View Full Version : SmitFraud infection (possible others)

2016-08-05, 18:23
I am helping my sister in law with this infection as I have used this forum in the past to remove a Virtumonde infection. Thank you in advance for your help in this matter. My sister in law contacted me about a screen that popped up on her computer that stated " Warning your system might be infected with the adware_pop.exe computer virus. As suck your internet banking info..." etc, etc. It advised her to call a tech support number to help in removing the virus. When they offered to help her for $499 she hung up and called me.

We ran Malware bytes - nothing showed up, but when we ran Spybot - several minor issues showed up, but a few major issues including SmitFraud and a few others showed up. We "fixed" the problems, but I advised her that SmitFraud would likely not be cleared from her computer and she would have the problem reappear. It took less than a few hours and the Warning pop up appeared and again locked up her computer.

I will be traveling over the next few days, so my replies may be a little delay, but rest assured, I will reply with the information you need.

I have ran the Registry backup program and the FRST.64 program and the logs are below. However, both times that I ran the aswMBR program, the computer crashed with the blue screen crash info and rebooted, so a log did not generate.

Below are the logs I have obtained:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Debbie Williams (administrator) on DEBBIEWILLIAMS (05-08-2016 10:35:28)
Running from C:\Users\Debbie Williams\Desktop
Loaded Profiles: Debbie Williams (Available Profiles: Debbie Williams)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-09-11] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2011-09-21] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\Run: [Office365DesktopSetup] => C:\Users\Debbie Williams\AppData\Local\Apps\2.0\5EHEYLWY.OQ2\7XMTN88A.2JN\offi...app_c3bce3770c238a49_0001.0000_c9f9cb17c2686035\Office365DesktopSetup.exe [868640 2014-08-19] ()
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\MountPoints2: {5df5c37f-b0c7-11e2-8a70-00262d1d89b2} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\MountPoints2: {acb30b0d-8e43-11e2-8927-00262d1d89b2} - E:\LaunchU3.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-02-24]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Debbie Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-04-02]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Debbie Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-08-21]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=;https=
ProxyServer: [S-1-5-21-1220429911-571419994-1192886686-1000] => http=;https=
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{55B92C14-F0DF-4C76-9CDF-B910D0A86EA1}: [NameServer],
Tcpip\..\Interfaces\{55B92C14-F0DF-4C76-9CDF-B910D0A86EA1}: [DhcpNameServer]

Internet Explorer:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
URLSearchHook: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 - (No Name) - {e137f9f0-4b30-4a94-21a7-5368c3369e17} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4EF85E92-0D72-4847-AE44-DCC8A038518C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~2\mcafee\msk\mskapbho.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-07-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-07-07] (McAfee, Inc.)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2010-12-09] ()
FF Plugin-x32: @funwebproducts.com/Plugin -> C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-11] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-07-22] [not signed]
FF HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M9F0ADBFA-80A4-4B8A-AC8D-9939C22F8B16&SearchSource=55&CUI=&UM=6&UP=SP09545031-83A0-4B68-A13B-C73D97395612&SSPV=
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR Profile: C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-07-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-07-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 BackupStack; [X] <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [79192 2016-04-20] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519976 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R3 VIACRX64; C:\Windows\System32\DRIVERS\viacr64.sys [82544 2010-05-10] (VIA Technologies, Inc. )
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
S3 rt2870; system32\DRIVERS\rt2870.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2039-12-23 02:59 - 2010-07-04 01:16 - 01498511 _____ C:\519.JPG
2016-08-05 10:35 - 2016-08-05 10:36 - 00022343 _____ C:\Users\Debbie Williams\Desktop\FRST.txt
2016-08-05 10:34 - 2016-08-05 10:35 - 00000000 ____D C:\FRST
2016-08-05 10:33 - 2016-08-05 10:33 - 02393600 _____ (Farbar) C:\Users\Debbie Williams\Desktop\FRST64.exe
2016-08-05 10:31 - 2016-08-05 10:31 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DEBBIEWILLIAMS-Windows-7-Home-Premium-(64-bit).dat
2016-08-05 10:31 - 2016-08-05 10:31 - 00000000 ____D C:\RegBackup
2016-08-05 10:30 - 2016-08-05 10:30 - 00002237 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-08-05 10:30 - 2016-08-05 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-05 10:30 - 2016-08-05 10:30 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-08-05 10:29 - 2016-08-05 10:30 - 00019612 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-08-05 10:29 - 2016-08-05 10:29 - 05575304 _____ (Tweaking.com) C:\Users\Debbie Williams\Desktop\tweaking.com_registry_backup_setup.exe
2016-08-03 14:28 - 2016-08-03 14:28 - 00000118 _____ C:\Windows\wininit.ini
2016-08-03 14:22 - 2016-08-03 14:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\Debbie Williams\Desktop\gary.exe
2016-08-03 13:07 - 2016-08-03 14:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-08-03 13:07 - 2016-08-03 13:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-03 13:07 - 2016-08-03 13:07 - 00001393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-08-03 13:07 - 2016-08-03 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-08-03 13:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-08-03 12:50 - 2016-08-03 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-03 12:25 - 2016-08-03 15:02 - 00393338 _____ C:\Windows\ntbtlog.txt
2016-08-03 11:07 - 2016-08-05 10:32 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-07-22 19:17 - 2016-07-22 19:17 - 00000000 ____D C:\Windows10Upgrade
2016-07-22 19:12 - 2016-07-22 19:12 - 00000000 ____D C:\Windows\EOONotify
2016-07-22 18:47 - 2016-08-05 10:23 - 00000000 __RSD C:\Users\Debbie Williams\Documents\McAfee Vaults
2016-07-22 18:47 - 2016-07-22 18:47 - 00001918 _____ C:\Users\Public\Desktop\McAfeeŽ Total Protection.lnk
2016-07-22 18:47 - 2016-07-22 18:47 - 00000000 ____D C:\Users\Debbie Williams\AppData\Local\McAfee File Lock
2016-07-22 18:47 - 2016-07-22 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-07-22 18:47 - 2016-04-20 11:00 - 00079192 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2016-07-22 18:46 - 2016-07-22 18:46 - 00000000 ____D C:\ProgramData\Intel Security
2016-07-22 18:46 - 2016-02-24 21:07 - 00207968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2016-07-22 18:45 - 2016-07-30 18:33 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-07-22 18:45 - 2016-07-30 18:33 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-07-22 18:44 - 2016-07-22 18:47 - 00000000 ____D C:\Program Files\McAfee
2016-07-22 18:44 - 2016-07-22 18:44 - 00000000 ____D C:\Program Files\McAfee.com
2016-07-22 18:44 - 2016-07-22 18:44 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-07-22 18:43 - 2016-08-03 13:21 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-22 18:43 - 2016-07-22 18:43 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-07-22 18:41 - 2016-04-26 17:56 - 00277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-07-22 18:32 - 2016-07-22 18:46 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-07-22 14:49 - 2016-07-22 18:39 - 00000000 ____D C:\Users\Debbie Williams\AppData\Local\LogMeIn Rescue Applet
2016-07-21 18:45 - 2016-06-11 02:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-21 18:45 - 2016-06-11 00:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-21 18:45 - 2016-06-10 17:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-21 18:45 - 2016-06-10 17:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-21 18:45 - 2016-06-10 17:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-21 18:45 - 2016-06-10 17:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-21 18:45 - 2016-06-10 17:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-21 18:45 - 2016-06-10 17:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-21 18:45 - 2016-06-10 17:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-21 18:45 - 2016-06-10 17:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-21 18:45 - 2016-06-10 17:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-21 18:45 - 2016-06-10 16:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-21 18:45 - 2016-06-10 16:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-21 18:45 - 2016-06-10 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-21 18:45 - 2016-06-10 16:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-21 18:45 - 2016-06-10 16:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-21 18:45 - 2016-06-10 16:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-21 18:45 - 2016-06-10 16:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-21 18:45 - 2016-06-10 16:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-21 18:45 - 2016-06-10 16:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-21 18:45 - 2016-06-10 15:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-21 18:45 - 2016-06-10 15:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-21 18:45 - 2016-06-10 15:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-21 18:45 - 2016-06-10 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-21 18:45 - 2016-06-10 14:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-21 18:45 - 2016-06-10 14:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-21 18:45 - 2016-06-10 14:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-21 18:45 - 2016-06-10 14:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-21 18:45 - 2016-06-10 14:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-21 18:45 - 2016-06-10 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-21 18:45 - 2016-06-10 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-21 18:45 - 2016-06-10 14:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-21 18:45 - 2016-06-10 14:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-21 18:45 - 2016-06-10 14:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-21 18:45 - 2016-06-10 14:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-21 18:45 - 2016-06-10 14:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-21 18:45 - 2016-06-10 14:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-21 18:45 - 2016-06-10 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-21 18:45 - 2016-06-10 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-21 18:45 - 2016-06-10 14:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-21 18:45 - 2016-06-10 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-21 18:45 - 2016-06-10 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-21 18:45 - 2016-06-10 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-21 18:45 - 2016-06-10 14:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-21 18:45 - 2016-06-10 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-21 18:45 - 2016-06-10 14:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-21 18:45 - 2016-06-10 14:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-21 18:45 - 2016-06-10 14:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-21 18:45 - 2016-06-10 13:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-21 18:45 - 2016-06-10 13:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-21 18:45 - 2016-06-10 13:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-21 18:45 - 2016-06-10 13:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-21 18:44 - 2016-06-25 20:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-21 18:44 - 2016-06-25 20:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-21 18:44 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-21 18:44 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-21 18:44 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-21 18:44 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-21 18:44 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-21 18:44 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-21 18:44 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-21 18:44 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-21 18:44 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-21 18:44 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-21 18:44 - 2016-06-22 09:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-21 18:44 - 2016-06-17 14:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-21 18:44 - 2016-06-17 14:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-21 18:44 - 2016-06-17 14:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-21 18:44 - 2016-06-17 14:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-21 18:44 - 2016-06-17 14:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-21 18:44 - 2016-06-17 14:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-21 18:44 - 2016-06-14 11:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-21 18:44 - 2016-06-10 17:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-21 18:44 - 2016-06-10 17:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-21 18:44 - 2016-06-10 17:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-21 18:44 - 2016-06-10 17:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-21 18:44 - 2016-06-10 17:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-21 18:44 - 2016-06-10 17:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-21 18:44 - 2016-06-10 17:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-21 18:44 - 2016-06-10 16:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-21 18:44 - 2016-06-10 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-21 18:44 - 2016-06-10 16:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-21 18:44 - 2016-06-10 16:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-21 18:44 - 2016-06-10 16:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-21 18:44 - 2016-06-10 15:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-21 18:44 - 2016-06-10 15:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-12 13:28 - 2016-07-12 13:28 - 00015948 _____ C:\Users\Debbie Williams\Downloads\2016-2017 School Calendar.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-05 10:30 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-05 10:30 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-05 10:29 - 2013-07-18 09:55 - 00000000 ____D C:\Users\Debbie Williams\AppData\LocalLow\HPAppData
2016-08-05 10:23 - 2010-01-22 22:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-08-05 10:22 - 2011-10-02 14:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-05 10:22 - 2010-04-02 10:34 - 00000000 ____D C:\Users\Debbie Williams\AppData\Local\SoftThinks
2016-08-05 10:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-04 17:24 - 2013-03-03 13:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-04 17:24 - 2011-10-02 14:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-03 18:59 - 2011-07-24 19:51 - 00006022 _____ C:\Users\Debbie Williams\AppData\Roaming\wklnhst.dat
2016-08-03 14:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-08-03 14:28 - 2012-05-29 14:56 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-08-03 14:20 - 2010-04-02 12:25 - 00000000 ____D C:\Users\Debbie Williams\AppData\Local\VirtualStore
2016-08-03 12:51 - 2014-11-10 21:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-03 12:50 - 2014-11-10 21:07 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-03 12:50 - 2014-11-10 21:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-03 12:30 - 2011-10-24 22:00 - 00000000 ____D C:\Users\Debbie Williams\AppData\Local\ElevatedDiagnostics
2016-07-31 18:14 - 2010-01-22 22:47 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-07-30 12:53 - 2011-10-02 14:21 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 12:53 - 2011-10-02 14:21 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-23 02:39 - 2014-11-09 00:36 - 00000386 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Debbie Williams).job
2016-07-22 21:46 - 2010-01-22 22:48 - 00000000 ____D C:\ProgramData\McAfee
2016-07-22 21:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-07-22 19:12 - 2015-04-03 23:20 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-22 19:12 - 2015-04-03 23:20 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-22 18:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-22 18:34 - 2011-10-17 17:25 - 00001945 _____ C:\Windows\epplauncher.mif
2016-07-22 18:05 - 2014-03-07 20:19 - 00000000 ____D C:\temp
2016-07-22 15:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-22 14:32 - 2009-07-14 00:45 - 00338984 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-22 14:30 - 2014-12-10 22:08 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-22 14:30 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-21 20:54 - 2014-03-11 13:10 - 00000000 ____D C:\Windows\system32\MRT
2016-07-21 20:50 - 2012-02-01 13:11 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-14 22:54 - 2013-03-03 13:52 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 22:54 - 2013-03-03 13:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 22:54 - 2011-11-25 20:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-14 22:54 - 2011-08-31 10:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 22:54 - 2010-01-22 22:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-06 20:39 - 2010-04-09 21:12 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2010-09-27 01:48 - 2010-09-27 01:48 - 0008297 _____ () C:\Users\Debbie Williams\AppData\Roaming\UserTile.png
2014-03-07 17:20 - 2014-03-08 19:20 - 0000087 _____ () C:\Users\Debbie Williams\AppData\Roaming\WB.CFG
2011-07-24 19:51 - 2016-08-03 18:59 - 0006022 _____ () C:\Users\Debbie Williams\AppData\Roaming\wklnhst.dat
2011-03-06 17:31 - 2014-11-27 17:16 - 0013312 _____ () C:\Users\Debbie Williams\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-20 12:22 - 2010-10-20 12:22 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-02-24 16:20 - 2014-11-09 23:47 - 0002325 _____ () C:\ProgramData\hpzinstall.log
2011-10-24 22:19 - 2011-10-24 22:19 - 0000256 _____ () C:\ProgramData\lxdu.log
2010-10-20 16:49 - 2011-10-24 21:55 - 0001041 _____ () C:\ProgramData\lxduDiagnostics.log
2010-10-20 13:17 - 2010-10-20 13:17 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Files to move or delete:

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-30 13:10

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Debbie Williams (2016-08-05 10:36:40)
Running from C:\Users\Debbie Williams\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-04-02 14:34:08)
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-1220429911-571419994-1192886686-500 - Administrator - Disabled)
Debbie Williams (S-1-5-21-1220429911-571419994-1192886686-1000 - Administrator - Enabled) => C:\Users\Debbie Williams
Guest (S-1-5-21-1220429911-571419994-1192886686-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{963BFE7E-C350-4346-B43C-B02358306A45}) (Version: - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: - Apple Inc.)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: - Conexant)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0031 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: - Hewlett-Packard) Hidden
DocProc (x32 Version: - Hewlett-Packard) Hidden
Encore 802.11n Wireless Adapter ENUWI-N3 (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: - Encore)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: - Google Inc.) Hidden
Google Update Helper (x32 Version: - Google Inc.) Hidden
GoToAssist (HKLM-x32\...\GoToAssist) (Version: - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
iTunes (HKLM\...\{0C682623-8F66-46A8-B9B3-93FE1E66A001}) (Version: - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.227 - McAfee, Inc.)
McAfeeŽ Total Protection (HKLM-x32\...\MSC) (Version: 15.0.166 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: - Hewlett-Packard) Hidden
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: - iolo technologies, LLC)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebReg (x32 Version: - Hewlett-Packard) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19E11548-434A-4EE7-8D78-AD59F0FFF5F1} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {1BA67D18-6B62-45C3-952B-9C9A68ED7738} - System32\Tasks\{862334B3-295E-4E19-A3DF-D553C0054B48} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe"
Task: {1D81CC84-A8B7-4245-A65D-C34E08F79624} - System32\Tasks\{77D748B5-8769-4F1E-869D-4E196DEA00A2} => pcalua.exe -a D:\setup.exe -d D:\
Task: {4143D5B6-1D7F-430A-B078-0564819ABB7E} - System32\Tasks\{40004E8B-5461-46D6-A770-76B881FDF380} => pcalua.exe -a "C:\Remote Programs\Unlikely Suspects\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=708650;name=Unlikely Suspects;dir=C:\Remote Programs\Unlikely Suspects\;prvid=143;cmdid=1;prvdir=Default
Task: {555D23D6-F2C2-44BB-BF38-FE0CC5900ED1} - System32\Tasks\{CD70ED6C-5E78-4F54-870B-909CFF689AF9} => Iexplore.exe hxxp://ui.skype.com/ui/0/
Task: {59A50214-102C-4A4B-B1C0-B0D719C365C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {5B448971-6E33-4B86-930F-571CD3269A51} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Debbie Williams) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {62FEF90D-9703-4CD8-950E-34141EC7D349} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
Task: {63AC54ED-AA4F-4E90-B0ED-1429BD6CEA72} - System32\Tasks\{1415B000-CC46-4AE5-8B32-E1A019ED054D} => pcalua.exe -a "C:\Remote Programs\Roads of Rome\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=706250;name=Roads of Rome;dir=C:\Remote Programs\Roads of Rome\;prvid=143;cmdid=1;prvdir=Default
Task: {6CB32B58-8548-47CD-AF1B-5662B03AC7B4} - System32\Tasks\4767 => Wscript.exe C:\Users\DEBBIE~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {72404ECC-7B0A-4F95-BF72-22B68837A441} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-07-07] (McAfee, Inc.)
Task: {76DB836E-812C-4F54-84DE-2F06A9FD216B} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {85CF7F78-13C3-4801-AE57-BEB1844406E7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {8E3742B5-7809-4AC0-8238-B0AD6F56F6FD} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {9799219C-230C-4C85-953B-25F090F8CEB8} - System32\Tasks\{15089EFD-3AD2-4E98-AE31-B49852FB7346} => pcalua.exe -a "C:\Remote Programs\7 Wonders 2\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=586350;name=7 Wonders II;dir=C:\Remote Programs\7 Wonders 2\;prvid=143;cmdid=1;prvdir=Default
Task: {A02ACE68-B134-4756-AF71-A900B461C8A1} - System32\Tasks\{3856D818-C825-4600-BE7F-0D79FBCB25AB} => pcalua.exe -a "C:\Remote Programs\Treasures of Montezuma\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=466550;name=The Treasures of Montezuma;dir=C:\Remote Programs\Treasures of Montezuma\;prvid=143;cmdid=1;prvdir=Default
Task: {A6E583EB-1E35-46B6-AEA0-2B15025CF3B2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {AB40F472-4496-49ED-A207-B6F8DF780049} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2016-01-19] ()
Task: {C756CFB1-93AD-40C9-AFFF-8DB4B33CF046} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CDEAA577-0CE6-4666-A0F4-24E3ECCCEBCA} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {EDF36CE8-222A-4E30-968A-A4310AD14B78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Debbie Williams).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-10-20 13:22 - 2008-04-30 20:44 - 00045568 _____ () C:\Windows\System32\LXDUPMON.DLL
2010-10-20 13:22 - 2009-05-11 12:19 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL
2010-01-22 22:35 - 2011-01-13 14:39 - 00783680 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2016-05-12 18:05 - 2016-05-12 18:05 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\f662ab6ce54fe3aac1af05bfaa02bb90\VistaBridgeLibrary.ni.dll
2009-09-11 14:07 - 2009-09-11 14:07 - 01779952 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-10-15 05:10 - 2009-10-15 05:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2016-08-03 13:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-03 13:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-03 13:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-03 13:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-08-03 13:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-01-22 22:34 - 2011-01-13 14:37 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-01-22 22:34 - 2011-01-13 14:36 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-01-22 22:34 - 2011-01-13 14:37 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-01-22 22:34 - 2011-01-13 14:37 - 00099648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STMsXml.dll
2010-01-22 22:34 - 2011-01-13 14:36 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-01-22 22:34 - 2011-01-13 14:37 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-01-22 22:34 - 2011-01-13 14:37 - 00234816 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-01-22 22:34 - 2011-01-13 14:37 - 00075072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-01-22 22:34 - 2011-01-13 14:37 - 00111936 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-01-22 22:34 - 2011-01-13 14:37 - 00121152 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-01-22 22:34 - 2011-01-13 14:42 - 00025920 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2010-01-22 22:34 - 2011-01-13 14:37 - 00025920 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2009-09-11 14:08 - 2009-09-11 14:08 - 00268016 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-09-11 14:05 - 2009-09-11 14:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-09-11 14:08 - 2009-09-11 14:08 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-09-11 14:08 - 2009-09-11 14:08 - 00140528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-08-21 12:57 - 2009-08-21 12:57 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2010-06-03 14:46 - 2010-06-03 14:46 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7913 more sites.

IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1220429911-571419994-1192886686-1000\...\123simsen.com -> www.123simsen.com

There are 7913 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Debbie Williams\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{227D0D3B-92E0-4DC6-8578-6345A82D9D5E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{19BF5882-8D44-43C0-80F5-42ED106670DC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{723579A7-1E9D-42C3-9468-74F5F1EC8F23}] => (Allow) svchost.exe
FirewallRules: [{816CA21A-06FD-4E43-AA18-2787A65FAD39}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A8677778-7117-4CB6-B551-087629EE825E}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{592922A9-77AB-40B3-BDE7-59CC74538E9B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdupswx.exe
FirewallRules: [{4006F44C-C5F6-42BC-A9F9-23B6D36F0B1C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdupswx.exe
FirewallRules: [{7F7B9700-E07E-492C-B238-1FEBA856155C}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
FirewallRules: [{FCB36A9D-8799-4F97-98E6-6927B32765E8}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
FirewallRules: [{7076A59B-89D3-4505-ABB5-7524AE428346}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\frun.exe
FirewallRules: [{F470A407-B310-4BD3-B83B-AD8CEAD3A202}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\frun.exe
FirewallRules: [{172A5E93-E194-443A-A11B-2A7995D0A09D}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdufax.exe
FirewallRules: [{AF6DB4AA-C603-47F9-A24B-07DB0ED1658B}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdufax.exe
FirewallRules: [{F349B885-1166-4F5F-9DE7-01CB07F7F751}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{20D196BC-DA1C-4E27-986A-4DDC32EFBC57}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0238611C-97AC-497A-A052-5E86D091E276}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{9BD8BB04-AE02-43FB-AA2A-CFE7A41D9E80}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{3C348FB3-81A6-433D-B347-629153FD9652}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{6B366CEB-3819-4EA7-97E8-830CC5C4F313}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{6DF2A9F1-A000-479A-BFAA-01A4C4B089CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{9F430AD6-248B-49C2-85B5-6630ACC55C55}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{BB88F227-0D9C-461E-A405-FB355E19363E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{0D1C8FAE-B03C-4303-902D-061885E1D82A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{CF9FA8E5-E8A8-4B2D-A592-0BDA18E952F8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3F277E81-A520-4F0D-B49F-572FF389A59E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{4ABBB170-2F13-4DF4-BF51-AA3B65894824}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{CADD8E48-1C38-4764-9CD2-3D290BD94D5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BE3C2C2A-A6D3-4776-9D21-DC323BA5E1C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{F55DE3C2-7296-4F6B-B1DA-13A9E4EB5F02}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{52B98FA0-585B-4F44-9004-C71C76B2147E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C3CF6830-AE96-4380-BEB0-F973FD533315}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{362E74A1-9B0D-43D4-A4DC-033EAECAE443}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{86E204B2-CD3F-44F3-ABC3-4AF7AFBCC640}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{6FC2DED0-B9FA-4FB9-84B1-D0A628201233}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{127598CE-0530-4104-BBC3-6EAEDD920CD3}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{17708162-CD84-4CF7-B1F9-C56768EE4C21}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3492028C-86D3-4110-8830-5A51CC9FC6AB}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

04-07-2016 13:15:30 Windows Update
08-07-2016 09:53:31 Windows Update
12-07-2016 00:04:12 Windows Update
19-07-2016 18:09:25 Windows Update
21-07-2016 20:46:35 Windows Update
22-07-2016 19:11:36 Windows Update
25-07-2016 21:27:58 Windows Update
25-07-2016 21:31:20 Windows Update
03-08-2016 10:38:50 Scheduled Checkpoint
03-08-2016 12:48:10 Windows Update
03-08-2016 13:24:49 Windows Update

==================== Faulty Device Manager Devices =============

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: qknfd
Description: qknfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Service: qknfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
Error: (08/05/2016 10:23:55 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (08/04/2016 09:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (08/04/2016 09:33:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (08/04/2016 09:30:00 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (08/04/2016 03:03:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2590

Error: (08/04/2016 03:03:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2590

Error: (08/04/2016 03:03:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/04/2016 02:59:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10078

Error: (08/04/2016 02:59:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10078

Error: (08/04/2016 02:59:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
Error: (08/05/2016 10:22:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:

Error: (08/05/2016 10:22:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/05/2016 10:22:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BackupStack service failed to start due to the following error:
%%87 = The parameter is incorrect.

Error: (08/04/2016 09:28:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:

Error: (08/04/2016 09:28:36 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/04/2016 09:28:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BackupStack service failed to start due to the following error:
%%87 = The parameter is incorrect.

Error: (08/04/2016 05:24:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/04/2016 05:24:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/04/2016 05:24:14 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/04/2016 03:12:52 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 38%
Total physical RAM: 4060.8 MB
Available physical RAM: 2485.1 MB
Total Virtual: 8119.79 MB
Available Virtual: 6195.2 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:499.33 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: CF5ACCFD)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Please note that I will try to run the aswMBR program again as instructed - after I post this - and will send the log report if generated at the end of the routine. THank you again for your help.

2016-08-05, 18:57
I was able to complete the aswMBR scan and below is the log it provided. Thank you again.


aswMBR version Copyright(c) 2014 AVAST Software
Run date: 2016-08-05 11:20:51
11:20:51.916 OS Version: Windows x64 6.1.7601 Service Pack 1
11:20:51.916 Number of processors: 2 586 0x170A
11:20:51.932 ComputerName: DEBBIEWILLIAMS UserName:
11:20:53.570 Initialize success
11:20:53.726 VM: initialized successfully
11:20:53.726 VM: Intel CPU supported
11:20:55.293 VM: supported disk I/O ataport.SYS
11:21:32.000 AVAST engine defs: 16080400
11:21:35.136 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:21:35.136 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
11:21:35.229 VM: Disk 0 MBR read successfully
11:21:35.229 Disk 0 MBR scan
11:21:35.229 Disk 0 Windows VISTA default MBR code
11:21:35.245 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:21:35.260 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:21:35.260 Disk 0 Boot: NTFS code=1
11:21:35.276 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595439 MB offset 30801920
11:21:35.292 Disk 0 scanning C:\Windows\system32\drivers
11:21:44.168 Service scanning
11:22:03.294 Modules scanning
11:22:03.294 Disk 0 trace - called modules:
11:22:03.294 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:22:03.294 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c89700]
11:22:03.294 3 CLASSPNP.SYS[fffff8800185043f] -> nt!IofCallDriver -> [0xfffffa8003c5ae40]
11:22:03.294 5 ACPI.sys[fffff88000ef27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046ed060]
11:22:05.306 AVAST engine scan C:\Windows
11:22:08.332 AVAST engine scan C:\Windows\system32
11:25:00.307 AVAST engine scan C:\Windows\system32\drivers
11:25:12.413 AVAST engine scan C:\Users\Debbie Williams
11:47:11.619 AVAST engine scan C:\ProgramData
11:49:27.886 Disk 0 statistics 4019990/0/17 @ 1.42 MB/s
11:49:27.901 Scan finished successfully
11:49:41.068 Disk 0 MBR has been saved successfully to "C:\Users\Debbie Williams\Desktop\MBR.dat"
11:49:41.068 The log file has been saved successfully to "C:\Users\Debbie Williams\Desktop\aswMBR.txt"

2016-08-06, 00:09
Please uninstall the below, very outdated and vulnerable
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Got to ask before I attempt to remove this, does she connect by a Proxy connection?

ProxyEnable: [.DEFAULT] => Proxy is enabled.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


URLSearchHook: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 - (No Name) - {e137f9f0-4b30-4a94-21a7-5368c3369e17} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4EF85E92-0D72-4847-AE44-DCC8A038518C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~2\mcafee\msk\mskapbho.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-11] (Oracle Corporation)
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M9F0ADBFA-80A4-4B8A-AC8D-9939C22F8B16&SearchSource=55&CUI=&UM=6&UP=SP09545031-83A0-4B68-A13B-C73D97395612&SSPV=
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx <not found>
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
C:\Program Files\Enigma Software Group\SpyHunter
Task: {6CB32B58-8548-47CD-AF1B-5662B03AC7B4} - System32\Tasks\4767 => Wscript.exe C:\Users\DEBBIE~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {85CF7F78-13C3-4801-AE57-BEB1844406E7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {CDEAA577-0CE6-4666-A0F4-24E3ECCCEBCA} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.


Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post

2016-08-08, 18:37

I am not sure if she uses a proxy server or not. Is there a means to determine this?

I will run the procedures that you outlined above and report the logs, but it may take me a few days.

Thank you for your assistance.

2016-08-08, 23:12

Click Start>Control Panel>Intenet Options.
Click on the Connection Tab.
Click on the LAN Settings radio button.
Near the bottom of the Dialogue Box that pops up is a box that if checked, allows the use of a Proxy Server for your LAN. If the box is checked, the Advanced button will be active and allows you to view your Proxy Settings.

If the box is not checked, will confirm the machine is not using a proxy

2016-08-09, 18:16
After using your instructions, I found that the Proxy Server box is NOT checked. I will run the other procedures and report the logs once generated. Thank you.

2016-08-09, 22:20
I have uninstalled the Java 8 UPdate 25 as instructed.

Below find the logs as requested. Please note that on the ADWCleaner that I could not tell many items as being "legitimate" so just a few were checked marked for cleaning. I was unable to determine a legitimate disposition of many files and / or registry entries that were listed, so rather than possibly deleted something that I could not give an accurate dispositions, I simply removed the check.

Fixlog.txt log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-08-2016
Ran by Debbie Williams (2016-08-09 11:16:36) Run:1
Running from C:\Users\Debbie Williams\Desktop
Loaded Profiles: Debbie Williams (Available Profiles: Debbie Williams)
Boot Mode: Normal

fixlist content:
URLSearchHook: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 - (No Name) - {e137f9f0-4b30-4a94-21a7-5368c3369e17} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4EF85E92-0D72-4847-AE44-DCC8A038518C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~2\mcafee\msk\mskapbho.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-1220429911-571419994-1192886686-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-11] (Oracle Corporation)
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M9F0ADBFA-80A4-4B8A-AC8D-9939C22F8B16&SearchSource=55&CUI=&UM=6&UP=SP09545031-83A0-4B68-A13B-C73D97395612&SSPV=
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx <not found>
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
C:\Program Files\Enigma Software Group\SpyHunter
Task: {6CB32B58-8548-47CD-AF1B-5662B03AC7B4} - System32\Tasks\4767 => Wscript.exe C:\Users\DEBBIE~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {85CF7F78-13C3-4801-AE57-BEB1844406E7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {CDEAA577-0CE6-4666-A0F4-24E3ECCCEBCA} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value removed successfully
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e137f9f0-4b30-4a94-21a7-5368c3369e17} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4EF85E92-0D72-4847-AE44-DCC8A038518C}" => key removed successfully
HKCR\CLSID\{4EF85E92-0D72-4847-AE44-DCC8A038518C} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value removed successfully
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => key not found.
HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2 => key not found.
C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2 => key not found.
C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => not found.
Chrome HomePage => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam" => key removed successfully
esgiguard => service removed successfully
qknfd => service removed successfully
C:\Program Files\Enigma Software Group\SpyHunter => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CB32B58-8548-47CD-AF1B-5662B03AC7B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CB32B58-8548-47CD-AF1B-5662B03AC7B4}" => key removed successfully
C:\Windows\System32\Tasks\4767 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4767" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85CF7F78-13C3-4801-AE57-BEB1844406E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85CF7F78-13C3-4801-AE57-BEB1844406E7}" => key removed successfully
C:\Windows\System32\Tasks\0 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDEAA577-0CE6-4666-A0F4-24E3ECCCEBCA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDEAA577-0CE6-4666-A0F4-24E3ECCCEBCA}" => key removed successfully
C:\Windows\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 277942049 B
Java, Flash, Steam htmlcache => 113442 B
Windows/system/drivers => 78518 B
Edge => 0 B
Chrome => 8291039 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42372839 B
systemprofile32 => 1474067 B
LocalService => 212892 B
NetworkService => 9849828 B
Debbie Williams => 3550989424 B

RecycleBin => 14623770 B
EmptyTemp: => 3.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:23:07 ==

AdwCleaner(C1).txt log:

# AdwCleaner v5.201 - Logfile created 09/08/2016 at 14:39:38
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-08.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Debbie Williams - DEBBIEWILLIAMS
# Running from : C:\Users\Debbie Williams\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[x] Service Not Deleted : BackupStack

***** [ Folders ] *****

[x] Folder Not Deleted : C:\ProgramData\Ask
[x] Folder Not Deleted : C:\ProgramData\slimware utilities inc
[x] Folder Not Deleted : C:\ProgramData\Application Data\Ask
[x] Folder Not Deleted : C:\ProgramData\Application Data\slimware utilities inc
[x] Folder Not Deleted : C:\Users\Public\Documents\Downloaded Installers
[x] Folder Not Deleted : C:\Program Files (x86)\driverupdate
[x] Folder Not Deleted : C:\Users\Debbie Williams\AppData\Local\apn
[x] Folder Not Deleted : C:\Users\Debbie Williams\AppData\Local\PackageAware
[x] Folder Not Deleted : C:\Users\Debbie Williams\AppData\Local\slimware utilities inc
[x] Folder Not Deleted : C:\Users\Debbie Williams\AppData\Local\Downloaded Installers
[x] Folder Not Deleted : C:\Users\Debbie Williams\AppData\LocalLow\HPAppData
[x] Folder Not Deleted : C:\Users\Debbie Williams\AppData\LocalLow\iac
[x] Folder Not Deleted : C:\Users\Debbie Williams\AppData\LocalLow\IAC
[x] Folder Not Deleted : C:\Users\Debbie Williams\AppData\Roaming\Systweak
[x] Folder Not Deleted : C:\Users\Debbie Williams\AppData\Roaming\Yahoo!\Companion
[x] Folder Not Deleted : C:\Users\Debbie Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WindowShopper
[x] Folder Not Deleted : C:\extensions

***** [ Files ] *****

[x] File Not Deleted : C:\Windows\SysNative\roboot64.exe
[x] File Not Deleted : C:\user.js

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[x] Task Not Deleted : SlimCleaner Plus (Scheduled Scan - Debbie Williams)
[x] Task Not Deleted : SlimCleaner Plus (Scheduled Scan - Debbie Williams)

***** [ Registry ] *****

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
[x] Key Not Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[x] Key Not Deleted : HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[x] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[x] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[x] Key Not Deleted : HKCU\Software\APN
[x] Key Not Deleted : HKCU\Software\APN PIP
[x] Key Not Deleted : HKCU\Software\Tune
[x] Key Not Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[x] Key Not Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
[x] Key Not Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[x] Key Not Deleted : HKLM\SOFTWARE\PIP
[x] Key Not Deleted : HKLM\SOFTWARE\Tune
[x] Key Not Deleted : HKLM\SOFTWARE\Yahoo\Companion
[x] Key Not Deleted : HKLM\SOFTWARE\systweak
[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[x] Key Not Deleted : HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\APN
[x] Key Not Deleted : HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\APN PIP
[x] Key Not Deleted : HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Tune
[x] Key Not Deleted : HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Yahoo\Companion
[x] Key Not Deleted : HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Yahoo\YFriendsBar
[x] Key Not Deleted : HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\YahooPartnerToolbar
[x] Key Not Deleted : HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\systweak
[x] Key Not Deleted : HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\AppDataLow\Software\AskToolbar
[x] Key Not Deleted : HKU\S-1-5-21-1220429911-571419994-1192886686-1000\Software\AppDataLow\Software\Yahoo\Companion
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Alexa Internet
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Mega Browse
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\trovi.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.driverupdate.net
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.wajam.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\audiotoaudio.dl.myway.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easymaillogin.dl.myway.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdapp1008-a.akamaihd.net
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mapsgalaxy.dl.tb.ask.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\productivityboss.dl.tb.ask.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\radiorage.dl.tb.ask.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wajam.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.about.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.driverupdate.net

***** [ Web browsers ] *****

[x] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Not Deleted : amazon.com
[x] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Not Deleted : ask.com
[x] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Not Deleted : search.conduit.com
[x] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Not Deleted : aol.com
[x] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Not Deleted : ask.com
[x] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Not Deleted : Mysearchdial.com
[x] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Not Deleted : trovi.search
[x] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Not Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam


:: "Tracing" keys deleted
:: Winsock settings cleared


C:\AdwCleaner\AdwCleaner[C1].txt - [10161 bytes] - [09/08/2016 14:39:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [9200 bytes] - [09/08/2016 11:28:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10308 bytes] ##########

JRT.txt log:

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by Debbie Williams (Administrator) on Tue 08/09/2016 at 14:46:44.65

File System: 24

Successfully deleted: C:\ProgramData\ask (Folder)
Successfully deleted: C:\ProgramData\slimware utilities inc (Folder)
Successfully deleted: C:\user.js (File)
Successfully deleted: C:\Users\Debbie Williams\AppData\Local\apn (Folder)
Successfully deleted: C:\Users\Debbie Williams\AppData\Local\cre (Folder)
Successfully deleted: C:\Users\Debbie Williams\AppData\Local\downloaded installers (Folder)
Successfully deleted: C:\Users\Debbie Williams\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\Debbie Williams\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\Users\Debbie Williams\Appdata\LocalLow\iac (Folder)
Successfully deleted: C:\Users\Debbie Williams\AppData\Roaming\systweak (Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Windows\system32\Tasks\SlimCleaner Plus (Scheduled Scan - Debbie Williams) (Task)
Successfully deleted: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Debbie Williams).job (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\driverupdate (Folder)
Successfully deleted: C:\Users\Debbie Williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOY8A6SL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Debbie Williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TIX7WIRN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Debbie Williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYTJUAWD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Debbie Williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y885Q0VH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\system32\roboot64.exe (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOY8A6SL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TIX7WIRN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYTJUAWD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y885Q0VH (Temporary Internet Files Folder)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SlimCleaner Plus (Registry Value)

Scan was completed on Tue 08/09/2016 at 14:50:03.73
End of JRT log

Please advise if additional logs / scans are needed. Thank you for your assistance.

2016-08-10, 00:12
Please run AdwCleaner again, I read over the logs and what it had found does need to go.

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php)

Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

Please post these 2 logs when finished and let me know how the computer is now.

2016-08-10, 03:38
Thanks for reviewing the AdwCleaner log.

Just to make sure that I am doing it correctly, you want me to leave the "check" for everything that is already checked after the scan (including ALL checked Services, Folders, Files, DLL's, WMI's, Shortcuts, Scheduled Tasks, Registries, and Web Browsers) - thereby everything that is found (and checked) will be "cleaned"?

Thank you.

2016-08-10, 12:33
Right-click AdwCleaner.exe and select Run as administrator to run the program.
Follow the prompts.
Click Scan.

make sure everything does have a checkmark, then select Clean.

It shouldn't find as much this time.

2016-08-10, 17:09
I ran the AdwCleaner again and the Malware Bytes programs as instructed. Below are the logs.


# AdwCleaner v5.201 - Logfile created 10/08/2016 at 09:15:38
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Debbie Williams - DEBBIEWILLIAMS
# Running from : C:\Users\Debbie Williams\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : BackupStack

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Debbie Williams\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\Debbie Williams\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Debbie Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WindowShopper
[-] Folder Deleted : C:\extensions

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\APN
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Tune
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\Tune
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Alexa Internet
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1220429911-571419994-1192886686-1000\Software\Mega Browse
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\trovi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.driverupdate.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.wajam.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\audiotoaudio.dl.myway.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easymaillogin.dl.myway.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdapp1008-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mapsgalaxy.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\productivityboss.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\radiorage.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wajam.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.about.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.driverupdate.net

***** [ Web browsers ] *****

[-] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : amazon.com
[-] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Mysearchdial.com
[-] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\Debbie Williams\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam


:: "Tracing" keys deleted
:: Winsock settings cleared


C:\AdwCleaner\AdwCleaner[C1].txt - [10392 bytes] - [09/08/2016 14:39:38]
C:\AdwCleaner\AdwCleaner[C2].txt - [7389 bytes] - [10/08/2016 09:15:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [9200 bytes] - [09/08/2016 11:28:11]
C:\AdwCleaner\AdwCleaner[S2].txt - [7607 bytes] - [09/08/2016 21:04:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [7608 bytes] ##########

Malware Bytes log:

Malwarebytes Anti-Malware

Scan Date: 8/10/2016
Scan Time: 9:21 AM
Administrator: Yes

Malware Database: v2016.08.10.07
Rootkit Database: v2016.08.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Debbie Williams

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315129
Time Elapsed: 13 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent, C:\Windows\hosts, Quarantined, [b2bd2a1f35651d19fa1b16132ed5e917],

Physical Sectors: 0
(No malicious items detected)


As far as how the computer is running now, I will have to get my sister in law to use it for a few days and then let me know how it is going. I will report back when she gives me more info. Thank you.

2016-08-10, 17:21
It should be running better now.

One more scan

Please download Emsisoft Emergency Kit (http://dl.emsisoft.com/EmsisoftEmergencyKit.exe) and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

Leave all settings as they are and click the Extract button at the bottom.
A folder named EEK will be created in the root of the drive (usually c:\).

After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
Please click Yes so that it downloads the latest database updates.
When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
Click on Scan to be taken to the scan options.
If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
Click on the Malware Scan button to start the scan.
When the scan is completed click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
Please save the log in Notepad on your desktop, and copy it to your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

2016-08-10, 18:27
I ran the EEK program scan and the log is below:

Emsisoft Emergency Kit - Version 11.9
Last update: 8/10/2016 11:15:42 AM
User account: DebbieWilliams\Debbie Williams
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 8/10/2016 11:16:32 AM
C:\Users\Debbie Williams\AppData\LocalLow\HPAppData detected: Application.AdInstall (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Key: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\WWW.SUPERFISH.COM detected: Application.AdFish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F45B09B0-01D1-4E04-AE42-8650196F04CC} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{098E4E5F-7877-4EBE-9A51-49CDEFBED242} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{0CEC5206-43FA-4BC8-91A7-DC5B121F7960} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1606FE93-4CB7-4C6A-9947-7362FDB6C121} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{1606FE93-4CB7-4C6A-9947-7362FDB6C121} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{178A8078-832D-4E6E-9287-29507867134A} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{178A8078-832D-4E6E-9287-29507867134A} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{191EA747-1B0F-4895-8A45-B96A9EE15E28} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3F210473-F79B-48AA-B4B0-78872B5B4541} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4EECBA27-86E3-49FF-9084-986F22CFDE7B} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5F33EE20-E09F-45E9-AB0C-9221AF3D2651} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5F33EE20-E09F-45E9-AB0C-9221AF3D2651} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{661A3047-196C-40BE-B957-98532655A787} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{A3BD0431-C030-45BF-915D-01C8E8AF05D7} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{B32878B5-90B1-4775-A6DF-DF5FEF423606} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C13F1DBD-F8F6-496F-957A-2FDF9594BF4F} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{D8F4593C-CCD4-499C-99A3-ABE6427195B9} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DFF78A48-9941-4ABF-8E21-E1D66F6AF4B1} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E64A3E85-DA78-4178-91A8-E9FAA308375B} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E9D59045-793B-4638-ABB6-881E6CE9AEEA} detected: Application.BrowserExt (A)

Scanned 73937
Found 35

Scan end: 8/10/2016 11:22:29 AM
Scan time: 0:05:57

2016-08-10, 23:35
Is Emsisoft Emergency Kit still on desktop?

What was found we can allow it to delete.

When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
Please save the log in Notepad on your desktop, and copy it to your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

2016-08-11, 01:31
Emsisoft Emergency Kit was closed once the log was pasted.

I will run the scan again and follow your instructions.

Thank you.

2016-08-11, 13:29
Thank you

2016-08-11, 16:59
I ran the EEK and the log report is below:

EEK Log/Report:

Emsisoft Emergency Kit - Version 11.9
Last update: 8/10/2016 11:15:42 AM
User account: DebbieWilliams\Debbie Williams
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 8/11/2016 9:34:40 AM
C:\Users\Debbie Williams\AppData\LocalLow\HPAppData detected: Application.AdInstall (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Key: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\WWW.SUPERFISH.COM detected: Application.AdFish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F45B09B0-01D1-4E04-AE42-8650196F04CC} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{098E4E5F-7877-4EBE-9A51-49CDEFBED242} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{0CEC5206-43FA-4BC8-91A7-DC5B121F7960} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1606FE93-4CB7-4C6A-9947-7362FDB6C121} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{1606FE93-4CB7-4C6A-9947-7362FDB6C121} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{178A8078-832D-4E6E-9287-29507867134A} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{178A8078-832D-4E6E-9287-29507867134A} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{191EA747-1B0F-4895-8A45-B96A9EE15E28} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3F210473-F79B-48AA-B4B0-78872B5B4541} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4EECBA27-86E3-49FF-9084-986F22CFDE7B} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5F33EE20-E09F-45E9-AB0C-9221AF3D2651} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5F33EE20-E09F-45E9-AB0C-9221AF3D2651} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{661A3047-196C-40BE-B957-98532655A787} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{A3BD0431-C030-45BF-915D-01C8E8AF05D7} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{B32878B5-90B1-4775-A6DF-DF5FEF423606} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C13F1DBD-F8F6-496F-957A-2FDF9594BF4F} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{D8F4593C-CCD4-499C-99A3-ABE6427195B9} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DFF78A48-9941-4ABF-8E21-E1D66F6AF4B1} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E64A3E85-DA78-4178-91A8-E9FAA308375B} detected: Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E9D59045-793B-4638-ABB6-881E6CE9AEEA} detected: Application.BrowserExt (A)

Scanned 75604
Found 35

Scan end: 8/11/2016 9:41:13 AM
Scan time: 0:06:33

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E9D59045-793B-4638-ABB6-881E6CE9AEEA} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E64A3E85-DA78-4178-91A8-E9FAA308375B} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{D8F4593C-CCD4-499C-99A3-ABE6427195B9} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{B32878B5-90B1-4775-A6DF-DF5FEF423606} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{A3BD0431-C030-45BF-915D-01C8E8AF05D7} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{661A3047-196C-40BE-B957-98532655A787} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5F33EE20-E09F-45E9-AB0C-9221AF3D2651} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5F33EE20-E09F-45E9-AB0C-9221AF3D2651} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3F210473-F79B-48AA-B4B0-78872B5B4541} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{191EA747-1B0F-4895-8A45-B96A9EE15E28} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{178A8078-832D-4E6E-9287-29507867134A} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{178A8078-832D-4E6E-9287-29507867134A} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{1606FE93-4CB7-4C6A-9947-7362FDB6C121} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1606FE93-4CB7-4C6A-9947-7362FDB6C121} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{0CEC5206-43FA-4BC8-91A7-DC5B121F7960} Application.BrowserExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F45B09B0-01D1-4E04-AE42-8650196F04CC} Application.BrowserExt (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Setting.NoFolderOptions (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1220429911-571419994-1192886686-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Setting.DisableTaskMgr (A)
C:\Users\Debbie Williams\AppData\LocalLow\HPAppData Application.AdInstall (A)

Quarantined 31

2016-08-11, 23:03
How's the computer now?

Ready to remove tools and quarantine folders?

2016-08-12, 01:51
So far so good. I have asked my sister in law to use her computer for a few days and let me know if any issues come up. After all the scans / cleanings / quarantines, I ran a Spybot scan (which originally notified us of the SmitFraud malware - and a few others), but on the most recent scan, there were no major issues (just low level / minor items - i.e. cookies, etc.).

I will report back after she has a chance to use it for a few days.

Again, thank you and everyone that volunteers to assist people in these matters.

2016-08-12, 03:58
on the most recent scan, there were no major issues (just low level / minor items - i.e. cookies, etc.).

I will report back after she has a chance to use it for a few days.

Again, thank you and everyone that volunteers to assist people in these matters.
Your welcome :)

2016-08-16, 23:56
Still need help?

2016-08-17, 01:38
Sorry about the delay. I wanted to give my sister in law some time to use her computer. Apparently so far she has not found any issues with the computer. I told her that unless I heard from her by Friday, I will assume that everything is running as intended without any malware issues.

Can you tell me what items I should go ahead and delete and/or uninstall from the computer at this point? Thank you.

2016-08-17, 12:36

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


2016-08-22, 20:44
My sister in law indicated that she has had no problems for over a week.

I have followed your instructions and deleted all the disinfecting tools / programs / log files.

Thank you again so much for your help.

2016-08-22, 23:41
My sister in law indicated that she has had no problems for over a week.

I have followed your instructions and deleted all the disinfecting tools / programs / log files.

Thank you again so much for your help.

Your welcome, we're glad to help.

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

2016-08-27, 04:36
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.