Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes will not run. Chameleon will not launch it either


  • This topic is locked This topic is locked
19 replies to this topic

#1 gsander

gsander

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 07 March 2016 - 03:58 PM

Windows 8 (not 8.1).  I believe I have cleaned some malware off this computer but MBAM will not run.  During the Chameleon run it 'fails to start the update".  I think there is still something going on.



BC AdBot (Login to Remove)

 


#2 gsander

gsander
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 07 March 2016 - 04:14 PM

I have run super anti spyware, combofix and emsisoft anti-malware.  I have been unable to uninstall spy hunter 4 but I was able to disable it from running as a scheduled task.  I also deleted the enigma software group folder.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 07 March 2016 - 08:52 PM

Greetings gsander and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 gsander

gsander
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 07 March 2016 - 10:03 PM

I appreciate your help Gary,
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Ashtonmask (administrator) on LISA (07-03-2016 20:48:08)
Running from C:\Users\Ashtonmask\Desktop
Loaded Profiles: Ashtonmask (Available Profiles: Lisa & Ashtonmask)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9239064 2016-02-26] (Emsisoft Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\Ashtonmask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-12-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{40361EFD-528A-4334-B5A2-B8600BC343BB}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{61902BE9-E2C0-4308-9F31-3C295D0330DC}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKLM -> {7152CC28-78B2-4022-B8AD-4F535DE3A83F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {7152CC28-78B2-4022-B8AD-4F535DE3A83F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> DefaultScope {11B534F7-9D8A-4C95-9755-DA1E9CD1F62F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> OldSearch URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldstr_15_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAzz0E0A0AyB0EtCyCyEyEtA0B0E0CyDtN0D0Tzu0StCtCzzyEtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCtCyBtDtA0D0AtGzz0CzzyCtG0B0EtBtAtGzz0C0D0AtGtDyBtC0Azy0C0CtDzz0C0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0AyD0BtBtDyEtGtBzzyC0EtGyEyE0E0EtG0AtBtC0CtGtCtC0FyB0BzyyEtByE0D0C0B2QtN0A0LzuyE%26cr%3D1321805819%26a%3Dwny_dnldstr_15_14%26os%3DWindows 8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {10530D1E-CC1F-4B0E-B347-2CC91C11D476} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=BABF1C09-287F-409D-86E4-0E8F2F6F15E8&apn_sauid=73E64E12-5E34-4C37-99FF-D9A8306D0FB7
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {11B534F7-9D8A-4C95-9755-DA1E9CD1F62F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {7152CC28-78B2-4022-B8AD-4F535DE3A83F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US756D20140818&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1081102030-1963929433-2794043865-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1081102030-1963929433-2794043865-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-06] (Google Inc.)
FF HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12263.xpi => not found
Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1oDB0VXfV5bFElXTwhnKV5RFVgdbFpRJQ=="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1oDB0VXfV5bFElXTwhnKV5RFVgdbFpRJQ=="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTQkcFME0FBloEURNNfX1RBlAFQFluL0td&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFZCdgBZUV0QDAYbIQEVVQtCExgbeAwNTAFFQAIVIgkJU1wUQhNBNARaAktXUUEeJ1pNER8fHHFKJ1BMAFU8TkdG
CHR Profile: C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-11]
CHR Extension: (Google Docs) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-11]
CHR Extension: (Google Drive) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-07]
CHR Extension: (YouTube) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-07]
CHR Extension: (Google Search) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-07]
CHR Extension: (Google Sheets) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-11]
CHR Extension: (Google Docs Offline) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-07]
CHR Extension: (Digital More) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfghdidiebdeeldgpnipfdhdeogdoeeb [2015-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-07]
CHR Extension: (Gmail) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR Profile: C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Ask Search) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-03-29] [UpdateUrl: hxxps://clients2.googlee.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-16]
CHR Extension: (YouTube) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-16]
CHR Extension: (Google Cast) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-03-09]
CHR Extension: (Google Search) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (Gmail) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10970064 2016-02-26] (Emsisoft Ltd)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-18] (Advanced Micro Devices, Inc.) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-10-20] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-01-31] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [275712 2015-01-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-07 20:48 - 2016-03-07 20:48 - 00021875 _____ C:\Users\Ashtonmask\Desktop\FRST.txt
2016-03-07 20:47 - 2016-03-07 20:48 - 00000000 ____D C:\FRST
2016-03-07 20:46 - 2016-03-07 20:47 - 02374144 _____ (Farbar) C:\Users\Ashtonmask\Desktop\FRST64.exe
2016-03-07 19:01 - 2016-03-07 19:01 - 00022847 _____ C:\ComboFix.txt
2016-03-07 10:56 - 2016-03-07 10:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-07 10:41 - 2016-03-07 10:41 - 00001106 _____ C:\Users\Ashtonmask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2016-03-07 10:30 - 2016-03-07 10:30 - 00000000 ____D C:\Users\Lisa\AppData\Local\Google
2016-03-07 10:27 - 2016-03-07 10:27 - 00000000 ____D C:\ProgramData\Emsisoft
2016-03-07 10:12 - 2016-03-07 10:12 - 00000896 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-03-07 10:12 - 2016-03-07 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-03-07 10:10 - 2016-03-07 20:48 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-03-07 09:30 - 2016-03-07 09:34 - 00217376 _____ C:\TDSSKiller.3.1.0.9_07.03.2016_09.30.20_log.txt
2016-03-07 08:54 - 2016-03-07 08:54 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-03-07 08:54 - 2016-03-07 08:54 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-07 08:54 - 2016-03-07 08:54 - 00000000 ____D C:\Program Files\CCleaner
2016-03-07 08:52 - 2016-03-07 08:52 - 00001268 _____ C:\Users\Ashtonmask\Desktop\Revo Uninstaller.lnk
2016-03-07 08:52 - 2016-03-07 08:52 - 00000000 ____D C:\Users\Ashtonmask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-03-07 08:52 - 2016-03-07 08:52 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-03-07 08:45 - 2016-03-07 08:45 - 00000000 ____D C:\Users\Ashtonmask\AppData\Local\Splashtop
2016-03-07 08:43 - 2016-03-07 08:43 - 00000000 ____D C:\ProgramData\Splashtop
2016-03-07 08:43 - 2016-03-07 08:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
2016-03-07 08:43 - 2016-03-07 08:43 - 00000000 ____D C:\Program Files (x86)\Splashtop
2016-03-07 08:18 - 2016-01-05 14:16 - 00826328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-07 08:18 - 2016-01-05 14:16 - 00176088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-07 07:33 - 2016-03-07 09:26 - 00034816 ___SH C:\Users\Ashtonmask\Desktop\Thumbs.db
2016-03-07 07:20 - 2016-03-07 19:02 - 00000000 ____D C:\Qoobox
2016-03-07 07:20 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-07 07:20 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-07 07:20 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-07 07:20 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-07 07:20 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-07 07:20 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2016-03-07 07:20 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-07 07:20 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-07 07:20 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-07 07:19 - 2016-03-07 07:31 - 00000000 ____D C:\Windows\erdnt
2016-03-07 07:18 - 2016-03-07 07:10 - 05658088 ____R (Swearware) C:\Users\Ashtonmask\Desktop\ComboFix.exe
2016-03-07 03:26 - 2016-03-07 20:21 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-07 02:04 - 2016-03-07 02:04 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d17810d3665b30
2016-03-06 21:53 - 2015-12-08 21:39 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-03-06 21:22 - 2016-03-06 21:22 - 00000000 ____D C:\4a55987a36395f95992fb3
2016-03-06 20:35 - 2015-08-01 08:50 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-06 20:35 - 2015-08-01 07:56 - 19778048 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-06 20:35 - 2015-07-09 15:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-03-06 20:35 - 2015-07-09 15:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-03-06 20:35 - 2015-07-09 14:18 - 00233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-03-06 20:30 - 2015-04-24 21:41 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2016-03-06 20:30 - 2015-04-24 17:13 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-03-06 20:29 - 2015-12-30 17:29 - 06972760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-06 20:29 - 2015-12-08 09:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-06 20:29 - 2015-12-08 09:16 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-06 20:29 - 2015-12-03 18:55 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-03-06 20:29 - 2015-12-03 15:47 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-03-06 20:29 - 2015-11-16 08:42 - 00171864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-06 20:29 - 2015-11-16 08:29 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2016-03-06 20:29 - 2015-11-16 08:29 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-03-06 20:29 - 2015-11-16 08:29 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-06 20:29 - 2015-11-16 08:28 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-06 20:29 - 2015-11-16 08:26 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-03-06 20:29 - 2015-11-16 08:26 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-06 20:29 - 2015-11-16 08:26 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-03-06 20:29 - 2015-11-16 08:26 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-06 20:29 - 2015-09-23 07:10 - 00570256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-03-06 20:29 - 2015-09-22 11:53 - 01405408 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-06 20:29 - 2015-09-22 11:53 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-03-06 20:29 - 2015-09-12 07:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-03-06 20:29 - 2015-09-12 07:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2016-03-06 20:29 - 2015-09-12 07:29 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2016-03-06 20:29 - 2015-09-12 07:29 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2016-03-06 20:29 - 2015-09-12 07:29 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-06 20:29 - 2015-07-22 16:09 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-06 20:29 - 2015-06-25 12:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-06 20:29 - 2015-04-05 23:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2016-03-06 20:29 - 2015-04-05 22:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2016-03-06 20:29 - 2015-01-06 22:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-06 20:28 - 2015-11-16 08:29 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-06 20:28 - 2015-11-16 08:29 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-06 20:28 - 2015-11-16 08:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-06 20:28 - 2015-11-16 08:27 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-03-06 20:28 - 2015-11-16 08:26 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-06 20:28 - 2015-11-16 08:26 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2016-03-06 20:28 - 2015-11-16 08:26 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-06 20:28 - 2015-11-16 08:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-06 20:28 - 2015-11-16 08:26 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-06 20:28 - 2015-11-16 08:26 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-06 20:28 - 2015-06-25 12:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-06 20:28 - 2015-05-02 00:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-06 19:30 - 2016-03-06 19:30 - 00000000 ____D C:\Users\Ashtonmask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2016-03-06 19:29 - 2016-03-07 20:41 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d17810d3665b30.job
2016-03-06 19:29 - 2016-03-06 19:29 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1081102030-1963929433-2794043865-1004Core1d17810dae2a412.job
2016-03-06 19:22 - 2016-03-06 19:24 - 00235268 _____ C:\TDSSKiller.3.1.0.9_06.03.2016_19.22.52_log.txt
2016-03-06 18:09 - 2015-03-09 23:27 - 19292672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-06 18:08 - 2015-03-09 23:28 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-06 18:08 - 2015-03-09 23:28 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-06 18:08 - 2015-03-09 23:28 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-06 18:08 - 2015-03-09 23:27 - 15409152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-06 18:08 - 2015-03-09 23:27 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-06 18:08 - 2015-03-09 23:27 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-06 18:08 - 2015-03-09 23:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-06 18:08 - 2015-03-09 23:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-06 18:08 - 2015-03-09 21:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-06 18:08 - 2015-03-09 21:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-06 18:08 - 2015-03-09 21:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-06 18:08 - 2015-03-09 21:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-06 18:08 - 2015-03-09 21:49 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-06 18:08 - 2015-03-09 21:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-06 18:08 - 2015-03-09 21:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-06 18:08 - 2015-03-09 21:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-06 18:08 - 2015-03-09 21:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-06 17:57 - 2016-03-06 18:24 - 00000000 _____ C:\Users\Ashtonmask\AppData\Local\{3865EC00-25CB-4526-B23A-4C8D776ED837}
2016-03-06 16:58 - 2016-03-06 16:58 - 00000000 ____D C:\SUPERDelete
2016-03-06 16:58 - 2016-03-06 16:58 - 00000000 ____D C:\Program Files (x86)\DriverRestore
2016-03-06 16:57 - 2016-03-06 16:57 - 00000000 ____D C:\Users\Ashtonmask\AppData\Roaming\SUPERAntiSpyware.com
2016-03-06 16:56 - 2016-03-06 16:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-03-06 16:56 - 2016-03-06 16:56 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-03-06 16:56 - 2016-03-06 16:56 - 00001503 _____ C:\Users\Ashtonmask\Desktop\greg.cmd - Shortcut.lnk
2016-03-06 16:56 - 2016-03-06 16:56 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-03-06 16:56 - 2016-03-06 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-03-06 16:47 - 2016-03-07 10:57 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-06 16:47 - 2016-03-07 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-06 16:46 - 2016-03-07 15:05 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-06 16:46 - 2016-03-06 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2016-03-06 16:46 - 2016-03-06 16:46 - 00000000 ____D C:\Program Files (x86)\GPLGS
2016-03-06 16:46 - 2016-03-06 16:46 - 00000000 ____D C:\Program Files (x86)\Acro Software
2016-03-06 16:46 - 2016-01-22 16:57 - 00089008 _____ C:\Windows\system32\cpwmon64.dll
2016-03-06 16:38 - 2016-03-06 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-06 16:38 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-06 16:38 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-06 16:35 - 2016-03-07 09:47 - 00000000 ____D C:\scs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-07 20:41 - 2013-02-15 13:20 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-07 20:35 - 2012-07-26 01:28 - 00959154 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-07 20:35 - 2012-07-25 23:37 - 00000000 ____D C:\Windows\Inf
2016-03-07 20:29 - 2012-07-26 01:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-07 20:28 - 2012-07-25 23:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-07 20:24 - 2012-07-26 02:12 - 00000000 ___RD C:\Windows\ToastData
2016-03-07 20:23 - 2012-07-26 01:59 - 00000000 ____D C:\Windows\CbsTemp
2016-03-07 20:09 - 2014-05-14 14:32 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6fb3b102ea43.job
2016-03-07 19:17 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\rescache
2016-03-07 19:06 - 2013-02-04 12:21 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1081102030-1963929433-2794043865-1004
2016-03-07 18:58 - 2012-07-25 23:26 - 00000215 _____ C:\Windows\system.ini
2016-03-07 15:06 - 2013-02-08 12:08 - 00000000 ____D C:\Users\Ashtonmask\AppData\Local\CrashDumps
2016-03-07 10:35 - 2015-03-30 07:13 - 00000000 ____D C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e
2016-03-07 09:21 - 2013-02-15 13:20 - 00000000 ____D C:\Program Files\Google
2016-03-07 09:21 - 2013-02-15 13:19 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-07 09:17 - 2012-08-03 17:21 - 00000000 ____D C:\Windows\Panther
2016-03-07 09:07 - 2013-02-04 15:50 - 00000260 _____ C:\Windows\SysWOW64\cmdVBS.vbs
2016-03-07 09:07 - 2013-02-04 15:50 - 00000256 _____ C:\Windows\SysWOW64\MSIevent.bat
2016-03-07 09:05 - 2013-02-15 13:19 - 00000000 ____D C:\Users\Ashtonmask\AppData\Local\Google
2016-03-07 08:56 - 2015-04-11 18:13 - 00003340 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-03-07 08:56 - 2013-06-20 23:44 - 00003822 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2016-03-07 08:13 - 2015-03-20 19:47 - 00327032 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-07 08:06 - 2014-12-13 06:58 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-07 08:06 - 2014-07-14 11:54 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-03-07 08:06 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-07 08:06 - 2012-07-26 02:12 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-07 08:06 - 2012-07-26 02:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-07 08:06 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-03-07 07:49 - 2014-03-21 12:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-07 07:49 - 2014-03-21 12:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-07 07:47 - 2014-03-21 12:34 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1081102030-1963929433-2794043865-1004Core.job
2016-03-07 04:23 - 2014-03-21 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-07 03:49 - 2013-08-18 16:43 - 00000000 ____D C:\Windows\system32\MRT
2016-03-07 03:44 - 2013-02-05 09:54 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-07 03:02 - 2012-07-26 01:52 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-07 02:18 - 2013-02-15 13:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-07 02:18 - 2013-02-15 13:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-07 02:04 - 2014-05-14 14:32 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf6fb3b102ea43
2016-03-06 23:06 - 2014-11-21 16:09 - 00000000 ____D C:\$Windows.~BT
2016-03-06 22:36 - 2012-07-26 02:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-06 22:34 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-03-06 22:01 - 2012-07-25 23:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-03-06 21:24 - 2015-03-30 07:17 - 00000000 ____D C:\Program Files (x86)\360
2016-03-06 21:24 - 2013-02-04 15:54 - 00000000 ____D C:\Program Files\McAfee
2016-03-06 21:24 - 2013-02-04 15:54 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-06 21:24 - 2013-02-04 15:54 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-06 21:24 - 2013-02-04 15:52 - 00000000 ____D C:\ProgramData\McAfee
2016-03-06 20:22 - 2012-07-26 02:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-03-06 20:20 - 2012-07-26 02:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-06 20:09 - 2013-03-07 16:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-06 20:08 - 2013-06-20 23:41 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-06 19:50 - 2013-02-03 20:32 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6B224BF0-FD75-405D-9E88-2109042EB9B2}
2016-03-06 19:30 - 2014-11-24 07:45 - 00001187 _____ C:\Users\Ashtonmask\Desktop\Chromecast.lnk
2016-03-06 16:46 - 2013-03-18 16:57 - 01071104 ___SH C:\Users\Ashtonmask\Downloads\Thumbs.db
2016-03-05 18:44 - 2013-10-11 05:17 - 00000000 ____D C:\Users\Ashtonmask\Documents\Youcam
==================== Files in the root of some directories =======
2016-03-06 17:57 - 2016-03-06 18:24 - 0000000 _____ () C:\Users\Ashtonmask\AppData\Local\{3865EC00-25CB-4526-B23A-4C8D776ED837}
2013-02-03 20:31 - 2013-02-03 20:31 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-06 18:24
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Ashtonmask (2016-03-07 20:49:40)
Running from C:\Users\Ashtonmask\Desktop
Windows 8 (X64) (2013-02-04 02:27:23)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1081102030-1963929433-2794043865-500 - Administrator - Disabled)
