Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Palikan hijacked my PC

This is a discussion on Palikan hijacked my PC within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I have somehow become the lucky recipient of Palikan. I do not frequent hinky sites so unsure what happened.


 
 
Thread Tools Search this Thread
Old 01-04-2016, 01:10 PM   #1
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



Hello,

I have somehow become the lucky recipient of Palikan. I do not frequent hinky sites so unsure what happened.

I have backed up my important pictures, etc. Nothing is working to remove this. Your help is much appreciated.

Thanks in advance!

Debbie
buckleysings is offline  
Sponsored Links
Advertisement
 
Old 01-05-2016, 12:39 PM   #2
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



Hello again, my daughter sent me to SpyHunter which found a bunch of crazy spyware junk and after 400 odd "infections" it wants 39$.

I will patiently wait for you because I trust you. You did a super job for me 5 years ago. TIA!! Have a great day.
buckleysings is offline  
Old 01-07-2016, 06:53 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

You mentioned SpyHunter. This application was previously listed as a rogue program because of deceptive advertising. Please read here

Although no longer listed as such, we recommend uninstalling it via Programs and Features in your Control Panel and downloading antispyware programs that have proven themselves tried and true. See here for a list of trustworthy antispyware products.

If you decide to uninstall it, also delete this Folder if it still exists:

C:\Program Files\Enigma Software Group

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 01-08-2016, 12:20 PM   #4
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7


Confused

# AdwCleaner v5.028 - Logfile created 08/01/2016 at 11:57:02
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Debbie - DEBBIE-PC
# Running from : C:\Users\Debbie\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Coupons
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Debbie\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\w8gvvxdf.default-1444924455249\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Folder Deleted : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\w8gvvxdf.default-1444924455249\Extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Folder Deleted : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\wtzy3yxs.default\StumbleUpon

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\r9fyxfby.default\searchplugins\safeguard-secure-search.xml
[-] File Deleted : C:\Windows\system32\lavasofttcpservice.dll

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506DDB16-455A-4746-AD77-D23228955FD3}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506DDB16-455A-4746-AD77-D23228955FD3}
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Web browsers ] *****

[-] [C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\r9fyxfby.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Palikan");
[-] [C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\w8gvvxdf.default-1444924455249\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Palikan");
[-] [C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\wtzy3yxs.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Palikan");
[-] [C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.palikan.com/?f=1&a=plk_fs_15_53&cd=2XzuyEtN2Y1L1QzutDtDtCtAyBtB0C0F0ByC0B0AtDyCtBtBtN0D0Tzu0StCyEyCtBtN1L2XzutAtFtCyDtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0CyCtCzyyDtDtCtGtAyCyEyBtG0FzytDtDtGtC0EyC0DtG0DyCyE0CyDtCtDzz0AtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytB0C0BtDtAyEtGyEtAtAzztGyEzy0B0DtGzyyE0AzztGtB0EzyzytBtAtBtBtByDyCyC2QtN0A0LzutB&cr=598472874&ir=
[-] [C:\Users\Debbie\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : palikan
[-] [C:\Users\Debbie\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.palikan.com/?f=1&a=plk_fs_15_53&cd=2XzuyEtN2Y1L1QzutDtDtCtAyBtB0C0F0ByC0B0AtDyCtBtBtN0D0Tzu0StCyEyCtBtN1L2XzutAtFtCyDtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0CyCtCzyyDtDtCtGtAyCyEyBtG0FzytDtDtGtC0EyC0DtG0DyCyE0CyDtCtDzz0AtCyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytB0C0BtDtAyEtGyEtAtAzztGyEzy0B0DtGzyyE0AzztGtB0EzyzytBtAtBtBtByDyCyC2QtN0A0LzutB&cr=598472874&ir=&uref=chmm

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4291 bytes] ##########



Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-01-2015
Ran by Debbie (2016-01-08 12:09:05)
Running from C:\Users\Debbie\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2013-08-31 22:41:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1643949197-402485047-784812611-500 - Administrator - Disabled) => C:\Users

\Administrator
Debbie (S-1-5-21-1643949197-402485047-784812611-1000 - Administrator - Enabled) => C:\Users\Debbie
Guest (S-1-5-21-1643949197-402485047-784812611-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs

should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe

Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.267 - Adobe Systems

Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems

Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM\...\avast) (Version: 11.1.2245 - AVAST Software)
Career Step Foot Pedal Software (remove only) (HKLM\...\PedalPlugin) (Version: - )
CPC Coding Exam Review 2011 (HKLM\...\CPC Coding Exam Review 2011) (Version: - Elsevier)
Dell System Detect (HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\9204f5692a8faf3b) (Version: 5.10.0.8

- Dell)
Dell System Detect Bootstrapper (HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\8e3135b376bd523e)

(Version: 5.1.0.41 - Dell)
Dropbox (HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Express Dictate Digital Dictation Software (HKLM\...\Express) (Version: 5.82 - NCH Software)
Express Scribe Transcription Software (HKLM\...\Scribe) (Version: 5.78 - NCH Software)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
ICD-10 ICD-9 Lookup (HKLM\...\{C2586C3D-ABF5-4CDB-B161-B34FEACA4F52}) (Version: 2.00.0000 - HSU Computing)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 -

Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 -

Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-

725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-

87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft

Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft

Corporation)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software

Foundation)
[email protected] (HKLM\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
SafeZone Stable 1.46.1990.139 (Version: 1.46.1990.139 - Avast Software) Hidden
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 -

Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 -

SAMSUNG Electronics Co., Ltd.)
SlimCleaner (HKLM\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Spotify (HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Spotify) (Version: 1.0.10.107.gd0dfca3a -

Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved

unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-

C0CE100EA736}\localserver32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-

C65623F8FD60}\localserver32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-

BDF35EF623CE}\localserver32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update

\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-

8CAFE29B3783}\localserver32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update

\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-

030F76771C77}\localserver32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update

\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-

38C7F139FADD}\localserver32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update

\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{DE9AD55E-D493-4FA0-9B3F-

E9CA5DB7EBD6}\InprocServer32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update\1.3.27.77\psuser.dll (Dropbox,

Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-

CCAB78F7711C}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-

C426E071637F}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-

6FB84ABA6FB1}\InprocServer32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update\1.3.27.77\psuser.dll (Dropbox,

Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved

unless listed separately.)

Task: {213034E3-5A4E-4931-8D71-B30724666117} - System32\Tasks\{5A6735C1-59FB-4DB6-AC48-8F738C986437} =>

pcalua.exe -a C:\Users\Debbie\Downloads\jxpiinstall(5).exe -d C:\Users\Debbie\Downloads
Task: {39D96784-D734-4709-83F7-24B5328A9887} - System32\Tasks\{37B5C1C2-FDAA-4658-B024-8DFA1D359F8D} =>

pcalua.exe -a C:\Users\Debbie\Downloads\aomwin200ea24us.exe -d C:\Users\Debbie\Downloads
Task: {4687FA92-80D2-4B4D-AF07-1FFB99E34A9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files

\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {48CC25F6-4A1B-41ED-98C5-65B283452B73} - System32\Tasks\SafeZone scheduled Autoupdate 1451940552 => C:

\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)
Task: {51FDD096-2AD6-409D-AEA3-BAA9619CE79A} - System32\Tasks\AVAST Software\Avast settings backup => C:

\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)
Task: {540C0CCD-E75B-4DD5-BE10-1171BB4E2CAA} - System32\Tasks\{DB4D4769-A04E-48E0-90A2-23777978DE85} =>

pcalua.exe -a C:\Users\Debbie\Downloads\aomwin200ea24us(2).exe -d C:\Users\Debbie\Downloads
Task: {5CE024B3-ABDB-46B1-B521-E8264D66DC7F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers

\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {6631C4FA-4B3D-48A5-AB5F-391F30A53E8B} - System32\Tasks\{32A75D36-341F-4813-8E8E-81B042C79E77} =>

pcalua.exe -a C:\Users\Debbie\Downloads\ip2600sosmwin100us.exe -d C:\Users\Debbie\Downloads
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform

\SvcRestartTask => start sppsvc
Task: {710651D4-1BFB-4FE8-A46E-048FDD463840} - System32\Tasks\{2BD093A8-40B1-4976-B723-0A3E1E7D59DA} =>

pcalua.exe -a C:\Users\Debbie\Downloads\aomwin200ea24us(1).exe -d C:\Users\Debbie\Downloads
Task: {748720FC-08F0-4A28-B06E-EBE2CD9EE95A} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner

\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {941F1736-5FF6-4CB6-8471-E3E99FC74F54} - System32\Tasks\avast! Emergency Update => C:\Program Files

\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-04] (AVAST Software)
Task: {98507D48-3762-48EB-A965-0A0F9DB9B169} - System32\Tasks\{BA272B8C-49EA-4053-AFBB-8362E11444C2} =>

pcalua.exe -a "C:\Users\Debbie\Downloads\Shockwave_Installer_Slim (3).exe" -d C:\Users\Debbie\Desktop
Task: {9FEC5581-7F97-44A1-9643-E414AC6AFAD5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-

402485047-784812611-1000Core => C:\Users\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-01-03]

(Dropbox, Inc.)
Task: {A653339B-A978-476B-B1F1-B708AA1871C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files

\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A658E824-FF7F-457C-822C-DCF053A1E6C7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-

402485047-784812611-1000UA => C:\Users\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-01-03]

(Dropbox, Inc.)
Task: {A858FD19-C1F0-4DFB-881B-10DA866E7E69} - System32\Tasks\Adobe Flash Player Updater => C:\Windows

\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-04] (Adobe Systems Incorporated)
Task: {C6E52420-2F4E-4CDD-8FF5-7C40BCAC6E1F} - System32\Tasks\{923CA2FE-DE87-4CD7-8E70-586A2C203BFC} => C:

\Program Files\OpenOffice 4\program\soffice.exe [2013-09-20] (Apache Software Foundation)
Task: {CFE5D468-90FA-4D7C-8381-C69424DE6BD6} - System32\Tasks\{155BCD72-3AF7-4859-B0B4-6D8F384C9D2A} =>

pcalua.exe -a C:\Users\Debbie\Downloads\aomwin200ea24us.exe -d C:\Users\Debbie\Downloads
Task: {D5CE4AE6-567B-4BD4-82E9-D6FC9009F5C9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers

\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config

upnphost start= auto
Task: {EEB19075-AF6E-45EA-ABCB-176F4FD40A13} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files

\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the

task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash

\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-402485047-784812611-1000Core.job => C:\Users

\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-402485047-784812611-1000UA.job => C:\Users

\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-04 12:40 - 2016-01-04 12:40 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-04 12:40 - 2016-01-04 12:40 - 00125512 _____ () C:\Program Files\AVAST Software\Avast

\JsonRpcServer.dll
2016-01-08 10:26 - 2016-01-08 10:26 - 02821120 _____ () C:\Program Files\AVAST Software\Avast\defs

\16010800\algo.dll
2016-01-04 12:40 - 2016-01-04 12:40 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-04 12:41 - 2016-01-04 12:41 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will

be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\$talisma_url$ -> hxxps://$talisma_url$
IE trusted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\geoguessr.com ->

hxxps://www.geoguessr.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\02pmnzy5eo29bfk4.com ->

02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\032439.com ->

80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\07ic5do2myz3vzpk.com ->

07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\08nigbmwk43i01y6.com ->

08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\093qpeuqpmz6ebfa.com ->

093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\1-britney-spears-nude.com -> 1-

britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\1-domains-registrations.com -> www.1

-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\1001movie.com -> 1001movie.com

There are 7678 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2015-11-19 20:48 - 00000002 ____N C:\Windows\system32\Drivers\etc\hosts



==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1643949197-402485047-784812611-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Debbie\Desktop

\Debbie Save\tigersnow.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0)

(ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved

unless listed separately.)

FirewallRules: [{D7AC3D34-8BDD-4450-AB9D-6ECB1178D3BF}] => (Allow) C:\Windows\Microsoft.NET\Framework

\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1E2355ED-0DC5-44DE-B669-F1A7AABA65C0}] => (Allow) C:\Program Files\Samsung\Samsung New PC

Studio\npsasvr.exe
FirewallRules: [{A40AD832-68CF-4F39-A1AD-2F7F79109705}] => (Allow) C:\Program Files\Samsung\Samsung New PC

Studio\npsasvr.exe
FirewallRules: [{A106FA68-1FA6-42D9-A289-FA729E6D395B}] => (Allow) C:\Program Files\Samsung\Samsung New PC

Studio\npsvsvr.exe
FirewallRules: [{BCA01DC1-C468-4785-9B63-BF4464DF522A}] => (Allow) C:\Program Files\Samsung\Samsung New PC

Studio\npsvsvr.exe
FirewallRules: [{6C34FDA4-B5AD-4B80-9C48-ABA4BD42698B}] => (Allow) C:\Program Files\Common Files\Apple\Apple

Application Support\WebKit2WebProcess.exe
FirewallRules: [{A169C3D4-A218-4EF5-905C-4BC16AF2E35C}] => (Allow) C:\Users\Debbie\AppData\Roaming\Spotify

\spotify.exe
FirewallRules: [{DC2254A0-EE10-401E-90A1-C6B2CB539139}] => (Allow) C:\Users\Debbie\AppData\Roaming\Spotify

\spotify.exe
FirewallRules: [{0365FC00-EDC0-45B3-B8E5-B7551FD46544}] => (Allow) C:\Users\Debbie\AppData\Roaming\Dropbox

\bin\Dropbox.exe
FirewallRules: [{C7EC4AC1-58EC-465B-B914-9ADA9FEF754B}] => (Allow) C:\Users\Debbie\AppData\Roaming\Dropbox

\bin\Dropbox.exe
FirewallRules: [TCP Query User{5D104A21-DF7D-458B-AC14-DEEC80ECD494}C:\users\debbie\appdata\roaming\dropbox

\bin\dropbox.exe] => (Block) C:\users\debbie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8FD98782-A673-4969-A3EF-0283E27AD3A2}C:\users\debbie\appdata\roaming\dropbox

\bin\dropbox.exe] => (Block) C:\users\debbie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{722BCBBE-050E-4602-87C2-A2F8A34F96BE}] => (Allow) C:\Program Files\Mozilla Firefox

\firefox.exe
FirewallRules: [{A447309F-8A32-4B25-87CF-558111FAD64A}] => (Allow) C:\Program Files\Mozilla Firefox

\firefox.exe
FirewallRules: [TCP Query User{B34888D6-3920-4C5A-85BC-FB06ACF577FA}C:\program files\mozilla firefox

\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1BDC56AA-79EC-4BA0-9A0F-8929CC7D068B}C:\program files\mozilla firefox

\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{F649CB4E-6C95-4173-90A0-85ACEDCE8892}] => (Allow) C:\Program Files\Mozilla Firefox

\firefox.exe
FirewallRules: [{4B0F4DE7-5A46-471F-B5BA-0A0744E1CC66}] => (Allow) C:\Program Files\Mozilla Firefox

\firefox.exe
FirewallRules: [{C8D647C4-C524-4869-8F7F-F401E76679F2}] => (Allow) C:\Program Files\Google\Chrome\Application

\chrome.exe
FirewallRules: [{6DCA4792-E97D-459E-9ADE-ED946FD4BEAF}] => (Allow) C:\Users\Debbie\AppData\Local\Chromium

\Application\chrome.exe
FirewallRules: [TCP Query User{5B240013-8F5F-4751-BC14-46711C16702E}C:\users\debbie\appdata\local\logmein

rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\debbie\appdata\local\logmein rescue applet

\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{0610C43C-186A-4D34-8454-12924E2F7D15}C:\users\debbie\appdata\local\logmein

rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\debbie\appdata\local\logmein rescue applet

\lmir0001.tmp\lmi_rescue.exe

==================== Restore Points =========================

03-01-2016 12:51:21 Removed Avira Browser Safety
04-01-2016 12:43:49 Device Driver Package Install: Avast Network Service
05-01-2016 09:51:52 Windows Update
05-01-2016 10:56:39 Removed RevTraxPrintMyCoupon
05-01-2016 10:58:46 Removed Windows Deployment Tools
05-01-2016 11:01:44 Removed Windows PE x86 x64
05-01-2016 11:03:59 Removed Windows PE x86 x64 wims
08-01-2016 10:31:06 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2016 04:59:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18124 stopped interacting with Windows and was closed.

To see if more information about the problem is available, check the problem history in the Action Center

control panel.

Process ID: 874

Start Time: 01d1481d29437a4f

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/04/2016 12:34:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18124 stopped interacting with Windows and was closed.

To see if more information about the problem is available, check the problem history in the Action Center

control panel.

Process ID: f04

Start Time: 01d1472f1808aeec

Termination Time: 8

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/03/2016 10:32:50 AM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation

period on volume C:\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed

successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow

copied. This is probably due to excessive activity on the volume by an application or a system service. Try

again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/03/2016 10:32:50 AM) (Source: VSS) (EventID: 12310) (User: )
Description: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out.
Error context: DeviceIoControl(\\?\Volume{ec2c7f39-128b-11e3-859f-806e6f6e6963} -

00000100,0x0053c010,0024E090,0,009C2D38,4096,[0]).


Operation:
Committing shadow copies

Context:
Execution Context: System Provider

Error: (01/02/2016 04:28:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 43.0.2.5833 stopped interacting with Windows and was closed. To

see if more information about the problem is available, check the problem history in the Action Center control

panel.

Process ID: 16c4

Start Time: 01d145bcfdf7765d

Termination Time: 31

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id:

Error: (01/02/2016 04:26:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program soffice.bin version 4.0.9714.500 stopped interacting with Windows and was closed. To

see if more information about the problem is available, check the problem history in the Action Center control

panel.

Process ID: 1114

Start Time: 01d145ba2d59951b

Termination Time: 15

Application Path: C:\Program Files\OpenOffice 4\program\soffice.bin

Report Id:

Error: (01/02/2016 11:54:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 43.0.2.5833 stopped interacting with Windows and was closed. To

see if more information about the problem is available, check the problem history in the Action Center control

panel.

Process ID: c6c

Start Time: 01d14583e838a10f

Termination Time: 359

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: a5fc4d5c-b18a-11e5-9160-001372cfb6ba

Error: (12/23/2015 10:10:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for

"Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0

.60610.1"1".
Dependent Assembly

Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.

60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/05/2015 07:50:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 42.0.0.5780 stopped interacting with Windows and was closed. To

see if more information about the problem is available, check the problem history in the Action Center control

panel.

Process ID: d94

Start Time: 01d12f87f7afbbaa

Termination Time: 5774

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id:

Error: (12/04/2015 01:05:40 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT :

0xc0041801) (0xc0041801)


System errors:
=============
Error: (01/08/2016 11:57:31 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the

unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/08/2016 11:57:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/08/2016 11:57:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/08/2016 11:57:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/08/2016 11:56:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (01/08/2016 11:56:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/08/2016 11:56:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/08/2016 11:56:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (01/08/2016 11:56:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/08/2016 12:59:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of memory in use: 53%
Total physical RAM: 2038.14 MB
Available physical RAM: 940.93 MB
Total Virtual: 4076.28 MB
Available Virtual: 2888.95 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.84 GB) (Free:84.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 4FC5E182)
Partition 1: (Active) - (Size=48 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
buckleysings is offline  
Old 01-08-2016, 12:28 PM   #5
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



