Redirect virus, cant find the remnant

So I was stupid and went to the wrong site to download an app after I had to roll back my computer after a botched update and ended up with a virus. is slipped right by avast, but avast caught what it tried to do after, which was hook up to the web to download malware. Avast blocked the site, which alerted me to the problem, so I ran visus scan. nothing. So I download Malwarebytes, it finds lots, such as ebon, dealz, some coupon thing…adware stuff, still get warnings. I run Spybot search and destroy and Adaware, nothing. Run superantispyware, it finds cassiope and kills it. In between all these runs I have restarted a few times and run boot scans with avast, which did find some things and removed them. now the programs are finding nothing, but I continue to get warnings. So i cannot find the last remnants of this little @&^&^$. Now I present to you my hijack this log, and hope you can help me. I think I see part if not all the problem on lines 17, I just dont know what to do about it.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:30:38 PM, on 7/21/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 39.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE
C:\Users\John\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM..\Run: [DropboxOEM] “C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe” auto
O4 - HKLM..\Run: [AvastUI.exe] “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
O4 - HKLM..\Run: [SDTray] “C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”
O4 - HKLM..\Run: [Dropbox] “C:\Program Files (x86)\Dropbox\Client\Dropbox.exe” /systemstartup
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
O4 - HKLM..\Run: [FUFAXRCV] “C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe”
O4 - HKLM..\Run: [FUFAXSTM] “C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe”
O4 - HKLM..\Run: [EEventManager] “C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe”
O4 - HKCU..\Run: [GarminExpressTrayApp] “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
O4 - HKCU..\Run: [CCleaner Monitoring] “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE /EPT “EPLTarget\P0000000000000000” /M “WF-2650 Series”
O4 - HKUS\S-1-5-21-1794764493-683880017-4121268264-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [GarminExpressTrayApp] “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘?’)
O4 - HKUS\S-1-5-21-1794764493-683880017-4121268264-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [CCleaner Monitoring] “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR (User ‘?’)
O4 - HKUS\S-1-5-21-1794764493-683880017-4121268264-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User ‘?’)
O4 - HKUS\S-1-5-21-1794764493-683880017-4121268264-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE /EPT “EPLTarget\P0000000000000000” /M “WF-2650 Series” (User ‘?’)
O4 - S-1-5-21-1794764493-683880017-4121268264-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk = ? (User ‘?’)
O4 - Startup: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: iSyncr.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra ‘Tools’ menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = browserupdatecheck.in
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = browserupdatecheck.in
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Arc\ArcService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @oem66.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
O23 - Service: Dell Data Services - Dell - C:\Program Files\Dell\Dell Data Services\DDSSvc.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
O23 - Service: Dell Product Registration Manager (DellProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(06) (EPSON_PM_RPCV4_06) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service (Intel(R) ME Service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe
O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Dell Learning Center - Unknown owner - C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


End of file - 16880 bytes

Download the attached file and rename it tcpip.reg. Please log on as an administrator account if you are not one now and then right click on the file; select MERGE from the context menu. Reboot your machine and see if the problem persists.

Next, follow the instructions listed here and attach the four log files for review.
https://forum.avast.com/index.php?topic=14433.0

Next, follow the instructions listed here and attach the four log files for review. https://forum.avast.com/index.php?topic=14433.0
I think @dbrisendine gave you the wrong link, should be this https://forum.avast.com/index.php?topic=53253.0

and attach the logs, not copy and paste

Thank you Pondus; the mouse was quicker than the brain in this case. :o ::slight_smile:

Thank you both! It looks like that did it, as I have had no more alerts that anything is trying to connect. Based on my logs,looks like I have a lot of stuff wrong, which sucks as this is a new computer, but its better than that annoying repeated blocker. I know just enough to be dangerous to my computer so trying to fix all that is likely beyond me. here are the 4 logs as requested, hopefully there is nothing more to do, but if so, just let me know what it is and how to do it and I will be on it.

The choice to do this is yours BUT do not do the Fixlist without doing the uninstalls first.

FIRST >>>>
You have too many anti-malware programs installed; this really lowers your protection as the programs start to interfere with each other and make all their jobs harder. Avast Pro and Malwarebytes Antimalware is all you should really need installed.

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Ad-Aware Antivirus
Spybot - Search & Destroy
SpywareBlaster 5.2
SUPERAntiSpyware

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. Because these are scanners and anti-malware type programs, it would be best if you rebooted your system after each program’s uninstall.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt


Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1794764493-683880017-4121268264-1002\...\RunOnce: [RemoveTresoritTemp] => C:\Users\John\AppData\Local\RemoveTresoritTemp.exe [8704 2015-07-21] () <===== ATTENTION
C:\Users\John\AppData\Local\RemoveTresoritTemp.exe
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk [2015-05-29]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\bin\HPStatusBL.dll (No File)
C:\Program Files\HP\HP Deskjet 3510 series\bin\HPStatusBL.dll
BootExecute: autocheck autochk * sdnclean64.exeaswBoot.exe /A:"* " /L:"1033" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:1 /wow /dir:"C:\Program Files\AVAST Software\Avast"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1794764493-683880017-4121268264-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-1794764493-683880017-4121268264-1001] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1794764493-683880017-4121268264-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-1794764493-683880017-4121268264-1002 -> {3FABF82D-6A1C-4014-8B7E-7DEA68A1035F} URL = 
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-07-18] (Lavasoft Limited)
CMD: netsh winsock reset
CHR HKU\S-1-5-21-1794764493-683880017-4121268264-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eeafbffkmccheohnooflcnppngmobeoe] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1794764493-683880017-4121268264-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ellbonkjdmgdghkojcjmomekmjpdffde] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1794764493-683880017-4121268264-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fllgpcmelbfhcligbphaaplminjpbiad] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1794764493-683880017-4121268264-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpjocjloojeicikiokfiekcdpojgfefc] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1794764493-683880017-4121268264-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmnkgjdfgnjhmnopgmkcpigenfhgajdj] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1794764493-683880017-4121268264-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfbhfniohjdklgcmbmemnpaimpdaikea] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1794764493-683880017-4121268264-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [manaobgbdfpjjjnheogfghmjbikhjnlf] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1794764493-683880017-4121268264-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oaobejgaaiojgggjojlcpbembaoajbmc] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eeafbffkmccheohnooflcnppngmobeoe] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ellbonkjdmgdghkojcjmomekmjpdffde] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fllgpcmelbfhcligbphaaplminjpbiad] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hpjocjloojeicikiokfiekcdpojgfefc] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmnkgjdfgnjhmnopgmkcpigenfhgajdj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfbhfniohjdklgcmbmemnpaimpdaikea] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [manaobgbdfpjjjnheogfghmjbikhjnlf] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oaobejgaaiojgggjojlcpbembaoajbmc] - https://clients2.google.com/service/update2/crx
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe [716664 2015-06-24] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08] (Lavasoft Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
2015-07-19 22:24 - 2015-07-21 19:24 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
C:\Program Files\SUPERAntiSpyware
C:\Program Files\Lavasoft
C:\Windows\System32\DRIVERS\Trufos.sys
C:\Users\John\AppData\Local\RemoveTresoritTemp.exe
C:\ProgramData\10xIVl.dat
Task: {30DCF4B8-75DF-4743-8DEB-90B08EA2CEBA} - System32\Tasks\Winupdate => chp.exe <==== ATTENTION
Task: {703099D7-9D14-43DA-8F09-7646304C8056} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8F484DBA-E85E-4980-84F0-3DF8D7742965} - System32\Tasks\EssentialUpdateMachine => chp.exe <==== ATTENTION
Task: {BF99681C-45FD-40AB-BA66-3C1816222213} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1794764493-683880017-4121268264-1002
Task: {C1E2D816-9331-4029-ACC5-38A73A83175F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D13AF678-2617-4428-A9CE-C1CB8657C66D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
C:\Program Files (x86)\Spybot - Search & Destroy 2
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting “Run as Administrator…” and press the Fix button just once and wait.

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/Press%20the%20FIX%20button_zpsdd5zi3mt.png

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

LAST >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v4111_zpsn56hzjza.png

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don’t want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this

http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.

here are the new logs, everything still seems to be running well.

If the system is running to your satisfaction, lets’ remove our tools and let you on your way.

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[
]Activate UAC
[]Create registry backup
[
]Purge system restore
[*]Reset system settings

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

The Link to Delfix doesn’t seem to be working, shouldn’t I just be able to uninstall them?

Edit: I found this link to it on bleepingcomputers: http://www.bleepingcomputer.com/download/delfix/dl/281/

I should have noted before, after each of the previous fixes I got a blue screen, but I seem to be running fine.

Thanks for the notification about the link change; I have corrected my replies to reflect the correct URL to DelFix. If you ran the program, you would realize that it does a lot more than just remove the tools from the end user’s system.

Unless you need some other assistance, please attach the DelFix.txt log here for review. Thanks.

I forgot to save the log, thought a copy would be saved on my desktop as before.

its back now :o , less frequent, but still there. The remnant I mean.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

[*]Right click the FRST file on your desktop and select “Run as Administrator…” (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]If an update is available, the program will inform you and download the update. Allow it do this please.
[*]Once the tool shows “The tool is ready to use.” message, please press the Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and attach log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also attach that along with the FRST.txt into your reply.

Here they are. I realized that the arc interface had a browser that might have gotten infected by the bug, so I uninstalled it earlier and reinstalled it. Have had any problems since, but it took a while for them to pop back up so who knows.

Not seeing anything wrong per se but what are you synchronizing with all the cloud storage? Is it two way ( actively PC ↔ Cloud ) or just archived type ( manual PC → Cloud and only retrieving what you want when you want it )?

The tresorit is synchronizing, the rest is just archive type. I have a few for convenience. lets say I have had issues with hardware failures in the past that leave me paranoid about ensuring I can get to my data.

I might have gotten it by un/reinstalling Arc. Again, thank you got all your help, I will download delfix again and go from there, remembering to save this time.

The ARC software seems questionable (at best) when I researched it. If you can play their games without using this “all-in-one” console / tracking application, I would say uninstall it and play without the adware.

You should be able to run the reg merge again and lose the search popup. I would definitely check what Tresorit is doing especially as one of the left over routines from it was flagged by my scanners.

Interesting. I wouldn’t think it would be a problem, just a very nice encrypted cloud storage, but not well known enough to be spoofed. Maybe a false positive?