Ashtonmask (S-1-5-21-1081102030-1963929433-2794043865-1004 - Administrator - Enabled) => C:\Users\Ashtonmask
Guest (S-1-5-21-1081102030-1963929433-2794043865-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1081102030-1963929433-2794043865-1006 - Limited - Enabled)
Lisa (S-1-5-21-1081102030-1963929433-2794043865-1002 - Administrator - Enabled) => C:\Users\Lisa
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{3CEC10BE-CD7C-8E99-E3AC-DD31F4416C1C}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J835DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
ChromecastApp (HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version:  - Compete Inc.) <==== ATTENTION
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{23C74C03-680C-455D-933F-5BC8683CAE52}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.5.3 - Splashtop Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {010DF2FC-BA26-4C07-B3D5-E1B66E98CDEA} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe
Task: {04AC0F53-58B5-4398-9674-2F508AC9467E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1081102030-1963929433-2794043865-1004UA => C:\Users\Ashtonmask\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {216E6A09-37DD-480C-A50B-0FF7857BBFC2} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {270F6BF1-46FD-4E25-AF9B-977AE6CB2D83} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {2E136642-C328-4E45-A1E7-CA6946884C3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {487FBB84-ACA9-46CD-A742-430BAC9E55B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4EC3FF9C-6DA8-4712-A3BB-E4B6F1E99B07} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {5A2E8E86-96BC-4551-B11B-A30F8111A68A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1081102030-1963929433-2794043865-1004Core => C:\Users\Ashtonmask\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {5C3ECD08-0ABE-4153-BABE-B52A3D415FA0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {6B4923D3-90E0-45BE-9EED-E6B4810F2D7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {708217DA-AE10-4D45-865A-F42AC1E862E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {78FCD8E8-BB48-4CF6-AD34-CC216B758D12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7BB79F96-3BF2-4C79-B1A4-074F94E7E9DC} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {96C0782A-ACA1-483F-AAD9-61A327388322} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {A4826535-B127-4579-A334-CD7D1176EDBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {A9C64DDB-4747-4794-A345-E72FB0CB2FD5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {C4994771-A750-40CC-BD18-E1669FE8F96B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {DF8DEF53-2A17-4486-8253-A884C530A599} - System32\Tasks\GoogleUpdateTaskMachineCore1d17810d3665b30 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {E655A402-D54A-44BA-8B45-5783A01C5CCA} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe
Task: {E7AF1FB1-0073-402A-8FB8-89D51BE99A14} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6fb3b102ea43 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {E9E7E42D-7858-4C1A-ABE3-00B1184242BD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-07] (Microsoft Corporation)
Task: {EED32817-11C6-466B-8B54-BA6B9C4E1987} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d17810d3665b30.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6fb3b102ea43.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1081102030-1963929433-2794043865-1004Core.job => C:\Users\Ashtonmask\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1081102030-1963929433-2794043865-1004Core1d17810dae2a412.job => C:\Users\Ashtonmask\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1081102030-1963929433-2794043865-1004UA.job => C:\Users\Ashtonmask\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-03-06 16:46 - 2016-01-22 16:57 - 00089008 _____ () C:\Windows\System32\cpwmon64.dll
2012-09-18 05:12 - 2012-09-18 05:12 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-30 10:01 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-05-18 15:34 - 2005-04-21 22:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2016-03-06 20:06 - 2016-03-06 20:06 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-02-03 20:31 - 2013-02-03 20:31 - 00120224 _____ () C:\Users\Ashtonmask\AppData\Local\assembly\dl3\1KY4K5E1.B9J\YQCGP9Y0.KZ8\f3c70fb2\008b7bc6_d8a8cd01\HPItunesModule.DLL
2015-01-06 16:31 - 2015-01-06 16:31 - 00096248 _____ () C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcelt-0.dll
2015-01-06 16:32 - 2015-01-06 16:32 - 01070080 _____ () C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libx264-116.dll
2013-05-18 15:34 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-12-15 06:42 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-25 23:26 - 2016-03-07 07:30 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "HP CoolSense"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SynTPEnh"
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C1028E86-37FB-4DC2-AFA2-B1DF2EEDF574}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7C78058E-8A45-4FE2-87FE-0D08B37C5665}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9C9403E7-1D9F-4EA3-9187-C5DB56268CB1}] => (Allow) LPort=2869
FirewallRules: [{FB6D9234-8B02-4AF8-B27F-FE16EDCA631E}] => (Allow) LPort=1900
FirewallRules: [{09478FDB-AB24-4B19-B981-F689D6133D9E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{3A8169AF-6FE0-4698-8389-4651A2641428}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{21071E29-8729-4833-B009-630E879985EA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{FDCA9D85-CB4E-474A-9743-0702C061CB7E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{9EC401B7-348F-448B-8E93-C42026219EA3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{809835B0-0CF2-43BB-9A87-C0DBC759551B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{CEE821A5-4DA6-4117-AE4F-62CEA8F01D03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{58488027-63E9-4BC0-9778-DBDD5FC84C71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8AC0A966-D97F-4DAC-BC94-3B7E7D92F758}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7021DB3-6CDB-405B-B4AA-F8DC18E03B16}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7CCDABE-2285-46A3-85FE-A75549B5EC7A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{7922AE37-9296-40F4-9649-BD09E26BB75B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{37F3741A-5758-44AD-9BC4-21C0757E495B}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{CC02DAF6-A49A-4F19-8B2C-492044490127}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{97C702A4-5DA3-4DEE-8AC3-C88366575002}] => (Allow) LPort=50000
FirewallRules: [{F49D581E-8E68-4B84-BB6C-4F19BB77D005}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{A81F69BC-0492-4DAF-8A2E-0C9B15ADCCC2}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{5F333924-1437-4893-A045-2C480013C3EC}] => (Allow) LPort=54925
FirewallRules: [{43CDF6A4-7AFE-4C41-B021-3C4F44F81414}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{5E9B46ED-EB55-4920-9802-8AA8F15F77F9}] => (Allow) LPort=50001
FirewallRules: [{267AC60D-C9B0-4D73-8645-BFB710E586FF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{8B1DE0CF-0D35-4AED-97B1-68F765FF9E8E}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{8A032B1A-597C-4543-8C1A-89BBCA959B56}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{3E2C3567-D028-4E45-9BD8-B42138465D71}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{8A0156AE-9544-4A4B-9603-3AB5F01C507E}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{01CE30C6-12A9-4211-994A-686A5F2BF29C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C49BDEE0-97F1-4966-9469-C632263F5371}] => (Allow) LPort=53000
FirewallRules: [{D845D2F3-7ED2-4711-BCE8-CE451AEACE5A}] => (Allow) LPort=52000
FirewallRules: [{16AFC29E-3556-4BCB-A993-7EB460CA6CDA}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{F4876BE7-C656-4512-B475-03C67077165C}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{94012B54-8C9B-40AE-9860-885401E28145}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
==================== Restore Points =========================
26-03-2015 08:31:52 Windows Update
06-03-2016 18:20:35 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (03/07/2016 03:06:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: windows.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1014
Faulting application start time: 0xwindows.exe0
Faulting application path: windows.exe1
Faulting module path: windows.exe2
Report Id: windows.exe3
Faulting package full name: windows.exe4
Faulting package-relative application ID: windows.exe5
Error: (03/07/2016 03:06:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1320
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (03/07/2016 03:06:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winlogon.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x13e4
Faulting application start time: 0xwinlogon.exe0
Faulting application path: winlogon.exe1
Faulting module path: winlogon.exe2
Report Id: winlogon.exe3
Faulting package full name: winlogon.exe4
Faulting package-relative application ID: winlogon.exe5
Error: (03/07/2016 03:06:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xcd4
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
Error: (03/07/2016 03:06:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xda0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (03/07/2016 03:06:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x7d4
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
Faulting package full name: firefox.exe4
Faulting package-relative application ID: firefox.exe5
Error: (03/07/2016 03:06:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x108c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
Error: (03/07/2016 03:06:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.sik, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xe40
Faulting application start time: 0xmbam.sik0
Faulting application path: mbam.sik1
Faulting module path: mbam.sik2
Report Id: mbam.sik3
Faulting package full name: mbam.sik4
Faulting package-relative application ID: mbam.sik5
Error: (03/07/2016 03:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.lnk, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x428
Faulting application start time: 0xmbam.lnk0
Faulting application path: mbam.lnk1
Faulting module path: mbam.lnk2
Report Id: mbam.lnk3
Faulting package full name: mbam.lnk4
Faulting package-relative application ID: mbam.lnk5
Error: (03/07/2016 03:06:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.scr, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xa04
Faulting application start time: 0xmbam.scr0
Faulting application path: mbam.scr1
Faulting module path: mbam.scr2
Report Id: mbam.scr3
Faulting package full name: mbam.scr4
Faulting package-relative application ID: mbam.scr5

System errors:
=============
Error: (03/07/2016 08:28:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8 for x64-based Systems (KB3084135).
Error: (03/07/2016 08:28:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8 for x64-based Systems (KB3040272).
Error: (03/07/2016 08:28:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8 for x64-based Systems (KB3058163).
Error: (03/07/2016 08:28:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8 for x64-based Systems (KB3082089).
Error: (03/07/2016 08:28:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 8 and Windows Server 2012 x64 (KB3097995).
Error: (03/07/2016 08:28:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8 for x64-based Systems (KB3042553).
Error: (03/07/2016 08:28:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8 for x64-based Systems (KB3124001).
Error: (03/07/2016 08:28:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB3023217).
Error: (03/07/2016 08:28:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8 for x64-based Systems (KB3076895).
Error: (03/07/2016 08:28:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8 for x64-based Systems (KB3123479).

CodeIntegrity:
===================================
  Date: 2016-03-07 19:08:06.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.
  Date: 2016-03-07 19:08:05.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.
  Date: 2016-03-07 19:08:01.218
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.
  Date: 2016-03-07 19:08:00.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.
  Date: 2016-03-07 19:08:00.563
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.
  Date: 2016-03-07 19:08:00.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.
  Date: 2016-03-07 19:07:59.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.
  Date: 2016-03-07 19:07:59.565
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.
  Date: 2016-03-07 19:07:59.237
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.
  Date: 2016-03-07 19:07:58.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

==================== Memory info ===========================
Processor: AMD A6-4400M APU with Radeon™ HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 3554.26 MB
Available physical RAM: 2034.59 MB
Total Virtual: 5026.26 MB
Available Virtual: 2950.2 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:440.16 GB) (Free:388.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.83 GB) (Free:2.99 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1406B4D4)
Partition: GPT.
==================== End of Addition.txt ============================

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 08 March 2016 - 09:50 AM

Thank you for the information.

Please complete the below for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to the same location as FRST.exe (<<<Important) as fixlist.txt
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> DefaultScope {11B534F7-9D8A-4C95-9755-DA1E9CD1F62F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> OldSearch URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldstr_15_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAzz0E0A0AyB0EtCyCyEyEtA0B0E0CyDtN0D0Tzu0StCtCzzyEtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCtCyBtDtA0D0AtGzz0CzzyCtG0B0EtBtAtGzz0C0D0AtGtDyBtC0Azy0C0CtDzz0C0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0AyD0BtBtDyEtGtBzzyC0EtGyEyE0E0EtG0AtBtC0CtGtCtC0FyB0BzyyEtByE0D0C0B2QtN0A0LzuyE%26cr%3D1321805819%26a%3Dwny_dnldstr_15_14%26os%3DWindows 8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {10530D1E-CC1F-4B0E-B347-2CC91C11D476} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=BABF1C09-287F-409D-86E4-0E8F2F6F15E8&apn_sauid=73E64E12-5E34-4C37-99FF-D9A8306D0FB7
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {11B534F7-9D8A-4C95-9755-DA1E9CD1F62F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {7152CC28-78B2-4022-B8AD-4F535DE3A83F} URL = 
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12263.xpi => not found
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1oDB0VXfV5bFElXTwhnKV5RFVgdbFpRJQ=="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1oDB0VXfV5bFElXTwhnKV5RFVgdbFpRJQ=="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTQkcFME0FBloEURNNfX1RBlAFQFluL0td&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFZCdgBZUV0QDAYbIQEVVQtCExgbeAwNTAFFQAIVIgkJU1wUQhNBNARaAktXUUEeJ1pNER8fHHFKJ1BMAFU8TkdG
CHR Extension: (Ask Search) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-03-29] [UpdateUrl: hxxps://clients2.googlee.com/service/update2/crx] <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-20] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-03-07 08:56 - 2015-04-11 18:13 - 00003340 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-03-07 08:56 - 2013-06-20 23:44 - 00003822 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2016-03-06 17:57 - 2016-03-06 18:24 - 0000000 _____ () C:\Users\Ashtonmask\AppData\Local\{3865EC00-25CB-4526-B23A-4C8D776ED837}
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {216E6A09-37DD-480C-A50B-0FF7857BBFC2} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {270F6BF1-46FD-4E25-AF9B-977AE6CB2D83} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {7BB79F96-3BF2-4C79-B1A4-074F94E7E9DC} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Enigma Software Group\SpyHunter
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
Folder: C:\4a55987a36395f95992fb3
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Type the following in the Search Field
windows.exe
  • Click Search File(s) button
  • A Search.txt document will be saved to your USB device
  • Copy and paste the contents of that document your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Search.txt
  • AdwCleaner log
  • Junkware log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 gsander

gsander
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 08 March 2016 - 11:41 AM

Gary,  I was unable to find Search.txt but I did not have a USB device plugged in when I ran FRST64.exe.  I am not sure how infected I am or if I still am.  Before I contacted you I did clean malware but Malwarebytes did not run.  That was a red flag for me so I asked for your help.  Malwarebytes still will not launch.  It appears to start but never launches.  Thanks for your continued help.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Ashtonmask (2016-03-08 09:54:47) Run:1
Running from C:\Users\Ashtonmask\Desktop
Loaded Profiles: Ashtonmask (Available Profiles: Lisa & Ashtonmask)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> DefaultScope {11B534F7-9D8A-4C95-9755-DA1E9CD1F62F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> OldSearch URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldstr_15_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutAzz0E0A0AyB0EtCyCyEyEtA0B0E0CyDtN0D0Tzu0StCtCzzyEtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCtCyBtDtA0D0AtGzz0CzzyCtG0B0EtBtAtGzz0C0D0AtGtDyBtC0Azy0C0CtDzz0C0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0AyD0BtBtDyEtGtBzzyC0EtGyEyE0E0EtG0AtBtC0CtGtCtC0FyB0BzyyEtByE0D0C0B2QtN0A0LzuyE%26cr%3D1321805819%26a%3Dwny_dnldstr_15_14%26os%3DWindows 8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {10530D1E-CC1F-4B0E-B347-2CC91C11D476} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=BABF1C09-287F-409D-86E4-0E8F2F6F15E8&apn_sauid=73E64E12-5E34-4C37-99FF-D9A8306D0FB7
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {11B534F7-9D8A-4C95-9755-DA1E9CD1F62F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> {7152CC28-78B2-4022-B8AD-4F535DE3A83F} URL = 
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12263.xpi => not found
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1oDB0VXfV5bFElXTwhnKV5RFVgdbFpRJQ=="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1oDB0VXfV5bFElXTwhnKV5RFVgdbFpRJQ=="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpZVwAQEVFCbQoAAAFcFQcQchQAWQxEDA0XIQ4OAwlAE1BGIx9aFQQTQkcFME0FBloEURNNfX1RBlAFQFluL0td&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFZCdgBZUV0QDAYbIQEVVQtCExgbeAwNTAFFQAIVIgkJU1wUQhNBNARaAktXUUEeJ1pNER8fHHFKJ1BMAFU8TkdG
CHR Extension: (Ask Search) - C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-03-29] [UpdateUrl: hxxps://clients2.googlee.com/service/update2/crx] <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-20] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-03-07 08:56 - 2015-04-11 18:13 - 00003340 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-03-07 08:56 - 2013-06-20 23:44 - 00003822 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2016-03-06 17:57 - 2016-03-06 18:24 - 0000000 _____ () C:\Users\Ashtonmask\AppData\Local\{3865EC00-25CB-4526-B23A-4C8D776ED837}
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ashtonmask\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {216E6A09-37DD-480C-A50B-0FF7857BBFC2} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {270F6BF1-46FD-4E25-AF9B-977AE6CB2D83} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {7BB79F96-3BF2-4C79-B1A4-074F94E7E9DC} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Enigma Software Group\SpyHunter
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
Folder: C:\4a55987a36395f95992fb3
*****************
 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => key removed successfully
HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found. 
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found. 
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{10530D1E-CC1F-4B0E-B347-2CC91C11D476}" => key removed successfully
HKCR\CLSID\{10530D1E-CC1F-4B0E-B347-2CC91C11D476} => key not found. 
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11B534F7-9D8A-4C95-9755-DA1E9CD1F62F}" => key removed successfully
HKCR\CLSID\{11B534F7-9D8A-4C95-9755-DA1E9CD1F62F} => key not found. 
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7152CC28-78B2-4022-B8AD-4F535DE3A83F}" => key removed successfully
HKCR\CLSID\{7152CC28-78B2-4022-B8AD-4F535DE3A83F} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-1081102030-1963929433-2794043865-1004\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value removed successfully
Chrome HomePage => removed successfully
Chrome RestoreOnStartup => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultNewTabURL => removed successfully
C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf <==== ATTENTION => not found
AppMgmt => service removed successfully
BAPIDRV => service removed successfully
catchme => service removed successfully
C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => moved successfully
C:\Users\Ashtonmask\AppData\Local\{3865EC00-25CB-4526-B23A-4C8D776ED837} => moved successfully
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-1081102030-1963929433-2794043865-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{216E6A09-37DD-480C-A50B-0FF7857BBFC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{216E6A09-37DD-480C-A50B-0FF7857BBFC2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{270F6BF1-46FD-4E25-AF9B-977AE6CB2D83}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{270F6BF1-46FD-4E25-AF9B-977AE6CB2D83}" => key removed successfully
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7BB79F96-3BF2-4C79-B1A4-074F94E7E9DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BB79F96-3BF2-4C79-B1A4-074F94E7E9DC}" => key removed successfully
C:\Windows\System32\Tasks\SpyHunter4Startup => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"C:\Program Files\Enigma Software Group\SpyHunter" => not found.
 
=========  type "C:\ComboFix.txt" =========
 
ComboFix 16-03-07.01 - Ashtonmask 03/07/2016  18:51:11.2.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3554.2201 [GMT -6:00]
Running from: c:\users\Ashtonmask\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Updated* {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ashtonmask\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2016-02-08 to 2016-03-08  )))))))))))))))))))))))))))))))
.
.
2016-03-08 00:58 . 2016-03-08 00:58 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2016-03-08 00:58 . 2016-03-08 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-07 16:56 . 2016-03-07 16:57 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-03-07 16:30 . 2016-03-07 16:30 -------- d-----w- c:\users\Lisa\AppData\Local\Google
2016-03-07 16:27 . 2016-03-07 16:27 -------- d-----w- c:\programdata\Emsisoft
2016-03-07 16:10 . 2016-03-08 00:49 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2016-03-07 14:54 . 2016-03-07 14:54 -------- d-----w- c:\program files\CCleaner
2016-03-07 14:52 . 2016-03-07 14:52 -------- d-----w- c:\program files (x86)\VS Revo Group
2016-03-07 14:45 . 2016-03-07 14:45 -------- d-----w- c:\users\Ashtonmask\AppData\Local\Splashtop
2016-03-07 14:43 . 2016-03-07 14:43 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31BEEDA7-3D80-4234-80E4-11E0F0A16AD7}\offreg.2156.dll
2016-03-07 14:43 . 2016-03-07 14:43 -------- d-----w- c:\programdata\Splashtop
2016-03-07 14:43 . 2016-03-07 14:43 -------- d-----w- c:\program files (x86)\Splashtop
2016-03-07 14:18 . 2015-03-04 21:24 791496 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-07 14:18 . 2015-03-04 21:24 177608 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-07 13:33 . 2016-03-08 00:58 -------- d-----w- c:\users\Ashtonmask\AppData\Local\temp
2016-03-07 09:26 . 2016-03-07 09:26 -------- d-----w- c:\programdata\Package Cache
2016-03-07 03:54 . 2016-02-18 23:53 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31BEEDA7-3D80-4234-80E4-11E0F0A16AD7}\mpengine.dll
2016-03-07 03:53 . 2015-12-09 03:39 301728 ------w- c:\windows\system32\MpSigStub.exe
2016-03-07 03:22 . 2016-03-07 03:22 -------- d-----w- C:\4a55987a36395f95992fb3
2016-03-07 02:27 . 2015-08-05 13:52 1624576 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2016-03-07 02:27 . 2015-08-05 13:52 1278976 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-03-07 02:27 . 2015-08-05 13:52 1326080 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2016-03-07 02:27 . 2015-08-05 13:52 1313792 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2016-03-07 02:27 . 2015-04-07 23:43 1413632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2016-03-07 02:27 . 2015-08-05 15:03 1032704 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2016-03-07 02:27 . 2015-04-07 23:21 2190336 ----a-w- c:\program files\Windows Journal\Journal.exe
2016-03-07 02:27 . 2015-04-07 23:20 627712 ----a-w- c:\program files\Windows Journal\MSPVWCTL.DLL
2016-03-07 02:27 . 2015-04-07 23:20 881152 ----a-w- c:\program files\Windows Journal\InkSeg.dll
2016-03-07 00:09 . 2015-03-10 05:27 19292672 ----a-w- c:\windows\system32\mshtml.dll
2016-03-06 22:58 . 2016-03-06 22:58 -------- d-----w- c:\program files (x86)\DriverRestore
2016-03-06 22:58 . 2016-03-06 22:58 -------- d-----w- C:\SUPERDelete
2016-03-06 22:57 . 2016-03-06 22:57 -------- d-----w- c:\users\Ashtonmask\AppData\Roaming\SUPERAntiSpyware.com
2016-03-06 22:56 . 2016-03-06 22:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2016-03-06 22:56 . 2016-03-06 22:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2016-03-06 22:46 . 2016-03-07 21:05 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-06 22:46 . 2016-01-22 22:57 89008 ----a-w- c:\windows\system32\cpwmon64.dll
2016-03-06 22:46 . 2016-03-06 22:46 -------- d-----w- c:\program files (x86)\Acro Software
2016-03-06 22:46 . 2016-03-06 22:46 -------- d-----w- c:\program files (x86)\GPLGS
2016-03-06 22:45 . 2016-03-06 22:45 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2016-03-06 22:38 . 2015-10-05 15:50 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-06 22:38 . 2015-10-05 15:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-06 22:38 . 2016-03-06 22:38 -------- d-----w- c:\programdata\Malwarebytes
2016-03-06 22:35 . 2016-03-07 15:47 -------- d-----w- C:\scs
2016-02-13 22:51 . 2016-02-13 22:51 189136 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-07 15:07 . 2013-02-04 21:50 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2016-03-07 15:07 . 2013-02-04 21:50 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2016-03-07 09:44 . 2013-02-05 15:54 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-03-07 02:04 . 2013-03-07 22:47 641304 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-07 22:52 220632 ----a-w- c:\users\Ashtonmask\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-07 22:52 220632 ----a-w- c:\users\Ashtonmask\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-07 22:52 220632 ----a-w- c:\users\Ashtonmask\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-18 642216]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-09-10 491632]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-08 581024]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-09-15 1342008]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\cdfk"="rd" [X]
"c:\program files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\zoi"="rd" [X]
"c:\program files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\yiceqqssfi"="rd" [X]
"c:\program files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\fxtwrgrpf"="rd" [X]
"c:\program files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\puhcaxni"="rd" [X]
"c:\program files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\aoy"="rd" [X]
"c:\program files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\xjhypzhqn"="rd" [X]
"c:\program files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\xcdgfxxm"="rd" [X]
"c:\program files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\ponhrqo"="rd" [X]
.
c:\users\Ashtonmask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2016-3-6 195248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\System32\drivers\WUDFRd.sys;c:\windows\SYSNATIVE\drivers\WUDFRd.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 SplashtopRemoteService;Splashtop� Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WSDScan;WSD Scan Support;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-07 08:10 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-12-21 06:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15 01:29]
.
2016-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d17810d3665b30.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15 01:29]
.
2016-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf6fb3b102ea43.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15 01:29]
.
2016-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1081102030-1963929433-2794043865-1004Core.job
- c:\users\Ashtonmask\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-21 01:29]
.
2016-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1081102030-1963929433-2794043865-1004Core1d17810dae2a412.job
- c:\users\Ashtonmask\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-21 01:29]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1081102030-1963929433-2794043865-1004UA.job
- c:\users\Ashtonmask\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-21 01:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-07 22:52 244696 ----a-w- c:\users\Ashtonmask\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-07 22:52 244696 ----a-w- c:\users\Ashtonmask\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-07 22:52 244696 ----a-w- c:\users\Ashtonmask\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-03-07 02:06 2348336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-03-07 02:06 2348336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-03-07 02:06 2348336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-20 1664000]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2016-02-26 9239064]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAIQ8BAAkVQBgQeFgATA1DEgcOeAENVBRJFVQUdlsIUAsURFYFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Consumer Input Installer - c:\program files (x86)\Consumer Input\CIuninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,38,12,3b,d4,7c,
   e3,88,8f,a5,08,e0,05,da,fd,94,7c,7e,ca
"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,
   35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:04,42,34,87,b0,05,cf,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2016-03-07  19:01:57
ComboFix-quarantined-files.txt  2016-03-08 01:01
ComboFix2.txt  2016-03-07 13:33
.
Pre-Run: 415,743,610,880 bytes free
Post-Run: 415,647,887,360 bytes free
.
- - End Of File - - 9FDAEA3F246EA0B4631732FCDCE26391
5FB38429D5D77768867C76DCBDB35194
 
========= End of CMD: =========
 
 
========================= File: C:\ComboFix.txt ========================
 
File not signed
MD5: 1619600AFAEE2F7ABD828144D0602C29
Creation and modification date: 2016-03-07 19:01 - 2016-03-07 19:01
Size: 0022847
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= Folder: C:\4a55987a36395f95992fb3 ========================
 
2015-12-02 13:18 - 2015-12-02 13:18 - 0301728 _____ () C:\4a55987a36395f95992fb3\MPSigStub.exe
 
====== End of Folder: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 09:55:27 ====
 
# AdwCleaner v5.101 - Logfile created 08/03/2016 at 10:07:07
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 8  (x64)
# Username : Ashtonmask - LISA
# Running from : C:\Users\Ashtonmask\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\DriverRestore
[-] Folder Deleted : C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e
[-] Folder Deleted : C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e
[-] Folder Deleted : C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfghdidiebdeeldgpnipfdhdeogdoeeb
[-] Folder Deleted : C:\Users\Ashtonmask\AppData\Roaming\UpdaterEX
[-] Folder Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfghdidiebdeeldgpnipfdhdeogdoeeb
[-] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfghdidiebdeeldgpnipfdhdeogdoeeb_0.localstorage
[-] File Deleted : C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_digitalmore-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Ashtonmask\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_digitalmore-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfghdidiebdeeldgpnipfdhdeogdoeeb_0.localstorage
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : DriverRestore_DailyScan
[-] Task Deleted : DriverRestore_ScheduledScan
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\b30cc2d5-ef71-e981-3f7f-1a9361228549
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82025773-B1B0-497B-B942-0171A2E42C3C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C6D49F4-6E41-4632-BE86-F210D5D894BA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E02C3DE-FDA9-4381-99E6-7ED76A518504}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A40DF53-EB22-49FE-9246-8084403424E7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5CF02202-6278-47EE-9947-C2D0A057EABD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{65BF611F-85CD-4E7F-966C-853573462C14}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87A125E5-B663-496F-954E-488A82FAC012}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AF9C44C-E497-4776-A7EF-F6455F982825}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
[-] Key Deleted : HKCU\Software\Compete
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\UpdaterEX
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKLM\SOFTWARE\DigitalMore
[-] Key Deleted : HKLM\SOFTWARE\ConsumerInput
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [8476 bytes] - [08/03/2016 10:07:07]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [8223 bytes] - [08/03/2016 10:04:11]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [8662 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 8 x64 
Ran by Ashtonmask (Administrator) on Tue 03/08/2016 at 10:17:01.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7152CC28-78B2-4022-B8AD-4F535DE3A83F} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/08/2016 at 10:24:52.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 08 March 2016 - 03:43 PM

Thanks.

Please do these things.

===================================================

Replacing Malwarebytes net.conf File

--------------------
  • Download net.conf and save it to your desktop
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CMD: copy /y C:\Users\User\Desktop\net.conf "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\net.conf"
CMD: copy /y C:\Users\User\Desktop\net.conf "C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\Configuration\net.conf"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Reboot your computer and attempt to run Malwarebytes
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista and above:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
windows.exe
:dir
C:\scs /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does Malwarebytes run properly?
  • Systemlook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 gsander

gsander
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 08 March 2016 - 06:37 PM

Gary

 

MBAB does not run yet.  

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:26 on 08/03/2016 by Ashtonmask
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "windows.exe"
C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\windows.exe --a---- 893752 bytes [16:57 07/03/2016] [15:48 05/10/2015] E9A75E4B409A01E52055CE7CCA7FF925
 
========== dir ==========
 
C:\scs - Parameters: "/s"
 
---Files---
EmsisoftAntiMalwareSetup.exe --a---- 222633488 bytes [15:46 07/03/2016] [15:47 07/03/2016]
mbam-setup-2.2.0.1024 (1).exe --a---- 22908888 bytes [01:18 07/03/2016] [01:15 07/03/2016]
mbam-setup-2.2.0.1024.exe.74p4029.partial --a---- 499712 bytes [01:15 07/03/2016] [01:16 07/03/2016]
mm.exe --a---- 307200 bytes [22:35 06/03/2016] [22:35 06/03/2016]
tdsskiller (5).exe --a---- 4727984 bytes [01:22 07/03/2016] [01:18 07/03/2016]
 
No folders found.
 
-= EOF =-


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 08 March 2016 - 08:40 PM

Did you get a fixlog.txt after running the fixlist?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 gsander

gsander
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 09 March 2016 - 12:20 AM

this is the fixlog.txt I have.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Ashtonmask (2016-03-08 15:12:19) Run:3
Running from C:\Users\Ashtonmask\Desktop
Loaded Profiles: Ashtonmask (Available Profiles: Lisa & Ashtonmask)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: copy /y C:\Users\Ashtonmask\Desktop\net.conf "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\net.conf"
CMD: copy /y C:\Users\Ashtonmask\Desktop\net.conf "C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\Configuration\net.conf"
 
 
 
 
*****************
 
 
=========  copy /y C:\Users\Ashtonmask\Desktop\net.conf "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\net.conf" =========
 
        1 file(s) copied.
 
========= End of CMD: =========
 
 
=========  copy /y C:\Users\Ashtonmask\Desktop\net.conf "C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\Configuration\net.conf" =========
 
        1 file(s) copied.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 09 March 2016 - 09:53 AM

Good morning.

Sometimes the file we replaced is the cause for MBAM to not work properly. Since that didn't help we are going to start fresh with MBAM. I see you have installed Revo Uninstaller. Please use that program to remove every trace of MBAM then reinstall it.

Let me know how that goes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 gsander

gsander
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 09 March 2016 - 10:13 AM

Gary,  I have uninstalled MBAM using Revo Uninstaller's most thorough option and rebooted.  I have not reinstalled yet.



#13 gsander

gsander
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 09 March 2016 - 04:43 PM

Gary

 

I went ahead and re-installed MBAM.  It works now.  It ran and found 26 PUPS.  MBAM not running is the main reason I thought there might be a problem.  Are you able to see any malware with what I have given you?

 

Thanks Greg



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 09 March 2016 - 05:06 PM

I wouldn't consider what we found malware, just junk. Toolbars, bad search pages, etc.

Let's do 2 final scans.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 gsander

gsander
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 11 March 2016 - 02:02 PM

Gary

 

My update is this.  After finally getting MBAM to launch I tried a reboot but it has not successfully rebooted since.  Automatic repair has been unsuccessful.  At one point, the srttrail.txt file pointed me to a driver acpi.sys as being corrupted.  I found another Win 8 machine and copied over through the recovery cmd prompt.  That did not help though.  So I have not been able to unable to run either the ESET OnlineScanner or the screen317's Security Check.   I am considering a 'refresh your PC'.  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users