Additional info if you need it - ran scan 2x it seems TY

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-01-2015
Ran by Debbie (administrator) on DEBBIE-PC (08-01-2016 12:07:27)
Running from C:\Users\Debbie\Downloads
Loaded Profiles: Debbie (Available Profiles: Debbie & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Spotify Ltd) C:\Users\Debbie\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-04] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Run: [Spotify Web Helper] => C:\Users\Debbie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-07-25] (Spotify Ltd)
HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Run: [Dropbox Update] => C:\Users\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-03] (Dropbox, Inc.)
HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-12-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1643949197-402485047-784812611-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-01-04] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{17BDB55B-5218-42BA-8D5D-CC19F0046C0D}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc228
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc228&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1643949197-402485047-784812611-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc228&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1643949197-402485047-784812611-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc228
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://search.yahoo.com/yhs/search?type=odc228&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1643949197-402485047-784812611-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://search.yahoo.com/yhs/search?type=odc228&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-25] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-21] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\wtzy3yxs.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://news.google.com/nwshp?hl=en&tab=wn
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yff24&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-02] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @careerstep.com/PedalPlugin,version=1.0.0.2 -> C:\Program Files\Career Step\Footpedal Plugin\nppedal.dll [2009-07-08] (Career Step LLC)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppedal.dll [2009-07-08] (Career Step LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-12-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-12-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-12-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-12-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-12-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PIEHid.dll [2008-05-13] (PI Engineering)
FF Extension: Avira Browser Safety - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\wtzy3yxs.default\Extensions\[email protected] [2016-01-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-04]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-11-27]
CHR Extension: (Avast Online Security) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2016-01-04] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2016-01-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2016-01-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2016-01-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [283584 2016-01-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2016-01-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2016-01-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2016-01-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436360 2016-01-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117712 2016-01-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2016-01-04] (AVAST Software)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-01-05] ()
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-01-08] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113904 2014-10-08] (Power Software Ltd)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [98560 2010-04-26] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14848 2010-04-26] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [123648 2010-04-26] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 12:07 - 2016-01-08 12:08 - 00015187 _____ C:\Users\Debbie\Downloads\FRST.txt
2016-01-08 12:06 - 2016-01-08 12:07 - 00000000 ____D C:\FRST
2016-01-08 12:05 - 2016-01-08 12:06 - 01721856 _____ (Farbar) C:\Users\Debbie\Downloads\FRST.exe
2016-01-08 11:48 - 2016-01-08 11:57 - 00000000 ____D C:\AdwCleaner
2016-01-08 11:46 - 2016-01-08 11:46 - 01749504 _____ C:\Users\Debbie\Downloads\AdwCleaner.exe
2016-01-08 11:31 - 2016-01-08 11:56 - 00002404 _____ C:\Users\Debbie\Desktop\TextSupportForum.txt
2016-01-08 11:30 - 2016-01-08 11:30 - 00000000 _____ C:\Users\Debbie\Desktop\New Text Document (4).txt
2016-01-07 10:35 - 2016-01-07 10:35 - 00051677 _____ C:\Users\Debbie\Downloads\16(2).pdf
2016-01-07 10:33 - 2016-01-07 10:33 - 00062603 _____ C:\Users\Debbie\Downloads\06 WD.pdf
2016-01-07 10:33 - 2016-01-07 10:33 - 00062603 _____ C:\Users\Debbie\Downloads\06 WD(1).pdf
2016-01-07 10:32 - 2016-01-07 10:32 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13(4).pdf
2016-01-07 10:31 - 2016-01-07 10:31 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13(3).pdf
2016-01-07 09:35 - 2016-01-07 09:35 - 00218145 _____ C:\Users\Debbie\Downloads\showitem.asp.htm
2016-01-07 09:32 - 2016-01-07 17:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-05 17:06 - 2016-01-06 00:31 - 00000000 ____D C:\SUPERDelete
2016-01-05 17:05 - 2016-01-05 17:05 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\SUPERAntiSpyware.com
2016-01-05 17:04 - 2016-01-05 17:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-05 17:04 - 2016-01-05 17:04 - 00001928 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-05 17:04 - 2016-01-05 17:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-05 17:04 - 2016-01-05 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-05 11:14 - 2016-01-05 17:12 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Enigma Software Group
2016-01-05 11:13 - 2016-01-05 11:13 - 00593064 _____ C:\Users\Debbie\Downloads\STOPzilla_ASM_RW65.exe
2016-01-05 11:12 - 2016-01-05 11:12 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-05 11:10 - 2016-01-05 11:11 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Debbie\Downloads\SpyHunter-Installer.exe
2016-01-04 12:49 - 2016-01-04 12:49 - 00001085 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-01-04 12:49 - 2016-01-04 12:49 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-01-04 12:45 - 2016-01-04 12:45 - 00001970 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-01-04 12:45 - 2016-01-04 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-04 12:42 - 2016-01-04 12:40 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-04 12:42 - 2016-01-04 12:40 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-01-04 12:40 - 2016-01-04 12:40 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-04 12:39 - 2016-01-04 12:39 - 00283584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2016-01-04 11:03 - 2016-01-04 11:04 - 00000000 ____D C:\Users\Debbie\Desktop\desk_top_items
2016-01-04 10:23 - 2016-01-08 11:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-03 12:19 - 2016-01-03 12:19 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-01-03 12:17 - 2016-01-08 11:22 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-402485047-784812611-1000UA.job
2016-01-03 12:17 - 2016-01-07 17:01 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-402485047-784812611-1000Core.job
2016-01-03 12:17 - 2016-01-03 12:17 - 00000000 ____D C:\Users\Debbie\AppData\Local\Dropbox
2016-01-03 12:17 - 2016-01-03 12:17 - 00000000 ____D C:\ProgramData\Dropbox
2016-01-03 11:10 - 2016-01-04 10:04 - 00000000 ____D C:\Users\Debbie\AppData\Local\FSDART
2016-01-03 11:09 - 2016-01-03 12:00 - 00000000 ____D C:\ProgramData\F-Secure
2016-01-03 11:09 - 2016-01-03 11:09 - 00000000 ____D C:\Users\Debbie\AppData\Local\F-Secure
2016-01-03 11:08 - 2016-01-03 11:09 - 00412712 _____ (F-Secure Corporation) C:\Users\Debbie\Downloads\CharterOnlineScanner.exe
2016-01-02 23:02 - 2016-01-04 10:04 - 00000000 ____D C:\Program Files\Avira
2016-01-02 23:01 - 2016-01-02 23:01 - 04600536 _____ (Avira Operations GmbH & Co. KG) C:\Users\Debbie\Downloads\avira_en_av___dlc.exe
2016-01-02 17:23 - 2016-01-02 17:23 - 00000046 _____ C:\Users\Debbie\AppData\Roaming\WB.CFG
2016-01-02 16:25 - 2016-01-02 16:25 - 00002263 _____ C:\Users\Debbie\Desktop\Chromium.lnk
2016-01-02 16:24 - 2016-01-02 16:25 - 00000000 ____D C:\Users\Debbie\AppData\Local\Chromium
2016-01-02 16:23 - 2016-01-02 23:31 - 00000000 ____D C:\Users\Debbie\AppData\Local\{EE9DD8C1-CA35-B479-A7AD-919183C56D09}
2016-01-02 16:23 - 2016-01-02 16:23 - 00000000 ____D C:\Program Files\Vitzo
2016-01-02 16:20 - 2016-01-02 16:20 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\SoftCDN
2016-01-02 16:18 - 2016-01-02 16:18 - 01984712 _____ C:\Users\Debbie\Downloads\FreeYouTubeDownloader.exe
2015-12-24 15:26 - 2015-12-24 15:26 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13(2).pdf
2015-12-23 23:49 - 2015-12-23 23:50 - 00032206 _____ C:\Users\Debbie\Downloads\cc_20151223_234954.reg
2015-12-23 11:41 - 2015-12-23 11:41 - 00998791 _____ C:\Users\Debbie\Downloads\LabelDownloadServlet(5)
2015-12-23 11:41 - 2015-12-23 11:41 - 00998791 _____ C:\Users\Debbie\Downloads\LabelDownloadServlet(4)
2015-12-23 11:39 - 2015-12-23 11:39 - 00998791 _____ C:\Users\Debbie\Downloads\LabelDownloadServlet(3)
2015-12-19 13:31 - 2015-12-19 13:31 - 01996827 _____ C:\Users\Debbie\Downloads\Label-359558644.pdf
2015-12-19 13:30 - 2015-12-19 13:30 - 01996846 _____ C:\Users\Debbie\Downloads\LabelDownloadServlet(2)
2015-12-19 13:29 - 2015-12-19 13:30 - 01996846 _____ C:\Users\Debbie\Downloads\LabelDownloadServlet(1)
2015-12-19 12:51 - 2015-12-19 12:51 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13(1).pdf
2015-12-19 11:16 - 2015-12-19 11:16 - 07222564 _____ C:\Users\Debbie\Downloads\Video_Zip_20150919_112126(1).mp4
2015-12-19 01:14 - 2015-12-19 01:14 - 00212602 _____ C:\Users\Debbie\Desktop\NSHE Excess_Credit_Fee_Appeal_Form_Page1(2).pdf
2015-12-18 21:18 - 2015-12-18 21:18 - 00211892 _____ C:\Users\Debbie\Downloads\NSHE Excess_Credit_Fee_Appeal_Form_Page1(2).pdf
2015-12-18 21:17 - 2015-12-18 21:17 - 00211892 _____ C:\Users\Debbie\Downloads\NSHE Excess_Credit_Fee_Appeal_Form_Page1(1).pdf
2015-12-18 21:13 - 2015-12-18 21:13 - 00099663 _____ C:\Users\Debbie\Downloads\NSHE Excess_Credit_Fee_Appeal_Form_Page2.pdf
2015-12-18 21:11 - 2015-12-18 21:11 - 00211892 _____ C:\Users\Debbie\Downloads\NSHE Excess_Credit_Fee_Appeal_Form_Page1.pdf
2015-12-18 19:00 - 2015-12-18 19:00 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13.pdf
2015-12-18 18:55 - 2015-12-18 18:55 - 00072859 _____ C:\Users\Debbie\Downloads\RAPID(4).pdf
2015-12-18 18:55 - 2015-12-18 18:55 - 00072859 _____ C:\Users\Debbie\Downloads\RAPID(3).pdf
2015-12-18 18:55 - 2015-12-18 18:55 - 00072859 _____ C:\Users\Debbie\Downloads\RAPID(2).pdf
2015-12-18 18:54 - 2015-12-18 18:54 - 00072859 _____ C:\Users\Debbie\Downloads\RAPID(1).pdf
2015-12-18 18:52 - 2015-12-18 18:52 - 00089941 _____ C:\Users\Debbie\Downloads\RAPID.pdf
2015-12-18 12:23 - 2015-12-18 12:23 - 00000000 ____D C:\Users\Debbie\Desktop\Kids
2015-12-17 15:12 - 2015-12-17 15:12 - 00391427 _____ C:\Users\Debbie\Downloads\Food Stamps Guide.pdf
2015-12-17 15:12 - 2015-12-17 15:12 - 00391427 _____ C:\Users\Debbie\Downloads\Food Stamps Guide(1).pdf
2015-12-17 13:48 - 2015-12-17 13:48 - 00227369 _____ C:\Users\Debbie\Downloads\FINAIndependentVerWS1516(2).pdf
2015-12-17 13:47 - 2015-12-17 13:47 - 00227369 _____ C:\Users\Debbie\Downloads\FINAIndependentVerWS1516.pdf
2015-12-17 13:47 - 2015-12-17 13:47 - 00227369 _____ C:\Users\Debbie\Downloads\FINAIndependentVerWS1516(1).pdf
2015-12-17 13:01 - 2015-12-17 13:01 - 00163710 _____ C:\Users\Debbie\Desktop\EKG _Technician_Spring 141.pdf
2015-12-17 13:01 - 2015-12-17 13:01 - 00163704 _____ C:\Users\Debbie\Documents\EKG _Technician_Spring 141.pdf
2015-12-17 12:58 - 2015-12-17 12:58 - 00163706 _____ C:\Users\Debbie\Downloads\EKG _Technician_Spring 141.pdf
2015-12-17 10:06 - 2015-12-17 10:07 - 01299869 _____ C:\Users\Debbie\Downloads\Attachments_20151217(1).zip
2015-12-17 10:06 - 2015-12-17 10:06 - 01299869 _____ C:\Users\Debbie\Downloads\Attachments_20151217.zip
2015-12-15 13:15 - 2015-12-15 13:15 - 00110860 _____ C:\Users\Debbie\Downloads\Invoice152840016169.Pdf
2015-12-15 11:38 - 2015-12-15 11:41 - 08732853 _____ C:\Users\Debbie\Downloads\Video_Zip_20151130_142916(1).mp4
2015-12-11 16:24 - 2015-12-11 16:25 - 00297937 _____ C:\Users\Debbie\Downloads\ACCTPymtPlan.pdf
2015-12-11 11:22 - 2015-12-11 11:22 - 08732853 _____ C:\Users\Debbie\Downloads\Video_Zip_20151130_142916.mp4
2015-12-11 11:17 - 2015-12-11 11:17 - 01899695 _____ C:\Users\Debbie\Downloads\Video_Zip_20151130_150320.mp4
2015-12-11 11:14 - 2015-12-11 11:14 - 02919129 _____ C:\Users\Debbie\Downloads\Video_Zip_20151130_150959.mp4
2015-12-11 11:11 - 2015-12-11 11:11 - 03749588 _____ C:\Users\Debbie\Downloads\Video_Zip_20151130_155213.mp4
2015-12-11 10:13 - 2015-12-11 10:13 - 00121737 _____ C:\Users\Debbie\Documents\AetnaDental2016.pdf
2015-12-11 10:12 - 2015-12-11 10:12 - 00234069 _____ C:\Users\Debbie\Downloads\RealId_Card(3).pdf
2015-12-11 10:11 - 2015-12-11 10:11 - 00234069 _____ C:\Users\Debbie\Downloads\RealId_Card.pdf
2015-12-11 10:11 - 2015-12-11 10:11 - 00234069 _____ C:\Users\Debbie\Downloads\RealId_Card(2).pdf
2015-12-11 10:11 - 2015-12-11 10:11 - 00234069 _____ C:\Users\Debbie\Downloads\RealId_Card(1).pdf
2015-12-09 10:56 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 10:56 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 10:56 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 10:56 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 10:56 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 10:56 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 10:56 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 10:56 - 2015-11-09 16:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 10:56 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 10:56 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 10:56 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 10:56 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 10:56 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 10:56 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 10:56 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 10:56 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 10:56 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 10:56 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 10:56 - 2015-11-09 16:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 10:56 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 10:56 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 10:56 - 2015-11-09 15:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 10:56 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 10:56 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 10:56 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 10:56 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 10:56 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 10:56 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 10:56 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 10:56 - 2015-11-09 15:36 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 10:56 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 10:56 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 10:56 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 10:56 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 12:06 - 2009-07-13 18:37 - 00000000 ____D C:\Windows
2016-01-08 11:59 - 2013-10-07 11:53 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-08 11:59 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-08 11:13 - 2013-10-07 11:53 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-08 10:34 - 2014-07-12 10:50 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-08 10:33 - 2009-07-13 20:34 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-08 10:33 - 2009-07-13 20:34 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-08 10:23 - 2013-09-20 21:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-07 17:00 - 2013-09-25 00:48 - 00000000 ____D C:\Program Files\SlimCleaner
2016-01-05 17:18 - 2014-07-12 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-05 17:18 - 2014-07-12 10:49 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-05 17:18 - 2013-09-20 12:27 - 00001027 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-04 12:45 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-01-04 12:42 - 2015-11-21 10:10 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-01-04 12:42 - 2013-09-20 15:32 - 00436360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-04 12:42 - 2013-09-19 11:45 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-04 12:41 - 2015-11-21 10:10 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-04 12:41 - 2015-11-21 10:10 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-04 12:41 - 2014-08-22 09:49 - 00117712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-04 12:41 - 2013-09-20 15:35 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-04 12:41 - 2013-09-20 15:35 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-04 12:40 - 2015-11-21 10:10 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-04 12:39 - 2013-09-19 11:45 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-04 12:16 - 2014-08-23 10:16 - 00000000 ___RD C:\Users\Debbie\Dropbox
2016-01-04 11:10 - 2014-08-23 10:13 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Dropbox
2016-01-04 10:23 - 2013-09-18 10:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-04 10:23 - 2013-09-18 10:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-02 16:28 - 2013-09-17 15:29 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\vlc
2016-01-02 09:55 - 2013-08-31 14:38 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-24 23:19 - 2014-08-09 15:17 - 00001283 _____ C:\Users\Debbie\Desktop\New Text Document (8).txt
2015-12-23 23:48 - 2013-11-08 19:26 - 00000000 ____D C:\Windows\Minidump
2015-12-18 20:51 - 2015-03-07 17:46 - 00000000 ____D C:\Users\Debbie\AppData\Local\Free YouTube Downloader
2015-12-18 01:17 - 2015-04-04 22:37 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-15 14:26 - 2013-09-17 15:31 - 00000000 ____D C:\Users\Debbie\AppData\Local\ElevatedDiagnostics
2015-12-09 10:32 - 2009-07-13 20:33 - 00286472 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 00:39 - 2014-12-13 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 00:38 - 2013-12-24 01:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 00:36 - 2013-09-17 21:46 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 00:30 - 2013-09-17 21:46 - 137798368 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-02-15 16:01 - 2014-02-15 16:01 - 49940480 _____ () C:\Program Files\GUTF7FC.tmp
2013-10-11 12:59 - 2013-10-11 12:59 - 0003726 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-09-17 17:57 - 2013-09-17 17:57 - 0889416 _____ (Microsoft Corporation) C:\Users\Debbie\AppData\Roaming\dotNetFx40_Full_setup.exe
2016-01-02 17:23 - 2016-01-02 17:23 - 0000046 _____ () C:\Users\Debbie\AppData\Roaming\WB.CFG
2014-02-28 02:25 - 2014-02-28 02:25 - 0000017 _____ () C:\Users\Debbie\AppData\Local\resmon.resmoncfg

Files to move or delete:
====================
C:\Users\Debbie\jagex_runescape_preferences.dat


Some files in TEMP:
====================
C:\Users\Debbie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-01 21:42

==================== End of FRST.txt ============================
buckleysings is offline  
Old 01-08-2016, 01:10 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Debbie.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up your files - Windows Help

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

SlimCleaner

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {748720FC-08F0-4A28-B06E-EBE2CD9EE95A} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
    HKLM\...\Run: [NPSStartup] => [X]
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-01-05] ()
    2016-01-05 11:14 - 2016-01-05 17:12 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Enigma Software Group
    2016-01-05 11:13 - 2016-01-05 11:13 - 00593064 _____ C:\Users\Debbie\Downloads\STOPzilla_ASM_RW65.exe
    2016-01-05 11:12 - 2016-01-05 11:12 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-01-05 11:10 - 2016-01-05 11:11 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Debbie\Downloads\SpyHunter-Installer.exe
    C:\Users\Debbie\jagex_runescape_preferences.dat
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-09-2016, 01:00 PM   #7
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



Hello, I backed up Windows 7 to CD.

I have gotten lost here please - know how to save as fixlist.txt as below but the "next to FRST.exe" has me stymied please:

Save it as fixlist.txt next to FRST.exe
If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Thank you for your patience.
buckleysings is offline  
Old 01-09-2016, 01:19 PM   #8
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



PS - I have used Youtubedownloader for a long time without issues and downloaded it from CNET thinking it was safe. I may have made a huge mistake - my apologies, thanks again.
buckleysings is offline  
Old 01-09-2016, 11:37 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You saved FRST to Downloads instead of your desktop.

You have to have both fixlist.txt and FRST in the same folder or it won't work.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-13-2016, 01:39 AM   #10
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



Thank you, I will re-do it. Got caught up with work, thanks for your patience.
buckleysings is offline  
Old 01-13-2016, 01:18 PM   #11
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-01-2015 01
Ran by Debbie (administrator) on DEBBIE-PC (13-01-2016 13:09:31)
Running from C:\Users\Debbie\Downloads
Loaded Profiles: Debbie (Available Profiles: Debbie & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Spotify Ltd) C:\Users\Debbie\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Debbie\Downloads\FRST(2).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Run: [Spotify Web Helper] => C:\Users\Debbie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-07-25] (Spotify Ltd)
HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Run: [Dropbox Update] => C:\Users\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-03] (Dropbox, Inc.)
HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-12-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1643949197-402485047-784812611-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{17BDB55B-5218-42BA-8D5D-CC19F0046C0D}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc228
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc228&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1643949197-402485047-784812611-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc228&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1643949197-402485047-784812611-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc228
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://search.yahoo.com/yhs/search?type=odc228&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1643949197-402485047-784812611-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://search.yahoo.com/yhs/search?type=odc228&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\wtzy3yxs.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Palikan
FF Homepage: hxxps://news.google.com/nwshp?hl=en&tab=wn
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yff24&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-02] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @careerstep.com/PedalPlugin,version=1.0.0.2 -> C:\Program Files\Career Step\Footpedal Plugin\nppedal.dll [2009-07-08] (Career Step LLC)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppedal.dll [2009-07-08] (Career Step LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-12-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-12-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-12-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-12-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-12-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PIEHid.dll [2008-05-13] (PI Engineering)
FF Extension: Avira Browser Safety - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\wtzy3yxs.default\Extensions\[email protected] [2016-01-02]

Chrome:
=======
CHR Profile: C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-11-27]
CHR Extension: (Avast Online Security) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-01-05] ()
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-01-13] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113904 2014-10-08] (Power Software Ltd)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [98560 2010-04-26] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14848 2010-04-26] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [123648 2010-04-26] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-13 13:08 - 2016-01-13 13:08 - 01721856 _____ (Farbar) C:\Users\Debbie\Downloads\FRST(2).exe
2016-01-13 12:47 - 2016-01-13 12:47 - 01721856 _____ (Farbar) C:\Users\Debbie\Downloads\FRST.exe
2016-01-13 12:47 - 2016-01-13 12:47 - 00021181 _____ C:\Windows\system32\servers.def.lkg
2016-01-13 12:47 - 2016-01-13 12:47 - 00021181 _____ C:\Windows\system32\servers.def
2016-01-13 12:47 - 2016-01-13 12:47 - 00002585 _____ C:\Windows\system32\servers.def.vpx
2016-01-13 12:47 - 2016-01-13 12:47 - 00002488 _____ C:\Windows\system32\uat.vpx
2016-01-13 12:47 - 2016-01-13 12:47 - 00000726 _____ C:\Windows\system32\.tmp
2016-01-13 12:47 - 2016-01-13 12:47 - 00000451 _____ C:\Windows\system32\prod-vps.vpx
2016-01-13 12:47 - 2016-01-13 12:47 - 00000446 _____ C:\Windows\system32\prod-pgm.vpx
2016-01-13 12:20 - 2016-01-13 12:20 - 01754112 _____ C:\Users\Debbie\Downloads\AdwCleaner (1).exe
2016-01-13 12:14 - 2016-01-13 12:15 - 02370560 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64.exe
2016-01-13 12:06 - 2016-01-13 12:06 - 00001653 _____ C:\Users\Debbie\Desktop\willbs.txt
2016-01-13 12:03 - 2016-01-13 12:03 - 01754112 _____ C:\Users\Debbie\Downloads\AdwCleaner.exe
2016-01-13 01:40 - 2016-01-13 01:48 - 00034558 _____ C:\Users\Debbie\Desktop\FRST.txt
2016-01-13 01:40 - 2016-01-13 01:48 - 00032458 _____ C:\Users\Debbie\Desktop\Addition.txt
2016-01-13 01:40 - 2016-01-13 01:40 - 00000786 _____ C:\Users\Debbie\Desktop\tmcc3.txt
2016-01-12 11:42 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-12 11:42 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 11:42 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 11:42 - 2015-12-12 09:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-12 11:42 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 11:42 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-12 11:42 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-12 11:42 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 11:42 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-12 11:42 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 11:42 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 11:42 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-12 11:42 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 11:42 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 11:42 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-12 11:42 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-12 11:42 - 2015-12-12 09:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-12 11:42 - 2015-12-12 09:22 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-12 11:42 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 11:42 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-12 11:42 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-12 11:42 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 11:42 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 11:42 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 11:42 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-12 11:42 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-12 11:42 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 11:42 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 11:42 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-12 11:42 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 11:42 - 2015-12-12 09:00 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-12 11:42 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 11:42 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 11:42 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 11:41 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-12 11:41 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 11:41 - 2015-12-30 10:47 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 11:41 - 2015-12-30 10:47 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-12 11:41 - 2015-12-30 10:44 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 11:41 - 2015-12-30 10:41 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-12 11:41 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-12 11:41 - 2015-12-30 10:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-12 11:41 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-12 11:41 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-12 11:41 - 2015-12-30 10:40 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-12 11:41 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 11:41 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-12 11:41 - 2015-12-30 10:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 11:41 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-12 11:41 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 11:41 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-12 11:41 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-12 11:41 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-12 11:41 - 2015-12-30 10:38 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-12 11:41 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-12 11:41 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-12 11:41 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-12 11:41 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-12 11:41 - 2015-12-30 09:38 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-12 11:41 - 2015-12-30 09:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-12 11:41 - 2015-12-30 09:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 11:41 - 2015-12-30 09:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 11:41 - 2015-12-30 09:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-12 11:41 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-12 11:41 - 2015-12-30 09:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-12 11:41 - 2015-12-30 09:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-12 11:41 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 11:41 - 2015-11-16 16:45 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 11:41 - 2015-11-16 16:42 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 11:41 - 2015-11-16 16:42 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 11:41 - 2015-11-16 16:42 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 11:41 - 2015-11-16 16:42 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 11:41 - 2015-11-16 16:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 11:40 - 2015-12-11 10:35 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 11:40 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 11:40 - 2015-12-08 13:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 11:40 - 2015-12-08 13:00 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-12 11:40 - 2015-11-16 12:12 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-12 11:40 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-12 11:40 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-12 11:40 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-12 11:39 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-12 11:39 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 11:39 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 11:39 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 11:39 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 11:39 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 11:39 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-12 11:39 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 11:39 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 11:39 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 11:39 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 11:39 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 11:39 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-12 11:39 - 2015-12-08 13:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 11:39 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 11:39 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 11:39 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 11:39 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 11:39 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 11:39 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 11:39 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 11:39 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 11:39 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-12 11:39 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-12 11:39 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-12 11:39 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-12 11:39 - 2015-12-08 13:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-12 11:39 - 2015-12-08 13:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-12 11:39 - 2015-12-08 13:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-12 11:38 - 2016-01-12 11:38 - 01721856 _____ (Farbar) C:\Users\Debbie\Downloads\FRST(1).exe
2016-01-12 11:34 - 2016-01-12 11:35 - 00001212 _____ C:\Users\Debbie\Desktop\FRST.exefixlist.txt
2016-01-12 11:31 - 2016-01-13 12:35 - 00001212 _____ C:\Users\Debbie\Desktop\fixlist.txt
2016-01-11 11:11 - 2016-01-11 11:11 - 00110861 _____ C:\Users\Debbie\Downloads\Invoice160100015512.Pdf
2016-01-10 12:16 - 2016-01-10 12:16 - 00018862 _____ C:\Users\Debbie\Downloads\MyDataDownload.txt
2016-01-10 12:14 - 2016-01-10 12:14 - 01358935 _____ C:\Users\Debbie\Downloads\federal-grant-programs.pdf
2016-01-10 12:14 - 2016-01-10 12:14 - 01358935 _____ C:\Users\Debbie\Downloads\federal-grant-programs(1).pdf
2016-01-09 12:52 - 2016-01-12 11:26 - 00001212 _____ C:\Users\Debbie\Documents\fixlist.txt
2016-01-09 11:22 - 2016-01-04 12:42 - 00436360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA7B1.tmp
2016-01-09 11:22 - 2016-01-04 12:42 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA233.tmp
2016-01-09 11:22 - 2016-01-04 12:41 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA9D4.tmp
2016-01-09 11:22 - 2016-01-04 12:41 - 00117712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAC45.tmp
2016-01-09 11:22 - 2016-01-04 12:41 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9D41.tmp
2016-01-09 11:22 - 2016-01-04 12:41 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA4D3.tmp
2016-01-09 11:22 - 2016-01-04 12:41 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9FB2.tmp
2016-01-09 11:22 - 2016-01-04 12:40 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\asw99A8.tmp
2016-01-09 11:22 - 2016-01-04 12:40 - 00026096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9766.tmp
2016-01-09 11:04 - 2016-01-09 11:15 - 00000000 ____D C:\Users\Debbie\AppData\Local\PlutoTV
2016-01-09 11:03 - 2016-01-09 11:19 - 00000000 ____D C:\Program Files\Pluto TV
2016-01-08 15:57 - 2016-01-08 15:57 - 00065713 _____ C:\Users\Debbie\Downloads\01(4).pdf
2016-01-08 15:57 - 2016-01-08 15:57 - 00065713 _____ C:\Users\Debbie\Downloads\01(3).pdf
2016-01-08 15:57 - 2016-01-08 15:57 - 00065713 _____ C:\Users\Debbie\Downloads\01(2).pdf
2016-01-08 15:56 - 2016-01-08 15:56 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13(6).pdf
2016-01-08 15:53 - 2016-01-08 15:53 - 00072859 _____ C:\Users\Debbie\Downloads\RAPID(6).pdf
2016-01-08 15:52 - 2016-01-08 15:52 - 00089941 _____ C:\Users\Debbie\Downloads\RAPID(5).pdf
2016-01-08 15:50 - 2016-01-08 15:50 - 00065713 _____ C:\Users\Debbie\Downloads\01(1).pdf
2016-01-08 15:49 - 2016-01-08 15:49 - 00065713 _____ C:\Users\Debbie\Downloads\01.pdf
2016-01-08 15:48 - 2016-01-08 15:48 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13(5).pdf
2016-01-08 14:26 - 2016-01-08 14:26 - 00306962 _____ C:\Users\Debbie\Downloads\PDF Documents_CSA Employment APP(1).pdf
2016-01-08 14:10 - 2016-01-08 14:10 - 01206593 _____ C:\Users\Debbie\Downloads\CIFamilyApplication_EnglishV1.pdf
2016-01-08 14:09 - 2016-01-08 14:09 - 00306962 _____ C:\Users\Debbie\Downloads\PDF Documents_CSA Employment APP.pdf
2016-01-08 13:54 - 2016-01-08 13:54 - 00163706 _____ C:\Users\Debbie\Downloads\EKG _Technician_Spring 141(1).pdf
2016-01-08 12:15 - 2016-01-09 00:33 - 00000120 _____ C:\Users\Debbie\Desktop\FBAR2.txt
2016-01-08 12:09 - 2016-01-13 13:04 - 00016110 _____ C:\Users\Debbie\Downloads\Addition.txt
2016-01-08 12:07 - 2016-01-13 13:11 - 00012857 _____ C:\Users\Debbie\Downloads\FRST.txt
2016-01-08 12:06 - 2016-01-13 13:08 - 00000000 ____D C:\FRST
2016-01-08 11:48 - 2016-01-13 12:04 - 00000000 ____D C:\AdwCleaner
2016-01-08 11:31 - 2016-01-08 11:56 - 00002404 _____ C:\Users\Debbie\Desktop\TextSupportForum.txt
2016-01-08 11:30 - 2016-01-09 00:35 - 00034820 _____ C:\Users\Debbie\Desktop\New Text Document (4).txt
2016-01-07 10:35 - 2016-01-07 10:35 - 00051677 _____ C:\Users\Debbie\Downloads\16(2).pdf
2016-01-07 10:33 - 2016-01-07 10:33 - 00062603 _____ C:\Users\Debbie\Downloads\06 WD.pdf
2016-01-07 10:33 - 2016-01-07 10:33 - 00062603 _____ C:\Users\Debbie\Downloads\06 WD(1).pdf
2016-01-07 10:32 - 2016-01-07 10:32 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13(4).pdf
2016-01-07 10:31 - 2016-01-07 10:31 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13(3).pdf
2016-01-07 09:35 - 2016-01-07 09:35 - 00218145 _____ C:\Users\Debbie\Downloads\showitem.asp.htm
2016-01-07 09:32 - 2016-01-07 17:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-05 17:06 - 2016-01-06 00:31 - 00000000 ____D C:\SUPERDelete
2016-01-05 17:05 - 2016-01-05 17:05 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\SUPERAntiSpyware.com
2016-01-05 17:04 - 2016-01-09 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-05 17:04 - 2016-01-05 17:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-05 17:04 - 2016-01-05 17:04 - 00001928 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-05 17:04 - 2016-01-05 17:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-05 11:14 - 2016-01-05 17:12 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Enigma Software Group
2016-01-05 11:13 - 2016-01-05 11:13 - 00593064 _____ C:\Users\Debbie\Downloads\STOPzilla_ASM_RW65.exe
2016-01-05 11:12 - 2016-01-05 11:12 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-05 11:10 - 2016-01-05 11:11 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Debbie\Downloads\SpyHunter-Installer.exe
2016-01-04 11:03 - 2016-01-04 11:04 - 00000000 ____D C:\Users\Debbie\Desktop\desk_top_items
2016-01-04 10:23 - 2016-01-13 12:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-03 12:19 - 2016-01-09 11:19 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-01-03 12:17 - 2016-01-13 12:22 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-402485047-784812611-1000UA.job
2016-01-03 12:17 - 2016-01-13 12:22 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-402485047-784812611-1000Core.job
2016-01-03 12:17 - 2016-01-03 12:17 - 00000000 ____D C:\Users\Debbie\AppData\Local\Dropbox
2016-01-03 12:17 - 2016-01-03 12:17 - 00000000 ____D C:\ProgramData\Dropbox
2016-01-03 11:10 - 2016-01-04 10:04 - 00000000 ____D C:\Users\Debbie\AppData\Local\FSDART
2016-01-03 11:09 - 2016-01-03 12:00 - 00000000 ____D C:\ProgramData\F-Secure
2016-01-03 11:09 - 2016-01-03 11:09 - 00000000 ____D C:\Users\Debbie\AppData\Local\F-Secure
2016-01-03 11:08 - 2016-01-03 11:09 - 00412712 _____ (F-Secure Corporation) C:\Users\Debbie\Downloads\CharterOnlineScanner.exe
2016-01-02 23:02 - 2016-01-04 10:04 - 00000000 ____D C:\Program Files\Avira
2016-01-02 23:01 - 2016-01-02 23:01 - 04600536 _____ (Avira Operations GmbH & Co. KG) C:\Users\Debbie\Downloads\avira_en_av___dlc.exe
2016-01-02 17:23 - 2016-01-02 17:23 - 00000046 _____ C:\Users\Debbie\AppData\Roaming\WB.CFG
2016-01-02 16:25 - 2016-01-09 11:19 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
2016-01-02 16:24 - 2016-01-02 16:25 - 00000000 ____D C:\Users\Debbie\AppData\Local\Chromium
2016-01-02 16:23 - 2016-01-02 23:31 - 00000000 ____D C:\Users\Debbie\AppData\Local\{EE9DD8C1-CA35-B479-A7AD-919183C56D09}
2016-01-02 16:23 - 2016-01-02 16:23 - 00000000 ____D C:\Program Files\Vitzo
2016-01-02 16:20 - 2016-01-02 16:20 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\SoftCDN
2016-01-02 16:18 - 2016-01-02 16:18 - 01984712 _____ C:\Users\Debbie\Downloads\FreeYouTubeDownloader.exe
2015-12-24 15:26 - 2015-12-24 15:26 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13(2).pdf
2015-12-23 23:49 - 2015-12-23 23:50 - 00032206 _____ C:\Users\Debbie\Downloads\cc_20151223_234954.reg
2015-12-23 11:41 - 2015-12-23 11:41 - 00998791 _____ C:\Users\Debbie\Downloads\LabelDownloadServlet(5)
2015-12-23 11:41 - 2015-12-23 11:41 - 00998791 _____ C:\Users\Debbie\Downloads\LabelDownloadServlet(4)
2015-12-23 11:39 - 2015-12-23 11:39 - 00998791 _____ C:\Users\Debbie\Downloads\LabelDownloadServlet(3)
2015-12-19 13:31 - 2015-12-19 13:31 - 01996827 _____ C:\Users\Debbie\Downloads\Label-359558644.pdf
2015-12-19 13:30 - 2015-12-19 13:30 - 01996846 _____ C:\Users\Debbie\Downloads\LabelDownloadServlet(2)
2015-12-19 13:29 - 2015-12-19 13:30 - 01996846 _____ C:\Users\Debbie\Downloads\LabelDownloadServlet(1)
2015-12-19 12:51 - 2015-12-19 12:51 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13(1).pdf
2015-12-19 11:16 - 2015-12-19 11:16 - 07222564 _____ C:\Users\Debbie\Downloads\Video_Zip_20150919_112126(1).mp4
2015-12-19 01:14 - 2015-12-19 01:14 - 00212602 _____ C:\Users\Debbie\Desktop\NSHE Excess_Credit_Fee_Appeal_Form_Page1(2).pdf
2015-12-18 21:18 - 2015-12-18 21:18 - 00211892 _____ C:\Users\Debbie\Downloads\NSHE Excess_Credit_Fee_Appeal_Form_Page1(2).pdf
2015-12-18 21:17 - 2015-12-18 21:17 - 00211892 _____ C:\Users\Debbie\Downloads\NSHE Excess_Credit_Fee_Appeal_Form_Page1(1).pdf
2015-12-18 21:13 - 2015-12-18 21:13 - 00099663 _____ C:\Users\Debbie\Downloads\NSHE Excess_Credit_Fee_Appeal_Form_Page2.pdf
2015-12-18 21:11 - 2015-12-18 21:11 - 00211892 _____ C:\Users\Debbie\Downloads\NSHE Excess_Credit_Fee_Appeal_Form_Page1.pdf
2015-12-18 19:00 - 2015-12-18 19:00 - 02738001 _____ C:\Users\Debbie\Downloads\RTCSYSMAP8-13.pdf
2015-12-18 18:55 - 2015-12-18 18:55 - 00072859 _____ C:\Users\Debbie\Downloads\RAPID(4).pdf
2015-12-18 18:55 - 2015-12-18 18:55 - 00072859 _____ C:\Users\Debbie\Downloads\RAPID(3).pdf
2015-12-18 18:55 - 2015-12-18 18:55 - 00072859 _____ C:\Users\Debbie\Downloads\RAPID(2).pdf
2015-12-18 18:54 - 2015-12-18 18:54 - 00072859 _____ C:\Users\Debbie\Downloads\RAPID(1).pdf
2015-12-18 18:52 - 2015-12-18 18:52 - 00089941 _____ C:\Users\Debbie\Downloads\RAPID.pdf
2015-12-18 12:23 - 2015-12-18 12:23 - 00000000 ____D C:\Users\Debbie\Desktop\Kids
2015-12-17 15:12 - 2015-12-17 15:12 - 00391427 _____ C:\Users\Debbie\Downloads\Food Stamps Guide.pdf
2015-12-17 15:12 - 2015-12-17 15:12 - 00391427 _____ C:\Users\Debbie\Downloads\Food Stamps Guide(1).pdf
2015-12-17 13:48 - 2015-12-17 13:48 - 00227369 _____ C:\Users\Debbie\Downloads\FINAIndependentVerWS1516(2).pdf
2015-12-17 13:47 - 2015-12-17 13:47 - 00227369 _____ C:\Users\Debbie\Downloads\FINAIndependentVerWS1516.pdf
2015-12-17 13:47 - 2015-12-17 13:47 - 00227369 _____ C:\Users\Debbie\Downloads\FINAIndependentVerWS1516(1).pdf
2015-12-17 13:01 - 2015-12-17 13:01 - 00163710 _____ C:\Users\Debbie\Desktop\EKG _Technician_Spring 141.pdf
2015-12-17 13:01 - 2015-12-17 13:01 - 00163704 _____ C:\Users\Debbie\Documents\EKG _Technician_Spring 141.pdf
2015-12-17 12:58 - 2015-12-17 12:58 - 00163706 _____ C:\Users\Debbie\Downloads\EKG _Technician_Spring 141.pdf
2015-12-17 10:06 - 2015-12-17 10:07 - 01299869 _____ C:\Users\Debbie\Downloads\Attachments_20151217(1).zip
2015-12-17 10:06 - 2015-12-17 10:06 - 01299869 _____ C:\Users\Debbie\Downloads\Attachments_20151217.zip
2015-12-15 13:15 - 2015-12-15 13:15 - 00110860 _____ C:\Users\Debbie\Downloads\Invoice152840016169.Pdf
2015-12-15 11:38 - 2015-12-15 11:41 - 08732853 _____ C:\Users\Debbie\Downloads\Video_Zip_20151130_142916(1).mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-13 13:05 - 2013-10-07 11:53 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-13 13:05 - 2013-09-19 11:45 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-13 13:05 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-13 13:04 - 2009-07-13 18:37 - 00000000 ____D C:\Windows
2016-01-13 12:44 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-01-13 12:37 - 2014-07-12 10:50 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-13 12:37 - 2009-07-13 20:34 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-13 12:37 - 2009-07-13 20:34 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-13 12:13 - 2013-10-07 11:53 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-13 09:53 - 2013-08-31 14:38 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-13 09:47 - 2009-07-13 20:33 - 00286472 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 09:44 - 2014-12-11 10:14 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 09:44 - 2014-05-07 09:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 09:41 - 2013-12-24 01:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 02:06 - 2014-12-13 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 02:03 - 2013-09-17 21:46 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 01:51 - 2013-09-17 21:46 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 01:40 - 2014-08-09 15:17 - 00002243 _____ C:\Users\Debbie\Desktop\New Text Document (8).txt
2016-01-12 15:54 - 2015-07-11 10:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-09 12:51 - 2013-09-25 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
2016-01-09 12:18 - 2013-09-06 20:49 - 00000000 ____D C:\Users\Administrator
2016-01-09 11:31 - 2013-08-31 14:41 - 00000000 ____D C:\Users\Debbie
2016-01-09 11:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2016-01-09 11:19 - 2015-03-07 17:46 - 00000000 ____D C:\Users\Debbie\AppData\Local\Free YouTube Downloader
2016-01-08 14:15 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-08 10:23 - 2013-09-20 21:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-07 17:00 - 2013-09-25 00:48 - 00000000 ____D C:\Program Files\SlimCleaner
2016-01-05 17:18 - 2014-07-12 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-05 17:18 - 2014-07-12 10:49 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-05 17:18 - 2013-09-20 12:27 - 00001027 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-04 12:16 - 2014-08-23 10:16 - 00000000 ___RD C:\Users\Debbie\Dropbox
2016-01-04 11:10 - 2014-08-23 10:13 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Dropbox
2016-01-04 10:23 - 2013-09-18 10:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-04 10:23 - 2013-09-18 10:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-02 16:28 - 2013-09-17 15:29 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\vlc
2015-12-23 23:48 - 2013-11-08 19:26 - 00000000 ____D C:\Windows\Minidump
2015-12-18 01:17 - 2015-04-04 22:37 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-15 14:26 - 2013-09-17 15:31 - 00000000 ____D C:\Users\Debbie\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2014-02-15 16:01 - 2014-02-15 16:01 - 49940480 _____ () C:\Program Files\GUTF7FC.tmp
2013-10-11 12:59 - 2013-10-11 12:59 - 0003726 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-09-17 17:57 - 2013-09-17 17:57 - 0889416 _____ (Microsoft Corporation) C:\Users\Debbie\AppData\Roaming\dotNetFx40_Full_setup.exe
2016-01-02 17:23 - 2016-01-02 17:23 - 0000046 _____ () C:\Users\Debbie\AppData\Roaming\WB.CFG
2014-02-28 02:25 - 2014-02-28 02:25 - 0000017 _____ () C:\Users\Debbie\AppData\Local\resmon.resmoncfg

Files to move or delete:
====================
C:\Users\Debbie\jagex_runescape_preferences.dat


Some files in TEMP:
====================
C:\Users\Debbie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-12 13:26

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Debbie (2016-01-13 13:12:45)
Running from C:\Users\Debbie\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2013-08-31 22:41:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1643949197-402485047-784812611-500 - Administrator - Disabled) => C:\Users\Administrator
Debbie (S-1-5-21-1643949197-402485047-784812611-1000 - Administrator - Enabled) => C:\Users\Debbie
Guest (S-1-5-21-1643949197-402485047-784812611-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Career Step Foot Pedal Software (remove only) (HKLM\...\PedalPlugin) (Version: - )
CPC Coding Exam Review 2011 (HKLM\...\CPC Coding Exam Review 2011) (Version: - Elsevier)
Dell System Detect (HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell System Detect Bootstrapper (HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\8e3135b376bd523e) (Version: 5.1.0.41 - Dell)
Dropbox (HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Express Dictate Digital Dictation Software (HKLM\...\Express) (Version: 5.82 - NCH Software)
Express Scribe Transcription Software (HKLM\...\Scribe) (Version: 5.78 - NCH Software)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
ICD-10 ICD-9 Lookup (HKLM\...\{C2586C3D-ABF5-4CDB-B161-B34FEACA4F52}) (Version: 2.00.0000 - HSU Computing)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
[email protected] (HKLM\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
SlimCleaner (HKLM\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Spotify (HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{DE9AD55E-D493-4FA0-9B3F-E9CA5DB7EBD6}\InprocServer32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update\1.3.27.77\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1643949197-402485047-784812611-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Debbie\AppData\Local\Dropbox\Update\1.3.27.77\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {213034E3-5A4E-4931-8D71-B30724666117} - System32\Tasks\{5A6735C1-59FB-4DB6-AC48-8F738C986437} => pcalua.exe -a C:\Users\Debbie\Downloads\jxpiinstall(5).exe -d C:\Users\Debbie\Downloads
Task: {39D96784-D734-4709-83F7-24B5328A9887} - System32\Tasks\{37B5C1C2-FDAA-4658-B024-8DFA1D359F8D} => pcalua.exe -a C:\Users\Debbie\Downloads\aomwin200ea24us.exe -d C:\Users\Debbie\Downloads
Task: {4687FA92-80D2-4B4D-AF07-1FFB99E34A9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {51FDD096-2AD6-409D-AEA3-BAA9619CE79A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)
Task: {540C0CCD-E75B-4DD5-BE10-1171BB4E2CAA} - System32\Tasks\{DB4D4769-A04E-48E0-90A2-23777978DE85} => pcalua.exe -a C:\Users\Debbie\Downloads\aomwin200ea24us(2).exe -d C:\Users\Debbie\Downloads
Task: {6631C4FA-4B3D-48A5-AB5F-391F30A53E8B} - System32\Tasks\{32A75D36-341F-4813-8E8E-81B042C79E77} => pcalua.exe -a C:\Users\Debbie\Downloads\ip2600sosmwin100us.exe -d C:\Users\Debbie\Downloads
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {6C1ACFD0-6D96-4889-9464-6D6078ADFE77} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {6D79020C-C1BF-4FB8-B9DC-F5DBDF2CE27E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {710651D4-1BFB-4FE8-A46E-048FDD463840} - System32\Tasks\{2BD093A8-40B1-4976-B723-0A3E1E7D59DA} => pcalua.exe -a C:\Users\Debbie\Downloads\aomwin200ea24us(1).exe -d C:\Users\Debbie\Downloads
Task: {748720FC-08F0-4A28-B06E-EBE2CD9EE95A} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {98507D48-3762-48EB-A965-0A0F9DB9B169} - System32\Tasks\{BA272B8C-49EA-4053-AFBB-8362E11444C2} => pcalua.exe -a "C:\Users\Debbie\Downloads\Shockwave_Installer_Slim (3).exe" -d C:\Users\Debbie\Desktop
Task: {9FEC5581-7F97-44A1-9643-E414AC6AFAD5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-402485047-784812611-1000Core => C:\Users\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-01-03] (Dropbox, Inc.)
Task: {A653339B-A978-476B-B1F1-B708AA1871C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A658E824-FF7F-457C-822C-DCF053A1E6C7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-402485047-784812611-1000UA => C:\Users\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-01-03] (Dropbox, Inc.)
Task: {A858FD19-C1F0-4DFB-881B-10DA866E7E69} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-04] (Adobe Systems Incorporated)
Task: {C6E52420-2F4E-4CDD-8FF5-7C40BCAC6E1F} - System32\Tasks\{923CA2FE-DE87-4CD7-8E70-586A2C203BFC} => C:\Program Files\OpenOffice 4\program\soffice.exe [2013-09-20] (Apache Software Foundation)
Task: {CFE5D468-90FA-4D7C-8381-C69424DE6BD6} - System32\Tasks\{155BCD72-3AF7-4859-B0B4-6D8F384C9D2A} => pcalua.exe -a C:\Users\Debbie\Downloads\aomwin200ea24us.exe -d C:\Users\Debbie\Downloads
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {FB641934-5DB1-4360-8B19-82C413F9FA9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-402485047-784812611-1000Core.job => C:\Users\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1643949197-402485047-784812611-1000UA.job => C:\Users\Debbie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\$talisma_url$ -> hxxps://$talisma_url$
IE trusted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\geoguessr.com -> hxxps://www.geoguessr.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\1-domains-registrations.com -> 1 Domains Technology Blog |
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1643949197-402485047-784812611-1000\...\1001movie.com -> 1001movie.com

There are 7678 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2015-11-19 20:48 - 00000002 ____N C:\Windows\system32\Drivers\etc\hosts



==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1643949197-402485047-784812611-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Debbie\Desktop\Debbie Save\tigersnow.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D7AC3D34-8BDD-4450-AB9D-6ECB1178D3BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1E2355ED-0DC5-44DE-B669-F1A7AABA65C0}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{A40AD832-68CF-4F39-A1AD-2F7F79109705}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{A106FA68-1FA6-42D9-A289-FA729E6D395B}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{BCA01DC1-C468-4785-9B63-BF4464DF522A}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{6C34FDA4-B5AD-4B80-9C48-ABA4BD42698B}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{A169C3D4-A218-4EF5-905C-4BC16AF2E35C}] => (Allow) C:\Users\Debbie\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{DC2254A0-EE10-401E-90A1-C6B2CB539139}] => (Allow) C:\Users\Debbie\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{0365FC00-EDC0-45B3-B8E5-B7551FD46544}] => (Allow) C:\Users\Debbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C7EC4AC1-58EC-465B-B914-9ADA9FEF754B}] => (Allow) C:\Users\Debbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5D104A21-DF7D-458B-AC14-DEEC80ECD494}C:\users\debbie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\debbie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8FD98782-A673-4969-A3EF-0283E27AD3A2}C:\users\debbie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\debbie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{722BCBBE-050E-4602-87C2-A2F8A34F96BE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A447309F-8A32-4B25-87CF-558111FAD64A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B34888D6-3920-4C5A-85BC-FB06ACF577FA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1BDC56AA-79EC-4BA0-9A0F-8929CC7D068B}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{F649CB4E-6C95-4173-90A0-85ACEDCE8892}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4B0F4DE7-5A46-471F-B5BA-0A0744E1CC66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C8D647C4-C524-4869-8F7F-F401E76679F2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{6DCA4792-E97D-459E-9ADE-ED946FD4BEAF}] => (Allow) C:\Users\Debbie\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{5B240013-8F5F-4751-BC14-46711C16702E}C:\users\debbie\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\debbie\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{0610C43C-186A-4D34-8454-12924E2F7D15}C:\users\debbie\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\debbie\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe

==================== Restore Points =========================

08-01-2016 10:31:06 Windows Update
09-01-2016 11:04:26 Uniblue PC Mechanic installation
09-01-2016 11:14:36 Restore Operation
09-01-2016 11:23:17 Device Driver Package Install: Avast Network Service
09-01-2016 11:27:49 Restore Operation
09-01-2016 11:40:17 Device Driver Package Install: Avast Network Service
10-01-2016 00:31:12 Windows Update
13-01-2016 01:49:39 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2016 12:05:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 5.0.2.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 544

Start Time: 01d14e3d86cc7785

Termination Time: 16

Application Path: C:\Users\Debbie\Downloads\AdwCleaner.exe

Report Id:

Error: (01/10/2016 11:34:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fd8

Start Time: 01d14bddd8ea5042

Termination Time: 43

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/09/2016 01:15:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16e4

Start Time: 01d14b22b920e376

Termination Time: 400

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/09/2016 01:14:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15a4

Start Time: 01d14b19cf389ba3

Termination Time: 306

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/09/2016 12:15:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d8

Start Time: 01d14b1a4ec10cd0

Termination Time: 357

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (01/09/2016 11:34:19 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Device Driver Package Install: Avast Network Service). Additional information: 0xc0000022.

Error: (01/09/2016 11:27:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Avast! Firewall Driver.

System Error:
The system cannot find the file specified.
.

Error: (01/09/2016 11:26:06 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000022.

Error: (01/09/2016 11:04:20 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {768c5102-d7af-47fb-9635-f097d094a2a3}

Error: (01/05/2016 04:59:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 874

Start Time: 01d1481d29437a4f

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:


System errors:
=============
Error: (01/13/2016 12:47:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%2

Error: (01/13/2016 12:26:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056

Error: (01/13/2016 12:24:50 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/13/2016 12:24:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/13/2016 12:24:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/13/2016 12:24:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (01/13/2016 12:24:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/13/2016 12:24:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/13/2016 12:24:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/13/2016 12:24:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of memory in use: 66%
Total physical RAM: 2038.14 MB
Available physical RAM: 690.17 MB
Total Virtual: 4076.28 MB
Available Virtual: 2906.73 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.84 GB) (Free:89.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 4FC5E182)
Partition 1: (Active) - (Size=48 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
buckleysings is offline  
Old 01-14-2016, 08:28 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Debbie. Any reason you have not yet uninstalled SpyHunter or SlimCleaner?

------------------------------------------------------

It appears you ran another FRST scan, and not the fix.

Please do the following:

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /a/f/q "C:\Users\Debbie\Desktop\FRST.exefixlist.txt"

A DOS window will open and close again, this is normal.

Repeat for the following:

cmd /c del /a/f/q "C:\Users\Debbie\Desktop\fixlist.txt"

cmd /c del /a/f/q "C:\Users\Debbie\Documents\fixlist.txt"

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {748720FC-08F0-4A28-B06E-EBE2CD9EE95A} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
    HKLM\...\Run: [NPSStartup] => [X]
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF SelectedSearchEngine: Palikan
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-01-05] ()
    2016-01-05 11:14 - 2016-01-05 17:12 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Enigma Software Group
    2016-01-05 11:13 - 2016-01-05 11:13 - 00593064 _____ C:\Users\Debbie\Downloads\STOPzilla_ASM_RW65.exe
    2016-01-05 11:12 - 2016-01-05 11:12 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-01-05 11:10 - 2016-01-05 11:11 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Debbie\Downloads\SpyHunter-Installer.exe
    C:\Users\Debbie\jagex_runescape_preferences.dat
    2016-01-09 12:51 - 2013-09-25 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
    2016-01-07 17:00 - 2013-09-25 00:48 - 00000000 ____D C:\Program Files\SlimCleaner
    C:\Program Files\Enigma Software Group
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-14-2016, 02:38 PM   #13
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



Hi Chemist,

I have uninstalled SpyHunter and SlimCleaner.

I also performed the three "cmd" orders.

This portion below is what I am stymied by: Save it as fixlist.txt next to FRST.exe

Do I save these in notepad as a file called fixlist.txtFRST.exe? I am not understanding "next to" portion.

Many thanks, enjoy your day!

*OT - RIP Alan Rickman and David Bowie, many great memories!
buckleysings is offline  
Old 01-14-2016, 05:47 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. If FRST.exe is on your desktop, you have to create fixlist.txt using Notepad, and save it to your desktop also, so they are in the same location. Then run FRST again, but choose the Fix button instead of the Scan button.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-21-2016, 11:23 AM   #15
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



Hi Chemist,

I finally now understand and ran the program as directed. It ran perfectly scrolling along and rebooted.

I will check back to see next step if any needed. Again, thank you for your sage help. :)
buckleysings is offline  
Old 01-22-2016, 12:00 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



I need to see the resulting log produced by FRST.

Fixlog.txt is located in the same location(directory) as FRST.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-22-2016, 02:27 PM   #17
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



Hope this is correct! Thank you!


Fix result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Debbie (2016-01-21 11:08:15) Run:2
Running from C:\Users\Debbie\Desktop
Loaded Profiles: Debbie (Available Profiles: Debbie & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {748720FC-08F0-4A28-B06E-EBE2CD9EE95A} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SelectedSearchEngine: Palikan
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-01-05] ()
2016-01-05 11:14 - 2016-01-05 17:12 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Enigma Software Group
2016-01-05 11:13 - 2016-01-05 11:13 - 00593064 _____ C:\Users\Debbie\Downloads\STOPzilla_ASM_RW65.exe
2016-01-05 11:12 - 2016-01-05 11:12 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-05 11:10 - 2016-01-05 11:11 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Debbie\Downloads\SpyHunter-Installer.exe
C:\Users\Debbie\jagex_runescape_preferences.dat
2016-01-09 12:51 - 2013-09-25 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
2016-01-07 17:00 - 2013-09-25 00:48 - 00000000 ____D C:\Program Files\SlimCleaner
C:\Program Files\Enigma Software Group
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{748720FC-08F0-4A28-B06E-EBE2CD9EE95A} => key not found.
C:\Windows\System32\Tasks\SlimCleaner Run => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Run => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
Firefox SelectedSearchEngine removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully.
EsgScanner => service removed successfully.
C:\Users\Debbie\AppData\Roaming\Enigma Software Group => moved successfully
C:\Users\Debbie\Downloads\STOPzilla_ASM_RW65.exe => moved successfully
C:\Windows\system32\Drivers\EsgScanner.sys => moved successfully
C:\Users\Debbie\Downloads\SpyHunter-Installer.exe => moved successfully
C:\Users\Debbie\jagex_runescape_preferences.dat => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner" => not found.
C:\Program Files\SlimCleaner => moved successfully
"C:\Program Files\Enigma Software Group" => not found.
EmptyTemp: => 6.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:11:03 ====
buckleysings is offline  
Old 01-22-2016, 06:22 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Debbie. How is the machine behaving?

------------------------------------------------------

Your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts > Change User Account Control settings and set it back to Always Notify.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Your Java is out of date.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-26-2016, 11:26 AM   #19
Registered Member
 
Join Date: Jun 2009
Posts: 32
OS: Windows7



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/25/2016
Scan Time: 12:43 PM
Logfile: malware012516.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.25.04
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Debbie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348637
Time Elapsed: 24 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




C:\AdwCleaner\Quarantine\C\Program Files\Coupons\uninstall.exe.vir a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Windows\system32\lavasofttcpservice.dll.vir a variant of Win32/Packed.Komodia.A suspicious application cleaned by deleting
C:\Users\Debbie\AppData\Roaming\How Inc\E4039A86493F461EA7D40C106A37EE37\safer-browser_20150114.exe a variant of Win32/Distromatic.C potentially unwanted application deleted
C:\Users\Debbie\Documents\Downloads\CouponPrinter(2).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Debbie\Documents\Downloads\couponprinter(5).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Debbie\Documents\Downloads\essetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted
C:\Users\Debbie\Downloads\CouponPrinter (1).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Debbie\Downloads\CouponPrinter(1).exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Debbie\Downloads\couponprinter.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
buckleysings is offline  
Old 01-27-2016, 12:21 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Debbie. You didn't answer my question. How is the machine behaving?

The first few ESET finds have already been quarantined by AdwCleaner. Those will get deleted when we uninstall those tools.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Debbie\Documents\Downloads\CouponPrinter(2).exe"
"C:\Users\Debbie\Documents\Downloads\couponprinter(5).exe"
"C:\Users\Debbie\Documents\Downloads\essetup.exe"
"C:\Users\Debbie\Downloads\CouponPrinter (1).exe"
"C:\Users\Debbie\Downloads\CouponPrinter(1).exe"
"C:\Users\Debbie\Downloads\couponprinter.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\Users\Debbie\AppData\Roaming\How Inc"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cloud syncing services give hackers a covert way to control hijacked computers
Cloud syncing services give hackers a covert way to control hijacked computers | PCWorld
JMH3143 Computer Security News 0 08-10-2015 08:31 PM
Unused IP Addresses Are Hijacked by Spammers Through Technical Loophole
Unused IP Addresses Are Hijacked by Spammers Through Technical Loophole - Softpedia
JMH3143 Computer Security News 0 11-15-2014 01:28 PM
my browser has been hijacked
My browsers have been hijacked by v9 I am sorry but I am a bit of a door stop on this sort of thing. My IE, Google Chrome and Mozilla firefox have been hijacked first by "My Search LLC" and now by v9 and a Lavasoft search engine keeps poping up. I disabled the EGIS extensions (which seemed to...
ian worthington Resolved HJT Threads 66 09-23-2013 04:45 AM
Hijacked :/
Help, how do I fix this problem? I got hijacked, lucklily only hard drive C is hijacked and I'm able to acess the computer normally. I've manually fix task manager and cmd, but is unable to open any maps from hard drive C and not able to see hard drive C on My Computer. I can access C by using...
sdfsdf Resolved HJT Threads 2 10-13-2011 01:46 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:33 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts