015-01-08 00:30 - 2015-01-09 16:47 - 00023165 _____ () C:\Users\Ashley\Desktop\Addition.txt
2015-01-08 00:29 - 2015-01-13 11:42 - 00014940 _____ () C:\Users\Ashley\Desktop\FRST.txt
2015-01-08 00:29 - 2015-01-13 11:42 - 00000000 ____D () C:\FRST
2015-01-08 00:29 - 2015-01-08 00:25 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Ashley\Desktop\tdsskiller.exe
2015-01-08 00:29 - 2015-01-08 00:23 - 02124288 _____ (Farbar) C:\Users\Ashley\Desktop\FRST64.exe
2015-01-07 19:42 - 2015-01-07 19:42 - 00014009 _____ () C:\Users\Ashley\Desktop\dds.txt
2015-01-07 19:42 - 2015-01-07 19:42 - 00007121 _____ () C:\Users\Ashley\Desktop\attach.txt
2015-01-07 19:41 - 2015-01-07 19:38 - 00688992 ____R (Swearware) C:\Users\Ashley\Desktop\dds.com
2015-01-07 09:17 - 2015-01-07 09:17 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 405fe981-ffa0-480d-8fba-2444e54b8324.job
2015-01-07 09:17 - 2015-01-07 09:17 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0508beb0-306f-4a8a-8ee8-3eeefbc167d1.job
2015-01-07 09:17 - 2015-01-07 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-07 09:15 - 2015-01-07 09:15 - 00000000 __SHD () C:\Users\Ashley\AppData\Local\EmieBrowserModeList
2015-01-07 09:09 - 2015-01-07 09:09 - 00000000 ____D () C:\SUPERDelete
2015-01-07 09:00 - 2015-01-13 11:41 - 00181634 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 08:56 - 2015-01-11 22:24 - 00002294 _____ () C:\Windows\setupact.log
2015-01-07 08:56 - 2015-01-07 08:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-07 08:55 - 2015-01-11 22:21 - 00145004 _____ () C:\Windows\PFRO.log
2015-01-07 08:51 - 2015-01-07 08:51 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-07 08:51 - 2015-01-07 08:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-07 08:45 - 2015-01-07 08:45 - 00001332 _____ () C:\Users\Ashley\Desktop\SUPERAntiSpyware Scan Log - 01-07-2015 - 08-44-22.log
2015-01-07 08:14 - 2015-01-07 08:14 - 00000176 _____ () C:\Users\Ashley\Desktop\Scan_150107-081418.txt
2015-01-07 07:41 - 2015-01-11 22:33 - 00000000 ____D () C:\EEK
2015-01-07 07:41 - 2015-01-07 07:41 - 00000743 _____ () C:\Users\Ashley\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-07 07:39 - 2015-01-07 07:39 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-07 07:38 - 2015-01-07 07:38 - 00004722 _____ () C:\Users\Ashley\Desktop\HitmanPro_20150107_0738.log
2015-01-07 07:37 - 2015-01-07 07:37 - 00001714 _____ () C:\Windows\system32\.crusader
2015-01-07 04:43 - 2015-01-07 07:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-07 04:38 - 2015-01-07 04:42 - 165090088 _____ () C:\Users\Ashley\Downloads\EmsisoftEmergencyKit.exe
2015-01-07 04:16 - 2015-01-07 04:16 - 04166770 _____ () C:\Users\Ashley\Downloads\tdsskiller.zip
2015-01-07 03:27 - 2015-01-11 22:15 - 00000000 ____D () C:\Users\Ashley\Documents\Virus Utilities
2015-01-07 03:20 - 2015-01-07 03:24 - 25543261 _____ () C:\Users\Ashley\Downloads\cce_2.5.242177.201_x64.zip
2015-01-07 00:26 - 2013-06-18 17:12 - 26190240 _____ (SUPERAntiSpyware.com) C:\Users\Ashley\Desktop\SUPERAntiSpyware.exe
2015-01-07 00:19 - 2015-01-09 16:36 - 00000000 ____D () C:\Windows\pss
