Jump to content

Highjackthis log Help to remove items


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:36:52 PM, on 8/28/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120207150141.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [Exetender_600] "C:\Program Files (x86)\GameTanium PC app\GPlayer.exe" /schedule 300000
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12782 bytes
 

Link to post
Share on other sites

  • Staff

Hello and welcome to the Malwarebytes Forum.

We need a more comprehensive diagnostic scan to determine what might be on the system, please run the following:

Please download the appropriate version of Farbar Recovery Scan Tool from here:

Farbar Recovery Scan Tool 32-bit (FRST.exe)
Farbar Recovery Scan Tool 64-bit (FRST64.exe)

and save it to your desktop.

**After you click the Download Now 64-bit, or the Download Now 32-bit, another page will open — DO NOT CLICK ANY ADDITIONAL ‘download now’ buttons, just wait and look toward the bottom of your browser for the option to Run or Save. Click Save.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. (Note: make sure there is a checkmark beside “Addition.txt”)
Press the Scan button.

It will make a log (FRST.txt) in the same directory the tool is run.
Please attach that log to your reply.

The first time the tool is run, it makes a second log (Addition.txt).
Please attach that to your reply as well

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by doug (administrator) on RTK-PC (01-09-2016 07:07:08)
Running from E:\
Loaded Profiles: doug (Available Profiles: doug)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1658440 2011-03-12] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-07-21] (Dell)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\...\Run: [Exetender_600] => "C:\Program Files (x86)\GameTanium PC app\GPlayer.exe" /schedule 300000
HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{C195F3BE-AF85-42AF-9CF7-1942D7859625}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {1F4BA6FE-1999-419B-9084-CAAEE755D70E} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://mumbojumbo.start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.yahoo.com/search?ei=ISO-8859-1&fr=chr-vmn&type=egames3_1yach&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {AB0B2C91-B824-40B9-A2DC-175A02A8F443} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYUTUS&apn_uid=cec81260-db6e-4fed-a298-43d5962899e8&apn_sauid=258CEDD4-837C-4AD6-9297-2454A228FE2E
SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://www.ask.com/web?l=dis&o=APN10022&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A4D&apn_uid=2454202215194023&p2=^A4D^YYYYYY^YY^US&q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120207150141.dll [2011-03-13] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-15] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-02-07] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120207150141.dll [2011-03-13] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-15] (Google Inc.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-02-07] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-15] (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> No Name - {4FE80DBA-DD5F-4914-BCBA-C189BF3A1691} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2011-03-12] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2011-03-12] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2012-02-07] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2011-03-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2012-02-07] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [2011-03-12] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-26] (Google Inc.)

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://start.mysearchdial.com/?f=1&a=installertech_14_22&cd=2XzuyEtN2Y1L1QzuyCyEtByBtAyByCzz0EtD0CyEzzyC0DyEtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyDyByE0EtBtDyB0CtG0D0AyCyDtG0F0EyBzztGyDtAtA0BtGtB0Dzz0E0FyC0BtA0DzytAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzyDyB0EyDzzzytGyBzz0C0DtGtByEtAyBtGtDyE0B0BtGyEyDzytDzy0ByC0FzyyC0Fzy2Q&cr=571709270&ir=
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/", "hxxps://www.google.com/" 
CHR DefaultSearchURL: Default -> hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=installertech_14_22&cd=2XzuyEtN2Y1L1QzuyCyEtByBtAyByCzz0EtD0CyEzzyC0DyEtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyDyByE0EtBtDyB0CtG0D0AyCyDtG0F0EyBzztGyDtAtA0BtGtB0Dzz0E0FyC0BtA0DzytAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzyDyB0EyDzzzytGyBzz0C0DtGtByEtAyBtGtDyE0B0BtGyEyDzytDzy0ByC0FzyyC0Fzy2Q&cr=571709270&ir=
CHR DefaultSearchKeyword: Default -> mysearchdial.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll => No File
CHR Plugin: (PremierOpinion) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.2_0\plugins/pmcm.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll => No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Profile: C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-26]
CHR Extension: (Google Search) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-05]
CHR Extension: (Gmail) - C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-26]
CHR HKLM-x32\...\Chrome\Extension: [hpflffkopmgalfhfholanbnhoiblmajp] - C:\Program Files (x86)\GamingWonderland Chrome Extension\bar\GamingWonderland@mindspark.com.gen1 <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [501768 2011-03-17] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-01 07:06 - 2016-09-01 07:07 - 00000000 ____D C:\FRST
2016-09-01 06:48 - 2016-09-01 06:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-08-26 19:17 - 2016-08-26 19:17 - 00000020 _____ C:\Users\doug\AppData\Roaming\appdataFr3.bin
2016-08-23 20:01 - 2016-08-28 14:24 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-23 20:01 - 2016-08-28 14:23 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-23 20:01 - 2016-08-28 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-23 20:01 - 2016-08-28 14:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-23 20:01 - 2016-08-23 20:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-23 20:01 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-08-23 20:01 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-08-23 20:01 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-01 07:05 - 2012-08-13 17:04 - 00464116 _____ C:\windows\ntbtlog.txt
2016-08-28 14:17 - 2012-02-07 14:12 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-08-28 14:16 - 2013-05-03 07:24 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-28 14:16 - 2012-07-09 11:08 - 00000000 ____D C:\Users\doug\AppData\Local\SoftThinks
2016-08-28 14:16 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-28 13:59 - 2014-04-08 16:28 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-08-28 13:54 - 2015-04-15 16:13 - 00003484 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2016-08-28 13:45 - 2012-08-17 21:08 - 00000000 ____D C:\Users\doug\AppData\Local\Nero
2016-08-28 13:39 - 2013-05-03 07:24 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-28 13:37 - 2009-07-13 21:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-28 13:37 - 2009-07-13 21:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-28 13:33 - 2009-07-13 22:13 - 00006206 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-26 19:34 - 2015-02-25 18:27 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-26 19:34 - 2013-05-03 07:24 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-23 22:21 - 2013-03-02 01:33 - 00000000 ____D C:\Program Files (x86)\OXXOGames
2016-08-23 22:18 - 2013-05-03 07:23 - 00000000 ____D C:\GameHouse Games
2016-08-23 22:18 - 2012-10-04 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames
2016-08-23 22:18 - 2012-10-04 21:01 - 00000000 ____D C:\Program Files (x86)\egames
2016-08-23 22:18 - 2012-09-01 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2016-08-23 22:17 - 2012-09-01 21:41 - 00000000 ____D C:\Program Files (x86)\GameHouse
2016-08-23 22:17 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-23 22:15 - 2013-05-03 07:30 - 00000000 ____D C:\ProgramData\Trymedia
2016-08-23 22:15 - 2012-08-14 17:35 - 00000000 ____D C:\ProgramData\PopCap Games
2016-08-23 22:15 - 2012-08-14 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2016-08-23 22:15 - 2012-08-14 17:35 - 00000000 ____D C:\Program Files (x86)\PopCap Games
2016-08-23 22:14 - 2013-02-26 18:34 - 00000000 ____D C:\Program Files (x86)\Viva Media
2016-08-23 22:14 - 2012-09-29 20:45 - 00000000 ____D C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games of the Month
2016-08-23 22:14 - 2012-09-29 20:45 - 00000000 ____D C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-08-23 22:14 - 2012-08-20 21:19 - 00000000 ____D C:\Program Files (x86)\Oberon Media SIDR
2016-08-23 22:12 - 2012-08-29 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-08-23 22:11 - 2012-08-15 17:07 - 00000000 ____D C:\Program Files (x86)\On Hand Software
2016-08-23 22:04 - 2015-04-26 08:57 - 00000000 ____D C:\Program Files (x86)\Haunted Hotel - Death Sentence
2016-08-23 22:03 - 2013-02-10 12:27 - 00514216 _____ C:\windows\Gogii 4-Pack Uninstall Log.txt
2016-08-23 22:01 - 2012-10-06 18:26 - 00000000 ____D C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTanium PC app
2016-08-23 22:01 - 2012-10-06 07:53 - 00000000 ____D C:\Program Files (x86)\GameTanium PC app
2016-08-23 22:01 - 2012-08-20 21:19 - 00000000 ____D C:\Users\doug\AppData\Roaming\Oberon Media
2016-08-23 22:01 - 2012-08-20 14:47 - 00000000 ____D C:\Remote Programs
2016-08-23 22:01 - 2012-02-07 13:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-23 22:00 - 2012-08-20 14:47 - 00000000 ____D C:\Program Files (x86)\Free Ride Games
2016-08-23 22:00 - 2009-07-13 22:32 - 00000000 ____D C:\windows\Downloaded Program Files
2016-08-23 21:59 - 2009-07-13 19:34 - 00000692 _____ C:\windows\win.ini
2016-08-23 21:54 - 2014-06-14 18:08 - 00000000 ____D C:\ProgramData\Big Fish
2016-08-23 21:54 - 2014-06-14 18:07 - 00000000 ____D C:\BigFishCache
2016-08-23 21:52 - 2012-02-07 14:07 - 00000000 ____D C:\ProgramData\WildTangent
2016-08-23 21:50 - 2013-05-03 07:26 - 00000000 ____D C:\Program Files (x86)\Zylom Games
2016-08-23 21:39 - 2012-10-06 19:22 - 00000000 ____D C:\Temp
2016-08-23 21:39 - 2012-08-20 14:47 - 00000000 ____D C:\Users\doug\AppData\LocalLow\Temp
2016-08-23 21:35 - 2014-12-26 14:16 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-08-23 21:33 - 2015-02-25 18:36 - 00000000 ____D C:\Program Files (x86)\SeekerInit
2016-08-23 21:33 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system
2016-08-23 20:59 - 2015-04-27 03:05 - 00000000 ____D C:\Program Files (x86)\saferweeb
2016-08-23 20:59 - 2015-04-27 03:05 - 00000000 ____D C:\Program Files (x86)\FineDealaSoft
2016-08-23 20:59 - 2015-04-27 03:05 - 00000000 ____D C:\Program Files (x86)\Facebook Timeline Covers
2016-08-23 20:59 - 2015-04-08 10:26 - 00000000 ____D C:\Program Files (x86)\TrollBook
2016-08-23 20:59 - 2015-04-08 10:26 - 00000000 ____D C:\Program Files (x86)\SaveRnuett
2016-08-23 20:59 - 2015-03-21 01:28 - 00000000 ____D C:\Program Files (x86)\deal4rreale
2016-08-23 20:59 - 2015-03-21 01:27 - 00000000 ____D C:\Program Files (x86)\Voicify
2016-08-23 20:59 - 2015-03-21 01:27 - 00000000 ____D C:\Program Files (x86)\FineDealSoftt
2016-08-23 20:59 - 2015-02-26 06:57 - 00000000 ____D C:\Program Files (x86)\Mind the Word
2016-08-23 20:59 - 2015-02-26 06:56 - 00000000 ____D C:\Program Files (x86)\dowwnloaditkeepa
2016-08-23 20:59 - 2015-02-26 06:56 - 00000000 ____D C:\Program Files (x86)\CoupSCannuer
2016-08-23 20:59 - 2014-12-26 14:37 - 00000000 ____D C:\ProgramData\Browser
2016-08-23 20:59 - 2014-06-19 17:01 - 00000000 ____D C:\Program Files (x86)\TidyNetwork
2016-08-23 20:59 - 2014-04-21 14:19 - 00000000 ____D C:\Program Files (x86)\PopularScreensavers

==================== Files in the root of some directories =======

2016-08-26 19:17 - 2016-08-26 19:17 - 0000020 _____ () C:\Users\doug\AppData\Roaming\appdataFr3.bin
2014-12-01 15:29 - 2015-02-25 18:16 - 0000100 _____ () C:\Users\doug\AppData\Roaming\WB.CFG
2012-12-15 17:45 - 2012-12-16 11:46 - 0033070 _____ () C:\Users\doug\AppData\Local\slot1.mm1
2013-01-23 10:33 - 2014-02-07 11:07 - 0001493 _____ () C:\ProgramData\aaron_exentt.log
2014-02-09 20:05 - 2014-02-09 21:01 - 0000354 _____ () C:\ProgramData\aygdi_save.log
2012-09-08 19:06 - 2013-02-21 03:17 - 0000354 _____ () C:\ProgramData\aygdr_save.log
2012-08-15 17:10 - 2012-08-25 17:03 - 0000266 _____ () C:\ProgramData\ayg_saver.log
2013-08-27 06:01 - 2013-09-26 11:42 - 0001491 _____ () C:\ProgramData\ayoung3_save.log
2013-02-14 12:12 - 2015-04-23 20:46 - 0003898 _____ () C:\ProgramData\doicrane_save.log
2012-11-09 09:20 - 2012-11-27 09:54 - 0003407 _____ () C:\ProgramData\dscranew_save.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-27 07:10

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by doug (01-09-2016 07:08:05)
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-09 18:08:04)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2385548519-2828962165-3150370110-500 - Administrator - Disabled)
doug (S-1-5-21-2385548519-2828962165-3150370110-1000 - Administrator - Enabled) => C:\Users\doug
Guest (S-1-5-21-2385548519-2828962165-3150370110-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2385548519-2828962165-3150370110-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Drop (HKLM-x32\...\Drop) (Version:  - )
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Java(TM) 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 11.0.543 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00FB1772-4A5F-4271-88F5-1C9797C5E7CD} - \MySearchDial -> No File <==== ATTENTION
Task: {16E7EC4D-6A97-479A-BFDD-D1BF15A3E6C9} - System32\Tasks\{E2CF7AB4-5C56-485C-B278-D12DA99FA725} => C:\Remote Programs\Murder Island - Secret of Tantalus\GPlrLanc.exe [2012-07-15] (Exent Technologies Ltd.)
Task: {1BA18F61-97BA-46CF-9F2C-C29AF0E60710} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {1DCC5F41-4729-4D71-A5DF-24B99922A575} - System32\Tasks\{9BCE8F22-461D-4EFE-B1FA-7F5F6590D7EA} => C:\Program Files (x86)\GameTanium PC app\GPlrLanc.exe
Task: {1FE8F30F-20FB-4060-9472-8A6397A33FE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-26] (Google Inc.)
Task: {230722B0-47A4-4302-88DE-9038E07E6189} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {27EA7049-DCB1-4F2D-958E-1FA731442343} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2385548519-2828962165-3150370110-1000
Task: {2CFAC908-0F07-4EDD-84C4-7E915B40192F} - System32\Tasks\{D961B29D-A7A8-4A90-A36C-6C37CC9BF385} => C:\Remote Programs\Murder Island - Secret of Tantalus\GPlrLanc.exe [2012-07-15] (Exent Technologies Ltd.)
Task: {3E2752FF-279D-4CD6-96F0-BAB6853E0B08} - System32\Tasks\{4A269BCD-7B3F-4A94-8BB8-FF48F528D071} => C:\Program Files (x86)\GameTanium PC app\GPlrLanc.exe
Task: {48C6B500-0C36-4E91-B742-A3E28817DA6D} - System32\Tasks\{D43DBD97-E0DC-4FBD-BE5F-649D9AB2E809} => pcalua.exe -a C:\Users\doug\AppData\Local\TNT2\2.0.0.1812\TNT2User.exe -c /UNINSTALL PARTNER=10963
Task: {70D3BAA5-917E-4BC2-8636-593E27F05C76} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {76DEAA87-00D4-4C85-B810-232A33C2A0D4} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {8554A568-7D64-41FA-BB37-BC7463D3711C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {9062BCD8-4B12-4419-B021-86AA606F841F} - System32\Tasks\{84ABB3CD-DFFC-49A9-A965-C2EB89852928} => C:\Remote Programs\Murder Island - Secret of Tantalus\GPlrLanc.exe [2012-07-15] (Exent Technologies Ltd.)
Task: {ACFC5154-3E00-42F3-8135-C3F2AEA2221F} - System32\Tasks\{1A86BE8E-DB99-43FA-96F2-B5AE297305C9} => C:\Program Files (x86)\Free Ride Games\GPlrLanc.exe
Task: {B0CCEDA4-9A46-4478-B0E0-255D2A78B23C} - System32\Tasks\{0564740E-71F7-4CBB-92D0-C3240D3D23CD} => C:\Remote Programs\Murder Island - Secret of Tantalus\GPlrLanc.exe [2012-07-15] (Exent Technologies Ltd.)
Task: {BA0E7E00-D664-46DC-9364-17F58D36AB8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-26] (Google Inc.)
Task: {CE31CA95-2B6D-4BE5-BA5E-B08F91AE1ABE} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15] (Adobe Systems Incorporated)
Task: {CEE1698F-ACD5-44C5-A6F0-210108A1E45C} - System32\Tasks\{1E092914-F6DF-4BCD-A48D-A275B2175CDB} => C:\Program Files (x86)\GameTanium PC app\GPlrLanc.exe
Task: {E292F4F3-26CE-4567-824A-2215819575DB} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {E4361C46-6D43-4135-8572-FC6D0ABF9941} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
Task: {E6B9F6E6-955E-40C4-A532-911B4E4E407E} - \CandyUpdater -> No File <==== ATTENTION
Task: {EB493BF5-56F5-44B4-8464-18418E95FEA4} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {F5579244-75CF-47E1-B2B0-F66B3BBB72CA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\doug\AppData\Local\Microsoft\Windows\GameExplorer\{BD3E1717-5220-44DD-A7F3-73E8981E7B4E}\SupportTasks\1\Support.lnk -> hxxp://www.herinteractive.com/prod/car/tech.shtml/
Shortcut: C:\Users\doug\AppData\Local\Microsoft\Windows\GameExplorer\{BD3E1717-5220-44DD-A7F3-73E8981E7B4E}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.herinteractive.com/prod/car/index.shtml/
Shortcut: C:\Users\doug\AppData\Local\Microsoft\Windows\GameExplorer\{4CC286F9-8822-4185-8B0E-E0E32D965561}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/directory/
Shortcut: C:\Users\doug\AppData\Local\Microsoft\Windows\GameExplorer\{4CC286F9-8822-4185-8B0E-E0E32D965561}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.microsoft.com/games/age2/
Shortcut: C:\Users\doug\AppData\Local\Microsoft\Windows\GameExplorer\{1EF0603A-6AAD-4E89-8FC6-50C725090AF7}\SupportTasks\0\Support.lnk -> hxxp://support.ubi.com/

ShortcutWithArgument: C:\Users\Public\Desktop\eBay.lnk -> C:\Program Files (x86)\eBay\Browser Launcher.exe (eBay Inc.) -> hxxp://rover.ebay.com/rover/1/711-86042-13409-1/4?mpre=hxxp://ebay.com

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2313511A [152]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\Temp:2E49D185 [109]
AlternateDataStreams: C:\ProgramData\Temp:46DC30C2 [138]
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA [163]
AlternateDataStreams: C:\ProgramData\Temp:4C5C1DD3 [294]
AlternateDataStreams: C:\ProgramData\Temp:561B1D2B [176]
AlternateDataStreams: C:\ProgramData\Temp:5D351BC6 [168]
AlternateDataStreams: C:\ProgramData\Temp:6017A808 [149]
AlternateDataStreams: C:\ProgramData\Temp:886133E1 [133]
AlternateDataStreams: C:\ProgramData\Temp:A02025CE [173]
AlternateDataStreams: C:\ProgramData\Temp:A3F7C8F8 [244]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [167]
AlternateDataStreams: C:\ProgramData\Temp:D92DB12F [136]
AlternateDataStreams: C:\ProgramData\Temp:E51234A9 [131]
AlternateDataStreams: C:\ProgramData\Temp:E73594F0 [260]
AlternateDataStreams: C:\ProgramData\Temp:EE445D7C [129]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\doug\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{68DF8DC0-8D92-4D1C-ABF1-E4C3E61EAD24}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{3813375D-CB39-4857-AD4A-6ED4D83B6E71}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{51726887-4642-426D-93B5-348BDB64CEEE}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{D1AC2250-E4D5-435F-8C59-CB1D8523259A}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{437264ED-C4F7-483E-8E62-278B6A943BBC}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{BC005F2E-4008-4C45-841A-03C8967ABED9}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{DCD51C9F-F23D-4B60-8296-4241350A973C}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{84058E6D-DD01-4B52-8A4D-19867F9CF226}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{F7E83360-D893-4C54-9FBD-C6814402F426}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{A403433D-C7FC-45F3-B372-8282544FFD2F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{693DB5F4-1C01-48A3-8D24-D9824646E990}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{05A0AC6C-FB97-4D6E-966B-3048F8E583BE}] => (Allow) LPort=9700
FirewallRules: [{82A87D8F-E466-435D-83CF-89F351B92EB8}] => (Allow) LPort=9701
FirewallRules: [{50C9314D-4ABB-43E8-9011-6E1233DAE844}] => (Allow) LPort=9702
FirewallRules: [{D800046E-3E1D-46AD-8C14-D551486F7A36}] => (Allow) LPort=9700
FirewallRules: [{BD0E4B9B-C914-45B1-8A56-DD34555FEB78}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{D6CFBA0A-0E5E-45C4-9F4D-72D56FC21186}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{A5B81618-8E10-4FFB-A700-F5F45DB8098B}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{3ACE5212-3C1D-44D6-93F3-989227C62A56}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{999D93D5-BA17-4A0E-8E38-81125479527F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{072710FB-D1D9-46F5-816A-AD3E5B7DBEB1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A5E0B2DC-266D-4ADB-BF87-782833F4760C}] => (Allow) LPort=2869
FirewallRules: [{B268DE29-77DE-4B0A-AA9C-A2611D1B3159}] => (Allow) LPort=1900
FirewallRules: [{90E5363C-5551-44B4-8CBD-7E4F0DB1E549}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B3D9A117-0132-4C53-A909-165FAAAB0074}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1EB92F9D-2F64-4EA0-BA57-8B0C0DE668C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F8B7867A-8E7A-457D-B526-08240DBF8626}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{B9AD8FB6-220D-42CA-B187-69C18DFA4E96}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{DF098CD4-140B-4335-9FE3-32D822E0BF87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-02-2015 18:29:12 Windows Defender Checkpoint
25-02-2015 21:44:28 Windows Backup
15-03-2015 19:01:05 Windows Backup
08-04-2015 13:11:23 Windows Backup
15-04-2015 20:02:57 Installed DirectX
19-04-2015 19:00:14 Windows Backup
26-04-2015 19:00:08 Windows Backup
23-08-2016 21:30:34 Windows Backup
23-08-2016 21:43:54 Removed Amnesia - The Dark Descent
23-08-2016 21:47:48 Removed Vampire Brides
23-08-2016 21:48:44 Removed Vampireville
23-08-2016 22:14:48 Removed Nancy Drew: The Haunted Carousel
23-08-2016 22:23:45 Removed TuneUp Utilities 2012
23-08-2016 22:26:13 Removed TuneUp Utilities Language Pack (en-US)

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2016 06:47:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/28/2016 02:20:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/28/2016 02:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/28/2016 02:13:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/28/2016 02:09:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/28/2016 01:33:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/28/2016 01:33:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/28/2016 01:32:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/28/2016 01:32:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/28/2016 01:30:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (09/01/2016 06:51:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/01/2016 06:51:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/01/2016 06:51:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/01/2016 06:51:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 18%
Total physical RAM: 3894.7 MB
Available physical RAM: 3184.14 MB
Total Virtual: 7787.57 MB
Available Virtual: 7066.91 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:392.79 GB) NTFS
Drive e: (PKBACK# 001) (Removable) (Total:0.24 GB) (Free:0.22 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F843B164)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 250 MB) (Disk ID: E28FFE80)
Partition 1: (Active) - (Size=250 MB) - (Type=06)

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Staff

Please do the following:

Download the attached fixlist.txt file and save it to the E:\ drive

Fixlist.txt

NOTE. It’s important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work.

Run the FRST64.exe program and press the Fix button just once and wait.
The tool will make a log in the same folder as where the FRST program is saved. (Fixlog.txt).
Please attach it to your reply.

(note: sometimes the program will need to reboot – please allow it to do so)

NEXT

Please download AdwCleaner and save it to your desktop.
adwCleaner

ATTENTION: After you click the Download Now button, another page will open – DO NOT CLICK any additional ‘download now’ buttons as they are sponsored advertisements. Please wait and look toward the top or bottom of your browser for the option to Run or Save. Click Save to save the file.

Double click on AdwCleaner.exe to run the tool.
Click the “Options” menu heading on the menu bar and uncheck “Reset Winsock Settings”
Click on the Scan button.
After the scan has finished… click on the Cleaning button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[C1].txt) will open automatically.
Attach that log file to your next reply.
You can find the logfile at C:\AdwCleaner[Cn].txt (‘n’ is the number of clean actions performed).

Please let me know if there are any outstanding issues.

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by doug (07-09-2016 19:38:06) Run:1
Running from E:\
Loaded Profiles: doug (Available Profiles: doug)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {AB0B2C91-B824-40B9-A2DC-175A02A8F443} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYUTUS&apn_uid=cec81260-db6e-4fed-a298-43d5962899e8&apn_sauid=258CEDD4-837C-4AD6-9297-2454A228FE2E
SearchScopes: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://www.ask.com/web?l=dis&o=APN10022&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A4D&apn_uid=2454202215194023&p2=^A4D^YYYYYY^YY^US&q={searchTerms}
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)
Toolbar: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000 -> No Name - {4FE80DBA-DD5F-4914-BCBA-C189BF3A1691} -  No File
CHR HomePage: Default -> hxxp://start.mysearchdial.com/?f=1&a=installertech_14_22&cd=2XzuyEtN2Y1L1QzuyCyEtByBtAyByCzz0EtD0CyEzzyC0DyEtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyDyByE0EtBtDyB0CtG0D0AyCyDtG0F0EyBzztGyDtAtA0BtGtB0Dzz0E0FyC0BtA0DzytAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzyDyB0EyDzzzytGyBzz0C0DtGtByEtAyBtGtDyE0B0BtGyEyDzytDzy0ByC0FzyyC0Fzy2Q&cr=571709270&ir=
CHR DefaultSearchURL: Default -> hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=installertech_14_22&cd=2XzuyEtN2Y1L1QzuyCyEtByBtAyByCzz0EtD0CyEzzyC0DyEtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyDyByE0EtBtDyB0CtG0D0AyCyDtG0F0EyBzztGyDtAtA0BtGtB0Dzz0E0FyC0BtA0DzytAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzyDyB0EyDzzzytGyBzz0C0DtGtByEtAyBtGtDyE0B0BtGyEyDzytDzy0ByC0FzyyC0Fzy2Q&cr=571709270&ir=
CHR DefaultSearchKeyword: Default -> mysearchdial.com
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [hpflffkopmgalfhfholanbnhoiblmajp] - C:\Program Files (x86)\GamingWonderland Chrome Extension\bar\GamingWonderland@mindspark.com.gen1 <not found> 
2016-08-23 21:33 - 2015-02-25 18:36 - 00000000 ____D C:\Program Files (x86)\SeekerInit
2016-08-23 20:59 - 2015-04-27 03:05 - 00000000 ____D C:\Program Files (x86)\saferweeb
2016-08-23 20:59 - 2015-04-27 03:05 - 00000000 ____D C:\Program Files (x86)\FineDealaSoft
2016-08-23 20:59 - 2015-04-08 10:26 - 00000000 ____D C:\Program Files (x86)\SaveRnuett
2016-08-23 20:59 - 2015-03-21 01:28 - 00000000 ____D C:\Program Files (x86)\deal4rreale
2016-08-23 20:59 - 2015-03-21 01:27 - 00000000 ____D C:\Program Files (x86)\FineDealSoftt
2016-08-23 20:59 - 2015-02-26 06:56 - 00000000 ____D C:\Program Files (x86)\dowwnloaditkeepa
2016-08-23 20:59 - 2015-02-26 06:56 - 00000000 ____D C:\Program Files (x86)\CoupSCannuer
2016-08-23 20:59 - 2014-12-26 14:37 - 00000000 ____D C:\ProgramData\Browser
2016-08-23 20:59 - 2014-06-19 17:01 - 00000000 ____D C:\Program Files (x86)\TidyNetwork
Task: {00FB1772-4A5F-4271-88F5-1C9797C5E7CD} - \MySearchDial -> No File <==== ATTENTION
Task: {76DEAA87-00D4-4C85-B810-232A33C2A0D4} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {E292F4F3-26CE-4567-824A-2215819575DB} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {E4361C46-6D43-4135-8572-FC6D0ABF9941} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
Task: {E6B9F6E6-955E-40C4-A532-911B4E4E407E} - \CandyUpdater -> No File <==== ATTENTION
EmptyTemp:
end


*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB0B2C91-B824-40B9-A2DC-175A02A8F443}" => key removed successfully
HKCR\CLSID\{AB0B2C91-B824-40B9-A2DC-175A02A8F443} => key not found. 
"HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}" => key removed successfully
HKCR\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4FE80DBA-DD5F-4914-BCBA-C189BF3A1691} => value removed successfully
HKCR\CLSID\{4FE80DBA-DD5F-4914-BCBA-C189BF3A1691} => key not found. 
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hpflffkopmgalfhfholanbnhoiblmajp" => key removed successfully
C:\Program Files (x86)\SeekerInit => moved successfully
C:\Program Files (x86)\saferweeb => moved successfully
C:\Program Files (x86)\FineDealaSoft => moved successfully
C:\Program Files (x86)\SaveRnuett => moved successfully
C:\Program Files (x86)\deal4rreale => moved successfully
C:\Program Files (x86)\FineDealSoftt => moved successfully
C:\Program Files (x86)\dowwnloaditkeepa => moved successfully
C:\Program Files (x86)\CoupSCannuer => moved successfully
C:\ProgramData\Browser => moved successfully
C:\Program Files (x86)\TidyNetwork => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00FB1772-4A5F-4271-88F5-1C9797C5E7CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00FB1772-4A5F-4271-88F5-1C9797C5E7CD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76DEAA87-00D4-4C85-B810-232A33C2A0D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76DEAA87-00D4-4C85-B810-232A33C2A0D4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E292F4F3-26CE-4567-824A-2215819575DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E292F4F3-26CE-4567-824A-2215819575DB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4361C46-6D43-4135-8572-FC6D0ABF9941}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4361C46-6D43-4135-8572-FC6D0ABF9941}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6B9F6E6-955E-40C4-A532-911B4E4E407E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6B9F6E6-955E-40C4-A532-911B4E4E407E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CandyUpdater => key not found. 

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23141269 B
Java, Flash, Steam htmlcache => 38074 B
Windows/system/drivers => 2505027046 B
Edge => 0 B
Chrome => 49000750 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66240 B
Public => 0 B
ProgramData => 0 B
systemprofile => 1249513675 B
systemprofile32 => 1494498 B
LocalService => 0 B
NetworkService => 258180 B
doug => 33791815 B

RecycleBin => 0 B
EmptyTemp: => 3.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:39:11 ====

Link to post
Share on other sites

# AdwCleaner v6.010 - Logfile created 07/09/2016 at 19:45:08
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-24.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : doug - RTK-PC
# Running from : C:\Users\doug\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\GamingWonderlandEI
[-] Folder deleted: C:\Program Files (x86)\PopularScreensavers
[-] Folder deleted: C:\Users\doug\AppData\Local\iac
[#] Folder deleted on reboot: C:\Users\doug\AppData\Local\IAC
[-] Folder deleted: C:\Users\doug\AppData\LocalLow\AskToolbar
[-] Folder deleted: C:\Users\doug\AppData\LocalLow\AVG Secure Search
[-] Folder deleted: C:\Users\doug\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\doug\AppData\LocalLow\iac
[-] Folder deleted: C:\Users\doug\AppData\LocalLow\Inbox Toolbar
[-] Folder deleted: C:\Users\doug\AppData\LocalLow\wiseconvert
[#] Folder deleted on reboot: C:\Users\doug\AppData\LocalLow\IAC
[-] Folder deleted: C:\Users\doug\AppData\Roaming\Babylon
[-] Folder deleted: C:\Users\doug\AppData\Roaming\BabylonToolbar
[-] Folder deleted: C:\Users\doug\AppData\Roaming\iWin
[-] Folder deleted: C:\Users\doug\AppData\Roaming\quickclick
[-] Folder deleted: C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeCandy
[-] Folder deleted: C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar
[-] Folder deleted: C:\Users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\Babylon
[-] Folder deleted: C:\ProgramData\GameTap Web Player
[-] Folder deleted: C:\ProgramData\InstallBrainService
[-] Folder deleted: C:\ProgramData\Trymedia
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Babylon
[#] Folder deleted on reboot: C:\ProgramData\Application Data\GameTap Web Player
[#] Folder deleted on reboot: C:\ProgramData\Application Data\InstallBrainService
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Trymedia
[-] Folder deleted: C:\Users\Public\Documents\iWin
[-] Folder deleted: C:\Program Files (x86)\Ask.com
[-] Folder deleted: C:\Program Files (x86)\AVG Secure Search
[-] Folder deleted: C:\Program Files (x86)\BabylonToolbar
[-] Folder deleted: C:\Program Files (x86)\Free Ride Games
[-] Folder deleted: C:\Program Files (x86)\GameTap Web Player
[#] Folder deleted on reboot: C:\Program Files (x86)\PopularScreensavers
[-] Folder deleted: C:\Program Files (x86)\System Optimizer Pro
[-] Folder deleted: C:\Program Files (x86)\wiseconvert
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}


***** [ Files ] *****

[-] File deleted: C:\Users\doug\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
[-] File deleted: C:\END
[-] File deleted: C:\Users\Public\Desktop\eBay.lnk


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\GamingWonderlandEI
[#] Key deleted on reboot: HKLM\SOFTWARE\GamingWonderlandEI_is1
[-] Key deleted: HKLM\SOFTWARE\PopularScreensavers
[#] Key deleted on reboot: HKLM\SOFTWARE\PopularScreensavers_is1
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@popularscreensavers.com/Plugin
[-] Key deleted: HKLM\SOFTWARE\1a5af83f-76b0-5dd0-fd9c-32d583e49025
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6818868a-1b3d-4e35-a561-fa964a96cd3b}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79e57afa-bc05-4636-9457-fbc0abb3576b}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9193e23b-4182-493f-a38e-682307a7c463}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf75b5a2-8403-4f70-88a6-488e3bea0d7b}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e1f80eb5-8af4-410d-87c1-4f3e2776822a}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79}
[#] Key deleted on reboot: {0953a3a2-9223-4990-a1c9-efb4d4686ef2}
[#] Key deleted on reboot: {61588674-DE5D-416E-8F66-7AA6128A3669}
[-] Key deleted: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key deleted: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{F13A0006-F3A9-4778-B8F1-6BD167475531}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{8E505161-C877-49F5-82CA-D2FF0B72862C}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key deleted: HKCU\Software\Classes\CLSID\{5FDB0CD8-5760-44D1-8D13-A78BF558C3C7}
[-] Key deleted: HKCU\Software\Classes\CLSID\{A8625CB7-85FE-4936-92A4-B2A7C925209E}
[-] Key deleted: HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
[-] Key deleted: HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F13A0006-F3A9-4778-B8F1-6BD167475531}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8E505161-C877-49F5-82CA-D2FF0B72862C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A93C934-025B-4C3A-B38E-9654A7003239}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key deleted: [x64] HKLM\SOFTWARE\System Optimizer Pro
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEARCHPROTECT
[-] Key deleted: HKU\.DEFAULT\Software\AskToolbar
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\APN
[-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\Ask.com
[-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\ContentExplorer
[-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\WeatherAlerts
[-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\AppDataLow\Software\AskToolbar
[-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\AppDataLow\Software\Freecause
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AskToolbar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar
[#] Key deleted on reboot: HKCU\Software\APN
[#] Key deleted on reboot: HKCU\Software\Ask.com
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\ContentExplorer
[#] Key deleted on reboot: HKCU\Software\WeatherAlerts
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\AskToolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Freecause
[-] Key deleted: HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key deleted: HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\APN
[-] Key deleted: HKLM\SOFTWARE\AskToolbar
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\Trymedia Systems
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BD04C21DD7DC68D42958E5F22E63394E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B501B6E56F182443979D1DFA8309BD4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\BD04C21DD7DC68D42958E5F22E63394E
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\8B501B6E56F182443979D1DFA8309BD4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\8B501B6E56F182443979D1DFA8309BD4
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\BD04C21DD7DC68D42958E5F22E63394E
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\8B501B6E56F182443979D1DFA8309BD4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
[-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F4BA6FE-1999-419B-9084-CAAEE755D70E}
[-] Key deleted: HKU\S-1-5-21-2385548519-2828962165-3150370110-1000\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F4BA6FE-1999-419B-9084-CAAEE755D70E}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL


***** [ Web browsers ] *****

[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [trovi.search] [Search Provider] Deleted: trovi.search
[-] [start.mysearchdial.com] [Search Provider] Deleted: start.mysearchdial.com
[-] [mysearchdial.com] [Search Provider] Deleted: mysearchdial.com
[-] [C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: afjegdojkkoghnbiollpogeeimocanmk
[-] [C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ogminpmldncgcmokldnmmapddoccmhfl


*************************

:: "Tracing" keys deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [20132 Bytes] - [07/09/2016 19:45:08]
C:\AdwCleaner\AdwCleaner[S0].txt - [19670 Bytes] - [07/09/2016 19:43:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [20280 Bytes] ##########
 

Link to post
Share on other sites

  • Staff

There was a lot of adware junk on the machine.

Please run the following:

Open Malwarebytes AntiMalware (MBAM):

• On the Settings tab > Detection and Protection subtab, Detection Options, check the box ‘Scan for rootkits’.
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may see this message box.
○ ‘Could not load DDA driver’
• Click ‘Yes’ to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions if there are detections found.
• Wait for the prompt to restart the computer to appear, then click on Yes.

Attach the resulting log.

• Open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed. (Note: there are two types of logs, scan logs and protection logs, I need to see the scan log)
• Click ‘Export’ > Click ‘Text file (*.txt)’
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named ‘File Saved’ should appear stating “Your file has been successfully exported” > Click Ok
• Attach that saved log to your next reply.

NEXT

Please advise how the computer is running now and if there are any outstanding issues.

 

Link to post
Share on other sites

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<logs>
<record severity="debug" LoggingEventType="1" datetime="2016-09-10T11:02:25.153256-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" fromVersion="2016.2.12.1" last_modified_tag="356eeb72-4dbf-499b-a089-a1b7ee534bea" name="Remediation Database" toVersion="2016.8.31.1"/>
<record severity="debug" LoggingEventType="1" datetime="2016-09-10T11:02:25.231257-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" fromVersion="2016.2.8.1" last_modified_tag="7bfcd6e1-5ae8-4671-b4a6-bffa7c92bf33" name="Rootkit Database" toVersion="2016.8.15.1"/>
<record severity="debug" LoggingEventType="1" datetime="2016-09-10T11:02:25.293657-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" fromVersion="2016.2.8.1" last_modified_tag="42869fc4-90ff-4773-9fda-31adc7c038bc" name="IP Database" toVersion="2016.9.10.1"/>
<record severity="debug" LoggingEventType="1" datetime="2016-09-10T11:02:26.058058-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" fromVersion="2016.2.16.8" last_modified_tag="881c0dd7-7842-4812-a30a-8071f09ec4ce" name="Domain Database" toVersion="2016.9.10.1"/>
<record severity="debug" LoggingEventType="1" datetime="2016-09-10T11:02:29.380864-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" fromVersion="2016.2.16.6" last_modified_tag="e9378dee-0ae9-446e-8191-63ad93504668" name="Malware Database" toVersion="2016.9.10.6"/>
<record severity="debug" scantype="threat" LoggingEventType="6" starttime="2016-09-10T11:03:13-07:00" datetime="2016-09-10T11:55:27.023722-07:00" source="Manual" type="Scan" username="SYSTEM" systemname="RTK-PC"last_modified_tag="ede34847-a143-4b15-8cad-15c42a951358" duration="2525" malwaredetections="2" nonmalwaredetections="1" scanresult="completed"/>
<record severity="debug" LoggingEventType="1" datetime="2016-09-10T12:06:09.150634-07:00" source="Manual" type="Update" username="SYSTEM" systemname="RTK-PC" code="No Internet connection detected" last_modified_tag="df53a4fc-44c5-4c9c-88f0-06227219402e" message="Failed"/>
</logs>

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/10/2016
Scan Time: 11:03 AM
Logfile: scanlog20160910.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.10.06
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: doug

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355442
Time Elapsed: 42 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Trojan.Agent, C:\Program Files (x86)\Google\Chrome\Application\chrome.dll, Quarantined, [add12b45f2a844f234d0d6ac38c9f10f], 
Trojan.Downloader, C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll, Quarantined, [2c520a66f8a2f046e47613f4e918b14f], 
PUP.Optional.TerraClicks.ShrtCln, C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (www.terraclicks.com), Replaced,[e19d7af65b3fdd5920b1455a7292bd43]

Physical Sectors: 0
(No malicious items detected)


(end)

 

Thank you so much for all you do!!!!!  Let me know whats next....

Link to post
Share on other sites

<?xml version="1.0" encoding="UTF-8"?>

-<logs>

<record toVersion="2016.9.13.1" name="IP Database" last_modified_tag="6d4c6336-6e63-40b5-a35e-555d59f19fdb" fromVersion="2016.9.10.1" systemname="RTK-PC" username="SYSTEM" type="Update" source="Manual" datetime="2016-09-13T06:43:25.106069-07:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2016.9.13.1" name="Domain Database" last_modified_tag="919eeac0-55bc-41a1-a942-f85c98501b2b" fromVersion="2016.9.10.1" systemname="RTK-PC" username="SYSTEM" type="Update" source="Manual" datetime="2016-09-13T06:43:27.414873-07:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2016.9.13.8" name="Malware Database" last_modified_tag="78ede3b6-2cc4-4f85-9832-0b705f53a19a" fromVersion="2016.9.10.7" systemname="RTK-PC" username="SYSTEM" type="Update" source="Manual" datetime="2016-09-13T06:43:37.508090-07:00" LoggingEventType="1" severity="debug"/>

<record last_modified_tag="cff80d6f-043e-4449-8066-06b604989430" systemname="RTK-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2016-09-13T07:15:56.368907-07:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="1929" starttime="2016-09-13T06:43:47-07:00" scantype="threat"/>

</logs>

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2016/09/13 06:43:47 -0700</date>

<logfile>mbam-log-2016-09-13 (06-43-43).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.2.1.1043</version>

<malware-database>v2016.09.13.08</malware-database>

<rootkit-database>v2016.08.15.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<hostname>RTK-PC</hostname>

<ip>10.0.0.178</ip>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>doug</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>345746</objects>

<time>1929</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>0</datas>

<folders>0</folders>

<files>0</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items> </items>

</mbam-log>

How does this look?  seems to be running good.....

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.