2014-12-29 22:43 - 2014-12-29 22:43 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-12-29 22:43 - 2014-12-29 22:43 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-12-29 22:43 - 2014-12-29 22:43 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-12-29 22:43 - 2014-12-29 22:43 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-12-29 22:43 - 2014-12-29 22:43 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-12-29 22:43 - 2014-12-29 22:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-12-29 22:43 - 2014-12-29 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-12-29 22:43 - 2014-12-29 22:43 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-12-29 01:31 - 2014-12-29 01:31 - 00000000 ____D () C:\Windows\SysWOW64\X86
2014-12-29 01:31 - 2014-12-29 01:31 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2014-12-29 01:30 - 2014-12-29 01:30 - 00000000 ____D () C:\Program Files (x86)\Ghostery
2014-12-29 01:00 - 2014-12-29 00:52 - 504015269 _____ () C:\Users\Ashley\Desktop\wolfblood.s03e08.720p.webrip.x264-failed.mkv
2014-12-29 01:00 - 2014-12-29 00:51 - 498921497 _____ () C:\Users\Ashley\Desktop\wolfblood.s03e07.720p.webrip.x264-failed.mkv
2014-12-28 23:56 - 2014-12-31 17:34 - 00000000 ____D () C:\Users\Ashley\Downloads\Wolfblood S3
2014-12-17 13:47 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 13:47 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 11:41 - 2014-11-07 16:36 - 00000000 ____D () C:\Users\Chuck\AppData\Local\CrashDumps
2015-01-13 11:41 - 2014-08-17 18:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 11:41 - 2014-08-17 18:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 11:41 - 2014-08-17 18:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 11:41 - 2014-08-17 18:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 11:41 - 2014-08-17 17:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 11:41 - 2014-08-17 17:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 15:05 - 2014-11-13 12:33 - 00000000 ____D () C:\Users\Ashley\AppData\Local\CrashDumps
2015-01-11 22:48 - 2009-07-13 20:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 22:48 - 2009-07-13 20:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 22:30 - 2009-07-13 21:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 22:24 - 2014-08-17 17:40 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2015-01-11 22:24 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 20:13 - 2014-08-23 22:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 20:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Globalization
2015-01-10 19:35 - 2014-08-20 15:01 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\uTorrent
2015-01-07 09:17 - 2014-08-23 22:37 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-07 09:17 - 2014-08-23 22:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-07 08:54 - 2014-10-22 01:16 - 00000000 ____D () C:\Windows\Minidump
2015-01-07 08:54 - 2014-08-18 09:14 - 00000000 ____D () C:\Windows\Panther
2015-01-07 04:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Web
2015-01-07 03:15 - 2014-08-23 22:31 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-07 03:15 - 2014-08-23 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-07 03:15 - 2014-08-23 22:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-07 00:21 - 2014-08-26 17:38 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-06 04:36 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-01 21:21 - 2014-08-17 17:29 - 00000000 ____D () C:\ProgramData\Norton
2014-12-31 05:14 - 2009-07-13 20:45 - 00409568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-30 00:49 - 2014-08-23 12:12 - 00109688 _____ () C:\Users\Chuck\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-30 00:49 - 2014-08-17 17:52 - 00109688 _____ () C:\Users\Ashley\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 00:58

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Ashley at 2015-01-13 11:42:50
Running from C:\Users\Ashley\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Internet Security (Disabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Internet Security (Disabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
avast! Internet Security (HKLM-x32\...\avast) (Version: 7.0.1474.0 - AVAST Software)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
DVDFab 9.0.4.2 (27/05/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
KCP-0.5.4.0 (HKLM-x32\...\Kawaii Codec Pack_is1) (Version: 0.5.4.0 - Haruhichan.com)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

29-12-2014 23:11:09 Windows Update
02-01-2015 18:21:56 Windows Update
07-01-2015 00:20:10 Windows Update
09-01-2015 16:43:34 Restore Point Created by FRST
10-01-2015 19:54:39 Before JRT Scan

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D4568D6-E7ED-4FD4-81D4-9E06C08D619A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-30] (AVAST Software)
Task: {2383CADB-BC8D-4B03-B1A7-15B2FB86CBC7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3E12A637-10FC-47A1-9B4A-3F2CF0945231} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {56F93B1D-8557-4713-9DC9-9C4AF49842B8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {664DDD14-3249-429B-A4C1-40969E91B163} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {6B801873-B3A2-4C74-9CED-08B4638255B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {6D58477C-6572-4645-86EA-089A577D9752} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {733874A1-2C90-47B6-8205-029879364D7D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7BD730F5-2D2C-414D-A96B-028036691365} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {7DE2E9BE-06FC-4B78-AE19-C87EBB01D6BB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8D2A1FB9-D9D6-4FCC-93A6-B4440188F340} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {99F973DB-AE0B-4CC3-B8A6-9B202955A605} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {D1B6C965-176F-4907-8FB2-CC155BB3EEA1} - System32\Tasks\{BA9F18D4-E395-4EAF-AA1F-E68AC28632A5} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0508beb0-306f-4a8a-8ee8-3eeefbc167d1.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 405fe981-ffa0-480d-8fba-2444e54b8324.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2014-08-26 17:38 - 2011-09-06 03:32 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-20 01:54 - 2012-10-30 23:35 - 01825280 _____ () C:\Program Files\AVAST Software\Avast\defs\12103100\algo.dll
2014-12-08 19:58 - 2014-12-08 19:58 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-15 03:34 - 2014-10-15 03:34 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2014-08-17 17:41 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-17 17:39 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-10 04:15 - 2014-12-10 04:15 - 16841392 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: serverca => 2
MSCONFIG\Services: servervo => 2
MSCONFIG\Services: SWUpdater => 2

========================= Accounts: ==========================

Administrator (S-1-5-21-2650459626-1003566679-2177798267-500 - Administrator - Disabled)
Ashley (S-1-5-21-2650459626-1003566679-2177798267-1000 - Administrator - Enabled) => C:\Users\Ashley
Chuck (S-1-5-21-2650459626-1003566679-2177798267-1001 - Administrator - Enabled) => C:\Users\Chuck
Guest (S-1-5-21-2650459626-1003566679-2177798267-501 - Limited - Enabled)
Kristi (S-1-5-21-2650459626-1003566679-2177798267-1002 - Limited - Enabled)
Teri (S-1-5-21-2650459626-1003566679-2177798267-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 11:41:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: dwrite.dll, version: 6.2.9200.16492, time stamp: 0x50f31207
Exception code: 0xc0000005
Fault offset: 0x000000000005def0
Faulting process id: 0x8b8
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3

Error: (01/12/2015 03:05:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: System.Xaml.ni.dll, version: 4.0.30319.18408, time stamp: 0x52312ec0
Exception code: 0xc0000005
Fault offset: 0x000000000013dee0
Faulting process id: 0x103c
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3

Error: (01/12/2015 03:05:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE9BCDEE0

Error: (01/12/2015 11:49:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: clr.dll, version: 4.0.30319.18444, time stamp: 0x52717f9a
Exception code: 0xc0000005
Fault offset: 0x0000000000003810
Faulting process id: 0x18c4
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3

Error: (01/12/2015 11:49:28 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 000007FEF28C3810 (000007FEF28C0000) with exit code 80131506.

Error: (01/12/2015 10:46:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: APM.Server.ni.dll, version: 4.5.5371.30937, time stamp: 0x54176402
Exception code: 0xc0000005
Fault offset: 0x000000000003dee4
Faulting process id: 0xc40
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3

Error: (01/12/2015 10:46:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEEA0EDEE4

Error: (01/11/2015 10:26:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 10:23:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 08:17:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/13/2015 11:41:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccdwrite.dll6.2.9200.1649250f31207c0000005000000000005def08b801d02ebc3cef2d86C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\dwrite.dll26238d31-9b5c-11e4-8a10-e03f496ef832

Error: (01/12/2015 03:05:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccSystem.Xaml.ni.dll4.0.30319.1840852312ec0c0000005000000000013dee0103c01d02ea0e5b418bfC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\1cf956491787a78c07789c9c8ffb7115\System.Xaml.ni.dll7905439b-9aaf-11e4-8a10-e03f496ef832

Error: (01/12/2015 03:05:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE9BCDEE0

Error: (01/12/2015 11:49:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccclr.dll4.0.30319.1844452717f9ac0000005000000000000381018c401d02e981d6b6919C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll1e0ec687-9a94-11e4-8a10-e03f496ef832

Error: (01/12/2015 11:49:28 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 000007FEF28C3810 (000007FEF28C0000) with exit code 80131506.

Error: (01/12/2015 10:46:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccAPM.Server.ni.dll4.5.5371.3093754176402c0000005000000000003dee4c4001d02e30863d4da1C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Server\116f334d5d2f6dab19b756a701c6fa59\APM.Server.ni.dll5827685d-9a8b-11e4-8a10-e03f496ef832

Error: (01/12/2015 10:46:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEEA0EDEE4

Error: (01/11/2015 10:26:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 10:23:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 08:17:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Ashley\Desktop\esetsmartinstaller_enu.exe

==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 30%
Total physical RAM: 8134.5 MB
Available physical RAM: 5652.73 MB
Total Pagefile: 16267.17 MB
Available Pagefile: 12511.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.66 GB) (Free:116.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 7C7BECB8)

Partition: GPT Partition Type.

==================== End Of Log ============================

I was looking up how to use this software, its an extremly powerful tool that is able to use certain scripts to remove maleware entries, orphans, rootkits, change settings and mong other things. I am kind of interested in doing this kind of my work my self, so i was studying up on how to use it. It seems like a takes a trained eye to know how to presicely read the logs and use the correct strings to execute certain commands. Cause one wrong string, can make your computer immobile. Either way i am not only looking to delete and remove infections but i am very curious and interested in this kind of work my self. I wonder if there are deep tutorials or books you can download that explain how to utilize these softwares. I have taken alot of courses in college, but none of them detail how to use these software to remove threats, they only visually give you a basic idea on using more user friendly maleware removal tools like maleware bytes to remove infections.

Edited by jeff matthews, 13 January 2015 - 01:48 PM.

#28 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 13 January 2015 - 05:48 PM

Um i just wanted to mention i have another slight issue. My avast, apparently is still on the program list and i can't remove it, either in normal or safe mode. Also when i tried clicking on it, as it started it up and tried to remove it. My computer became so slow, stuttering to nearly a crawl, memory was fine, and CPU % in task bar was ok. Then i checked my bios and it shown something like 84 degree's F for the CPU temp. That is pretty hot if im not mistaken. So i rebooted back into safe mode and the machine runs fine, but in normal mode, it slows down to a crawl. What the heck is going on there?

Coulod avast be another infection or malicious file on my machine?

#29 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 13 January 2015 - 06:12 PM

Hello,

I wonder if there are deep tutorials or books you can download that explain how to utilize these softwares.

If you wish to learn how to remove malware, you can apply to join our Classroom.

Coulod avast be another infection or malicious file on my machine?

Unlikely.
Lets uninstall avast! using a special programme. I also need you to uninstall/reinstall Chrome - the malware changed the build to an unstable version.

STEP 1
Uninstall/Reinstall Chrome

Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks
Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the following programmes, right-click and click Uninstall.
- Google Chrome
Follow the prompts.
Reboot if necessary.
Download and install Google Chrome.

STEP 2

Revo Uninstaller

Ensure you have the relevant avast! Internet Security product details to hand.
Please download and install Revo Uninstaller Free.
Double-click Revo Uninstaller to run the programme.
From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
- avast! Internet Security
Double-click the programme.
When prompted if you want to uninstall click Yes.
Ensure the Moderate option is selected and click Next.
The programme uninstaller will run. If prompted again click Yes.
Work your way through the uninstaller, ensuring you read each page thoroughly.
Note: Ensure you decline offers of additional software if applicable.
Once the built-in uninstaller is finished click Next.
Once the programme has searched for leftovers click Next.
Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
When prompted click Yes, followed by Next.
Click Select all, followed by Delete.
When prompted click Yes, followed by Next.
Once done click Finish.
Reboot your computer, and reinstall avast!.

Would you like to help others with malware removal? Join our Classroom and learn how!

#30 jeff matthews

Advanced Member

Authentic Member
781 posts

Posted 14 January 2015 - 02:28 AM

Ok done with that. Having some real issues with USB keyboard and mouse not loading. Also my computer is having some problems freezing to a halt, where i have to restart the machine. That is not good, but when i looked at the bios, it red 85 degree's F. is that hot?

In any case i might have to change out my CPU and re apply ceramic paste, but its strange that this issue was not happening at all prior to all the cleaning utilities that we used. Do you think it could have something to do with the usage of some of these applications?

Well in any case, if you want, provide any other post precedures you want me to do after maleware removal.

EDIT: Yep, it just did it again. This time i could not even open up the task manager, it was completly frozen. I don't know if the OS was or the entire computer. I couldn't even complete this post, had to use my laptop. Either way this is a critical problem right now, im pretty sure this machine has no more infections but evidently something is causing these resent crashes. I followed the directions to a t. I don't know why i am having issues with this now.

Edited by jeff matthews, 14 January 2015 - 02:34 AM.

Also tagged with one or more of these keywords: Viruses, Maleware, Infection, CCcleaner, Internet connection issue, Rootkits, trovi search bar

Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → My PC won't open Malware Bytes (QQPCTray) [Solved] Started by victor_lf , 12 May 2016 infection 1 2 3	Hot 33 replies 10,180 views	ken545 16 May 2016
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Default browser keeps opening by itself Started by mugger , 26 Sep 2015 maleware, virus, spyware, browser and 1 more...	3 replies 21,596 views	Cypher 01 Oct 2015
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Trojan Horse Collected_c.BEIS (Have logs) [Solved] Started by jeff matthews , 21 Jun 2015 Maleware, Trojan, Infection and 4 more... 1 2	Hot 15 replies 16,702 views	ken545 26 Jun 2015
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Windows 7 runs hot then signs of infection wont connect to Internet [C Started by jocase , 18 Apr 2015 Infection	3 replies 4,173 views	ken545 27 Apr 2015
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Keylogger, KernelMode Rootkit SSDT hooks have plagued my PC since June Started by BrotherPorter , 26 Nov 2014 Windows redirect, SSDT, keylogger and 6 more... 1 2 3	Hot 35 replies 20,750 views	OCD 11 Jan 2015

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

Body Background

skin color theme

Trovi search bar, causing failed internet! Logs are ready. [Solved

#16 jeff matthews

Advertisements

Register to Remove

#17 jeff matthews

#18 LiquidTension

#19 jeff matthews

#20 LiquidTension

#21 jeff matthews

#22 LiquidTension

#23 jeff matthews

#24 LiquidTension

#25 jeff matthews

Advertisements

Register to Remove

#26 LiquidTension

#27 jeff matthews

#28 jeff matthews

#29 LiquidTension

#30 jeff matthews

Related Topics

Also tagged with one or more of these keywords: Viruses, Maleware, Infection, CCcleaner, Internet connection issue, Rootkits, trovi search bar

My PC won't open Malware Bytes (QQPCTray) [Solved]

Default browser keeps opening by itself

Trojan Horse Collected_c.BEIS (Have logs) [Solved]

Windows 7 runs hot then signs of infection wont connect to Internet [C

Keylogger, KernelMode Rootkit SSDT hooks have plagued my PC since June

3 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Trovi search bar, causing failed internet! Logs are ready. [Solved

#16 jeff matthews

Advertisements Register to Remove

#17 jeff matthews

#18 LiquidTension

#19 jeff matthews

#20 LiquidTension

#21 jeff matthews

#22 LiquidTension

#23 jeff matthews

#24 LiquidTension

#25 jeff matthews

Advertisements Register to Remove

#26 LiquidTension

#27 jeff matthews

#28 jeff matthews

#29 LiquidTension

#30 jeff matthews

Related Topics

Also tagged with one or more of these keywords: Viruses, Maleware, Infection, CCcleaner, Internet connection issue, Rootkits, trovi search bar

My PC won't open Malware Bytes (QQPCTray) [Solved]

Default browser keeps opening by itself

Trojan Horse Collected_c.BEIS (Have logs) [Solved]

Windows 7 runs hot then signs of infection wont connect to Internet [C

Keylogger, KernelMode Rootkit SSDT hooks have plagued my PC since June

3 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove