Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible PC infection


  • Please log in to reply
16 replies to this topic

#1 CadenOlson

CadenOlson

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 28 December 2016 - 02:49 PM

Last night I got on to my computer for the first time in about a year. It was running a little slow so i opened up task manager to close everything and restart the computer. That was when I noticed the hundreds of programs opened from various titles such as "PC HELPER" or other malicious seeming programs. I ran malware bytes (a free anti-virus program) and it didn't catch anything. Even writing this article, my computer is very slow and glitchy. Any suggestions on what I should do?



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 28 December 2016 - 07:42 PM

Zemana Deep Scan.
 

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • oHw0QqX.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

 

 

Security Check Scan.

 

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

 

MiniToolBox Scan.

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

 

 

 

 

 

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 28 December 2016 - 07:55 PM

I ran malware bytes (a free anti-virus program) and it didn't catch anything.

 

 

They seem to be going downhill as of late, they must have fired the guy that cares.... They seem to be more focused on marketing more so than program development.....

 

Do not get discouraged as they are not really up to date with definitions.... They took on JRT and Adware cleaner, I assume the focus is on the programs now. Cause it certainly seems MBAM is headed in the direction of SuperAntiSpyware.... :flamethrower:



#4 CadenOlson

CadenOlson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 29 December 2016 - 12:33 PM

Zemana AntiMalware 2.70.2.244 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/12/28
Operating System       : Windows 7 64-bit
Processor              : 4X AMD Phenom™ II X4 840T Processor
BIOS Mode              : Legacy
CUID                   : 12F0098E9214597C720505
Scan Type              : Custom Scan
Duration               : 100m 18s
Scanned Objects        : 263014
Detected Objects       : 29
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

MSI2274.tmp
Status             : Scanned
Object             : %systemroot%\installer\msi2274.tmp
MD5                : C284C28B4A5F7B5F5ED236945122A90A
Publisher          : APN LLC
Size               : 93592
Version            : 1.0.0.1
Detection          : PUA:Win32/AskToolbar.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\installer\msi2274.tmp

couponprinter_x64.ocx
Status             : Scanned
Object             : %systemroot%\couponprinter_x64.ocx
MD5                : 86ADA205AE180B492E90D4BF8CF23CB5
Publisher          : Coupons, Inc.
Size               : 652160
Version            : 4.0.2.0
Detection          : Adware:Win32/Coupons!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\couponprinter_x64.ocx

npMozCouponPrinter.dll
Status             : Scanned
Object             : %localappdata%\google\chrome\application\plugins\npmozcouponprinter.dll
MD5                : A5FFA90A0CD5F08CDDDF7C4A4D1B4D9C
Publisher          : Coupons, Inc.
Size               : 248192
Version            : 4.0.2.0
Detection          : Adware:Win32/Coupons!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\google\chrome\application\plugins\npmozcouponprinter.dll

VERIFY.DLL.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\verify.dll.vir
MD5                : 1C4945F06AB24E466A56924195610857
Publisher          : Mindspark Interactive Network
Size               : 66272
Version            : 1.0.0.1
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\verify.dll.vir

T8TICKER.DLL.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\t8ticker.dll.vir
MD5                : 3D4ACA84349BFF8642DC00145BBC51C4
Publisher          : Mindspark Interactive Network
Size               : 72848
Version            : 2.0.1.4
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\t8ticker.dll.vir

T8EXTPEX.DLL.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\t8extpex.dll.vir
MD5                : 7F98949C5607F96114DD87A538F2B269
Publisher          : Mindspark Interactive Network
Size               : 80536
Version            : 1.0.0.5
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\t8extpex.dll.vir

T8RES.DLL.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\t8res.dll.vir
MD5                : E70006D2D182B06DEC3754EAE21DDC09
Publisher          : Mindspark Interactive Network
Size               : 194952
Version            : 1.0.0.24
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\t8res.dll.vir

5zmsg.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zmsg.dll.vir
MD5                : 92AAD41D2E12E797AF52D4BCD75CBED7
Publisher          : Mindspark Interactive Network
Size               : 161288
Version            : 1.0.4.14
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zmsg.dll.vir

5zmlbtn.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zmlbtn.dll.vir
MD5                : 896943B4B92B7E3F406844674F629076
Publisher          : Mindspark Interactive Network
Size               : 46480
Version            : 1.0.0.2
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zmlbtn.dll.vir

5zmedint.exe.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zmedint.exe.vir
MD5                : 04826C949A4DE20B5A95AD88363EA3C6
Publisher          : Mindspark Interactive Network
Size               : 22048
Version            : 1.0.0.3
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zmedint.exe.vir

T8EXTEX.DLL.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\t8extex.dll.vir
MD5                : 995C45CCB72AB2EFDD3F1602AD8EC907
Publisher          : Mindspark Interactive Network
Size               : 74248
Version            : 1.0.0.11
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\t8extex.dll.vir

EXEMANAGER.DLL.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\exemanager.dll.vir
MD5                : 511CDA01FB8A730349E0D6577136E053
Publisher          : Mindspark Interactive Network
Size               : 482888
Version            : 1.0.6.50
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\exemanager.dll.vir

DPNMNGR.DLL.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\dpnmngr.dll.vir
MD5                : 500B47A48A172C0625692FDCC01B3889
Publisher          : Mindspark Interactive Network
Size               : 289864
Version            : 1.0.6.50
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\dpnmngr.dll.vir

5zregfft.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zregfft.dll.vir
MD5                : 5DE55F0F8967FDB31EE5B259A5ABA975
Publisher          : Mindspark Interactive Network
Size               : 42512
Version            : 1.0.0.2
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zregfft.dll.vir

CrExtP5z.exe.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\crextp5z.exe.vir
MD5                : A39FD864F89F77A3DA2679F135AB7A67
Publisher          : Mindspark Interactive Network
Size               : 1370184
Version            : 1.0.6.50
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\crextp5z.exe.vir

5zradio.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zradio.dll.vir
MD5                : 4876E787ED8D945838235F8CFE079D05
Publisher          : Mindspark Interactive Network
Size               : 124304
Version            : 1.0.0.9
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zradio.dll.vir

5zuabtn.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zuabtn.dll.vir
MD5                : 6335D76EB910F4AE1FC616B208C7C300
Publisher          : Mindspark Interactive Network
Size               : 42384
Version            : 1.0.0.0
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zuabtn.dll.vir

5ztpinst.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5ztpinst.dll.vir
MD5                : CF0646BB879911192C833E314E0AFC57
Publisher          : Mindspark Interactive Network
Size               : 179480
Version            : 1.0.3.0
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5ztpinst.dll.vir

5zSrcAs.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zsrcas.dll.vir
MD5                : CB31249537D2758F73046888AA02CA7A
Publisher          : Mindspark Interactive Network
Size               : 62864
Version            : 1.2.3.5
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zsrcas.dll.vir

5zscript.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zscript.dll.vir
MD5                : 2C0327BAA4C4E39BC839FCAEB7156DD2
Publisher          : Mindspark Interactive Network
Size               : 46480
Version            : 1.0.0.3
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zscript.dll.vir

5zregiet.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zregiet.dll.vir
MD5                : A4C73C71941826DB74AF6598336EDA99
Publisher          : Mindspark Interactive Network
Size               : 42512
Version            : 1.0.0.2
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zregiet.dll.vir

5zbrstub.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zbrstub.dll.vir
MD5                : D3EFE03300CAF0FA2215206280D31220
Publisher          : Mindspark Interactive Network
Size               : 34192
Version            : 1.0.1.1
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zbrstub.dll.vir

5zdlghk.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zdlghk.dll.vir
MD5                : 8FB2C1103382577F8248D83E7487EA86
Publisher          : Mindspark Interactive Network
Size               : 50728
Version            : 1.0.1.4
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zdlghk.dll.vir

5zfeedmg.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zfeedmg.dll.vir
MD5                : F18D8BCB38DFD1409CF19F3EBD3DE3EA
Publisher          : Mindspark Interactive Network
Size               : 91648
Version            : 1.0.0.5
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zfeedmg.dll.vir

5zdyn.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zdyn.dll.vir
MD5                : 8D721A2BC356A862AC8B2349BBEB614C
Publisher          : Mindspark Interactive Network
Size               : 54672
Version            : 1.0.0.8
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zdyn.dll.vir

5zhighin.exe.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zhighin.exe.vir
MD5                : 635F5E4B01597D0BAF2422245C8FF541
Publisher          : Mindspark Interactive Network
Size               : 22048
Version            : 1.0.0.3
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zhighin.exe.vir

5zhkstub.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zhkstub.dll.vir
MD5                : 98E56FD43F64538BAA9B1F367951091F
Publisher          : Mindspark Interactive Network
Size               : 34344
Version            : 1.0.0.1
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zhkstub.dll.vir

5zhttpct.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zhttpct.dll.vir
MD5                : 6DF45CD8B40014F94F1A949FB96D3284
Publisher          : Mindspark Interactive Network
Size               : 83456
Version            : 1.0.0.12
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zhttpct.dll.vir

5zidle.dll.vir
Status             : Scanned
Object             : %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zidle.dll.vir
MD5                : 121FE87B463651D75C9BFF704883C978
Publisher          : Mindspark Interactive Network
Size               : 34192
Version            : 1.0.3.4
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\adwcleaner\quarantine\c\program files (x86)\couponxplorer_5z\bar\1.bin\5zidle.dll.vir

 

 

 

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 29.12.2016 10:30:33
Path starting: C:\Users\2011A\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: 2011A
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 10.11.2011 16:52:43
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Users\2011A\AppData\Local\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [917.8 Gb] Used: [121.4 Gb] Free: [796.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 10.0.9200.17609 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
The elevation prompt for administrators disabled
^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^
Automatically download and notify of installatio
Date install updates: 2016-12-28 17:22:50
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.7015.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Microsoft Security Essentials (enabled and up to date)
Emsisoft Anti-Malware (enabled and up to date)
360 Total Security (enabled)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Emsisoft Anti-Malware (enabled and up to date)
Microsoft Security Essentials (enabled and up to date)
Windows Defender (disabled and up to date)
360 Total Security (enabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Microsoft Security Essentials v.4.10.209.0
Emsisoft Anti-Malware v.12.0
360 Total Security v.9.0.0.1069
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Emsisoft Anti-Malware v.12.0
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.70.244
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.50901.0
7-Zip 9.20
-------------------------------- [ Java ] ---------------------------------
Java 7 Update 55 v.7.0.550 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u112-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.20.0.0.233 Warning! Download Update
Adobe Flash Player 24 ActiveX v.24.0.0.186
Adobe Flash Player 24 NPAPI v.24.0.0.186
Adobe Reader XI (11.0.16) v.11.0.16 Warning! Download Update
^Please run Adobe Reader XI and go Help - Check for updates...^
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
Mozilla Firefox (3.0.1) v.3.0.1 (en-US) Warning! Download Update
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.15.4.3502.0922
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Internet Explorer\iexplore.exe v.10.0.9200.17606
C:\Program Files (x86)\Internet Explorer\iexplore.exe v.10.0.9200.17609
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Emsisoft Anti-Malware\a2start.exe v.12.1.1.7014
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe v.12.1.1.7014
Emsisoft Protection Service (a2AntiMalware) - The service is running
C:\Program Files\Emsisoft Anti-Malware\a2service.exe v.12.1.1.7014
Microsoft Antimalware Service (MsMpSvc) - The service is running
C:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.10.209.0
Microsoft Network Inspection (NisSrv) - The service is running
C:\Program Files\Microsoft Security Client\NisSrv.exe v.4.10.209.0
Windows Defender (WinDefend) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
360 Total Security (QHActiveDefense) - The service is running
C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe v.9.0.0.1002
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe v.8.2.0.1000
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe v.9.0.0.1002
---------------------------- [ UnwantedApps ] -----------------------------
Unity Web Player Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
FATE v.2.2.0.95 << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Jewel Quest Solitaire 2 v.2.2.0.95 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------

 

 

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by 2011A (administrator) on 28-12-2016 at 20:50:00
Running from "C:\Users\2011A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NECGSBS7"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: HP Pavilion P6000 Series Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : 2011A-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.co.comcast.net

Wireless LAN adapter Wireless Network Connection 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 68-A3-C4-17-A8-E4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : hsd1.co.comcast.net
   Description . . . . . . . . . . . : 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : 68-A3-C4-17-A8-E5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2603:300b:c06:3800::fff2(Preferred)
   Lease Obtained. . . . . . . . . . : Wednesday, December 28, 2016 10:33:15 AM
   Lease Expires . . . . . . . . . . : Wednesday, January 04, 2017 10:33:15 AM
   IPv6 Address. . . . . . . . . . . : 2603:300b:c06:3800:e16d:1d81:41c4:7e27(Preferred)
   Temporary IPv6 Address. . . . . . : 2603:300b:c06:3800:dd16:267e:b19f:1f08(Preferred)
   Link-local IPv6 Address . . . . . : fe80::e16d:1d81:41c4:7e27%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.1.10.235(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, December 28, 2016 10:33:14 AM
   Lease Expires . . . . . . . . . . : Wednesday, January 04, 2017 4:46:03 PM
   Default Gateway . . . . . . . . . : fe80::7454:7dff:feb2:fffa%11
                                       10.1.10.1
   DHCP Server . . . . . . . . . . . : 10.1.10.1
   DHCPv6 IAID . . . . . . . . . . . : 236742045
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-37-CD-2F-78-AC-C0-AB-92-80
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.co.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 78-AC-C0-AB-92-80
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:283:4701:cb70:b13d:5d8a:78ab:d137(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:283:4701:cb70:f9be:d3d5:a79c:59c9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::b13d:5d8a:78ab:d137%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, December 28, 2016 10:33:05 AM
   Lease Expires . . . . . . . . . . : Wednesday, January 04, 2017 8:50:07 PM
   Default Gateway . . . . . . . . . : fe80::200:caff:fe11:2233%10
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 258224464
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-37-CD-2F-78-AC-C0-AB-92-80
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.co.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.co.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{947933C6-3D0A-435F-B182-804E4A4E5B3E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.co.comcast.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.co.comcast.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    google.com
Addresses:  2607:f8b0:400f:803::200e
   216.58.217.46

Pinging google.com [2607:f8b0:400f:803::200e] with 32 bytes of data:
Reply from 2607:f8b0:400f:803::200e: time=10ms
Reply from 2607:f8b0:400f:803::200e: time=12ms

Ping statistics for 2607:f8b0:400f:803::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 12ms, Average = 11ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=60ms
Reply from 2001:4998:58:c02::a9: time=60ms

Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 60ms, Maximum = 60ms, Average = 60ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...68 a3 c4 17 a8 e4 ......Microsoft Virtual WiFi Miniport Adapter #2
 11...68 a3 c4 17 a8 e5 ......802.11n Wireless LAN Card
 10...78 ac c0 ab 92 80 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.3     20
          0.0.0.0          0.0.0.0        10.1.10.1      10.1.10.235     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.3    276
         10.0.0.3  255.255.255.255         On-link          10.0.0.3    276
       10.0.0.255  255.255.255.255         On-link          10.0.0.3    276
        10.1.10.0    255.255.255.0         On-link       10.1.10.235    281
      10.1.10.235  255.255.255.255         On-link       10.1.10.235    281
      10.1.10.255  255.255.255.255         On-link       10.1.10.235    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.3    276
        224.0.0.0        240.0.0.0         On-link       10.1.10.235    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.3    276
  255.255.255.255  255.255.255.255         On-link       10.1.10.235    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    276 ::/0                     fe80::200:caff:fe11:2233
 11    281 ::/0                     fe80::7454:7dff:feb2:fffa
  1    306 ::1/128                  On-link
 10     28 2601:283:4701:cb70::/64  On-link
 10    276 2601:283:4701:cb70:b13d:5d8a:78ab:d137/128
                                    On-link
 10    276 2601:283:4701:cb70:f9be:d3d5:a79c:59c9/128
                                    On-link
 11     33 2603:300b:c06:3800::/64  On-link
 11    281 2603:300b:c06:3800::fff2/128
                                    On-link
 11    281 2603:300b:c06:3800:dd16:267e:b19f:1f08/128
                                    On-link
 11    281 2603:300b:c06:3800:e16d:1d81:41c4:7e27/128
                                    On-link
 10    276 fe80::/64                On-link
 11    281 fe80::/64                On-link
 10    276 fe80::b13d:5d8a:78ab:d137/128
                                    On-link
 11    281 fe80::e16d:1d81:41c4:7e27/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/28/2016 01:05:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: age2_x1.Exe, version: 0.7.22.627, time stamp: 0x39100af3
Faulting module name: age2_x1.Exe, version: 0.7.22.627, time stamp: 0x39100af3
Exception code: 0xc0000005
Fault offset: 0x0000d774
Faulting process id: 0xf1c
Faulting application start time: 0xage2_x1.Exe0
Faulting application path: age2_x1.Exe1
Faulting module path: age2_x1.Exe2
Report Id: age2_x1.Exe3

Error: (12/28/2016 11:12:12 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (12/28/2016 11:02:23 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/28/2016 10:44:20 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (12/28/2016 10:41:59 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/28/2016 10:34:29 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/28/2016 10:34:29 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/28/2016 10:34:29 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/28/2016 10:34:29 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/28/2016 10:34:25 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (12/28/2016 08:45:33 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 has encountered an error trying to upload a suspicious file for further analysis.

 Filename: C:\Users\2011A\Downloads\LL12 (1).exe

 Sha256: e4cb9826ac257da256767b3d05fd1d207eaa672798e35608c1cb306fdc9c39b8

 Current Signature Version: AV: 1.233.3413.0, AS: 1.233.3413.0

 Current Engine Version: 1.1.13303.0

 Error code: 0x80078032

Error: (12/28/2016 04:16:10 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.1.10.235.
The computer with the IP address 10.1.10.75 did not allow the name to be claimed by
this computer.

Error: (12/28/2016 10:34:29 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/28/2016 10:34:29 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/28/2016 10:30:13 AM) (Source: NetBT) (User: )
Description: The driver could not be created.

Error: (12/28/2016 10:30:13 AM) (Source: NetBT) (User: )
Description: The driver could not be created.

Error: (12/28/2016 10:30:13 AM) (Source: NetBT) (User: )
Description: The driver could not be created.

Error: (12/28/2016 10:30:13 AM) (Source: NetBT) (User: )
Description: The driver could not be created.

Error: (12/28/2016 10:30:13 AM) (Source: NetBT) (User: )
Description: The driver could not be created.

Error: (12/28/2016 10:30:13 AM) (Source: NetBT) (User: )
Description: The driver could not be created.

Microsoft Office Sessions:
=========================
Error: (12/28/2016 01:05:02 PM) (Source: Application Error)(User: )
Description: age2_x1.Exe0.7.22.62739100af3age2_x1.Exe0.7.22.62739100af3c00000050000d774f1c01d26145aa75d43cC:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.ExeC:\Program Files (x86)\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exeea76046e-cd38-11e6-a57a-78acc0ab9280

Error: (12/28/2016 11:12:12 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (12/28/2016 11:02:23 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/28/2016 10:44:20 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (12/28/2016 10:41:59 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/28/2016 10:34:29 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/28/2016 10:34:29 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/28/2016 10:34:29 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/28/2016 10:34:29 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/28/2016 10:34:25 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

=========================== Installed Programs ============================

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 9.0.0.1069 - 360 Security Center)
7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (HKLM-x32\...\WT087428) (Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.2 build 4667 (Jan-19-2015) - Carbonite)
ccc-core-static (HKLM-x32\...\{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}) (Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT087453) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)
CouponXplorer Firefox Toolbar (HKLM-x32\...\CouponXplorer_5zbar Uninstall Firefox) (Version:  - Mindspark Interactive Network)
CouponXplorer Internet Explorer Toolbar (HKLM-x32\...\CouponXplorer_5zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 12.0 - Emsisoft Ltd.)
Escape Rosecliff Island (HKLM-x32\...\WT087360) (Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
File Association Manager (HKLM-x32\...\FileAssociationManager) (Version: 0.5 - Amnis Technology Ltd)
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
Google Chrome (HKCU\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.5.0.1132 (HKCU\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)
Heroes of Hellas 2 - Olympia (HKLM-x32\...\WT087372) (Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E94AE378-725A-41FF-BA24-397469D27FC8}) (Version: 1.3.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Jewel Quest Solitaire 2 (HKLM-x32\...\WT087379) (Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.17.0.131 - LogMeIn, Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LogMeIn (HKLM-x32\...\{22461A1C-BD68-4D90-9897-1DB146D55ECB}) (Version: 4.1.2504 - LogMeIn, Inc.)
LogMeIn (HKLM-x32\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{5BACF64B-2775-4395-9A8D-AC6904962E38}) (Version: 1.3.2254 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4885.1001 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (3.0.1) (HKLM-x32\...\Mozilla Firefox (3.0.1)) (Version: 3.0.1 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (HKLM-x32\...\WT089299) (Version: 2.2.0.95 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (HKLM-x32\...\WT087501) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PROMAS Landmaster  V2014 (HKLM-x32\...\PROMAS Landmaster  V2014) (Version:  - )
PROMAS Landmaster V2012 (HKLM-x32\...\PROMAS Landmaster V2012) (Version:  - )
QuickBooks (HKLM-x32\...\{3167CC62-C775-4E47-92C1-73EBB845751A}) (Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4006.2305 - Intuit Inc.)
QuickBooks Product Listing Service (HKLM-x32\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3219 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
SLOW-PCfighter (HKLM\...\{7648D847-AEBC-4DEF-ADA2-F93314A5F4F2}) (Version: 1.7.68 - SPAMfighter ApS) Hidden
SLOW-PCfighter (HKLM\...\SLOW-PCfighter) (Version: 1.7.68 - SPAMfighter ApS.)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Tenda Wireless LAN Card (HKLM-x32\...\{30575C28-305D-4032-B2CC-41A8291D7B82}) (Version: 1.0.0.0 - Tenda)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Virtual Families (HKLM-x32\...\WT087414) (Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17305 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.244 - Zemana Ltd.)
Zuma Deluxe (HKLM-x32\...\WT087533) (Version: 2.2.0.95 - WildTangent) Hidden

========================= Devices: ================================

**** End of log ****

 

 

 

 

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 151.45776

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.10.9200.17609
2011A :: 2011A-HP

12/29/2016 9:29:23 AM
9lab-log-2016-12-29 (09-29-23).txt

Scan type: Full
Objects scanned: 49812
Time Elapsed: 51 m 20 s

Registry Keys detected: 41
Rogue.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SLOW-PCfighter]
Adware.RPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\Interface\{E2DAE1A4-09EE-4209-AD3B-1C96330EDCEF}]
Adware.RPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\Interface\{C285FFF4-DE32-402D-B8FD-6F34F1D5920C}]
Adware.RPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\Interface\{A8168AFE-9F36-49DE-A80A-00D19FB50207}]
Adware.RPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\Interface\{9EF88362-131D-48B0-8969-CCC96F897AB8}]
Adware.RPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\Interface\{7A739956-FB82-4379-AF60-E38C48226AA7}]
Adware.RPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\Interface\{47A124BA-A6E2-4ED4-AA6F-84FF29E4D7DC}]
Adware.RPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\Interface\{269D72FF-8629-4DB6-AB4F-86AA3A92F8A9}]
Adware.RPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\Interface\{200F1306-1316-473B-90CE-A777144BBDF5}]
Adware.RPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\Interface\{0D8734DB-7110-4CDB-833F-52BC93865AB2}]
Adware.RMPL.MyWebSearch.vl [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HappinessInfusion_5wEI]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.DynamicBarButton]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.DynamicBarButton.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.FeedManager]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.FeedManager.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.HTMLMenu]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.HTMLMenu.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.HTMLPanel]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.HTMLPanel.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.MultipleButton]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.MultipleButton.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.PseudoTransparentPlugin]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.PseudoTransparentPlugin.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.Radio]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.Radio.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.RadioSettings]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.RadioSettings.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.ScriptButton]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.ScriptButton.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.SettingsPlugin]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.SettingsPlugin.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.ThirdPartyInstaller]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.ThirdPartyInstaller.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.ToolbarProtector]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.ToolbarProtector.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.UrlAlertButton]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.UrlAlertButton.1]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.XMLSessionPlugin]
Adware.RMPL.MyWebSearch.vl [HKEY_CLASSES_ROOT\CouponXplorer_5z.XMLSessionPlugin.1]
Adware.RMPL.MultiPlug.vl [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponXplorer_5zbar Uninstall Firefox]
Adware.RMPL.MultiPlug.vl [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponXplorer_5zbar Uninstall Internet Explorer]

Registry Values detected: 1
Risk.EnableLUA [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA]

ActiveX detected: 2
[86ADA205AE180B492E90D4BF8CF23CB5] Adware.Gen.vl!c [{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} c:\Windows\couponprinter_x64.ocx]
[86ADA205AE180B492E90D4BF8CF23CB5] Adware.Gen.vl!c [{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} c:\Windows\couponprinter_x64.ocx]

Files detected: 24
[D412D45DC1E5D44DB6823078F6ABD9BF] Trojan.FPL.Tesch.yp [c:\users\2011a\appdata\roaming\Blio\Cache\045dbb50669733de945336542febcde8.jpg]
[2D9B6DD56692B88C7E5D4BFCC906B76A] Trojan.FPL.Tesch.yp [c:\users\2011a\appdata\roaming\Blio\Cache\library.xml]
[BF672ACA546D14548206F8A34D42D38E] Trojan.FPL.Tesch.yp [c:\users\2011a\appdata\roaming\Blio\Log\Log (Build 2.0.5350.0).txt]
[3CDFECE9EA449A5DFBEF49CD42AFA8D2] Trojan.FPL.Tesch.yp [c:\users\2011a\appdata\roaming\Blio\Settings.xml]
[C9F0F895FB98AB9159F51FD0297E236D] PUP.FPL.Gen.vl [C:\Program Files (x86)\FileAssociationManager\data_version.txt]
[C93A2BA6E4AFC137DBDEF7DAF52AB198] PUP.FPL.Gen.vl [C:\Program Files (x86)\FileAssociationManager\extensions.txt]
[350C620641EF9FCCAF88E6EF3B0FCE09] PUP.FPL.Gen.vl [C:\Program Files (x86)\FileAssociationManager\FAM.exe]
[7934939A13C4E5639C08CD86ACDE395A] PUP.FPL.Gen.vl [C:\Program Files (x86)\FileAssociationManager\README.txt]
[A4A84AD78456BDE80E21B3C59B1C4386] PUP.FPL.Gen.vl [C:\Program Files (x86)\FileAssociationManager\uninstall-fam.exe]
[8D462403B9030714C0CCE4371D0D20F8] PUP.FPL.Gen.vl [C:\Program Files (x86)\FileAssociationManager\Updater.exe]
[1DAFF5154CF072BFC1657E6A2B42836C] Rogue.MPL.Gen.vl [c:\windows\system32\tasks\SLOW-PCfighter64-2011A-Notification]
[65FA698459EE03B9B4F4E4517A0FF363] Rogue.MPL.Gen.vl [c:\windows\system32\tasks\SLOW-PCfighter64-2011A-Startup]
[FF8FD828A0A6059807BF4C77087ED88A] Rogue.MPL.Gen.vl [c:\windows\tasks\SLOW-PCfighter64-2011A-Notification.job]
[E0D45E49AF1FE9C580C3C57033D414AC] Rogue.MPL.Gen.vl [c:\windows\tasks\SLOW-PCfighter64-2011A-Startup.job]
[011B965A47E2BA8CE20A2820B2228338] Adware.PL.VGen.vl [C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js]
[CB358C51D63629AE6BD7AA7860951017] Adware.MPL.VGen.vl [C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js]
[7DED12CC3C592AEE4F6A90BB442D50F0] Adware.MPL.VGen.vl [C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js]
[33198509798A3432F53BA527492DB700] Adware.MPL.VGen.vl [C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js]
[117B2242E8074EA585950A26B4A83BC6] Malware.Win32.Gen.sm!s4 [C:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Full-Existing\DXStress.exe]
[A5FFA90A0CD5F08CDDDF7C4A4D1B4D9C] Adware.Gen.vl!c [C:\Users\2011A\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll]
[6D25150E833F2063EC1D02DFACACAE69] Cert2-Malware.Win32.Pack.1143!se [C:\Users\2011A\AppData\Local\Temp\{e57e7b46-fff7-4575-85f0-d1a2ccfc94f2}\GameRanger.dll]
[6D25150E833F2063EC1D02DFACACAE69] Cert2-Malware.Win32.Pack.1143!se [C:\Users\2011A\AppData\Roaming\GameRanger\GameRanger\Data\GameRanger.dll]
[86ADA205AE180B492E90D4BF8CF23CB5] Adware.Gen.vl!c [C:\Windows\couponprinter_x64.ocx]
[C284C28B4A5F7B5F5ED236945122A90A] PUP.Ask.dd!c [C:\Windows\Installer\MSI2274.tmp]

 

 

Thank you so much for your help!!! I am very sorry but the adware removal tool log wouldn't go into a notepad so I don't have that log this response. Again, thanks for your help!



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 29 December 2016 - 05:46 PM

How are things running now?



#6 CadenOlson

CadenOlson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 30 December 2016 - 10:11 AM

Things seem to be running better! Programs open and close much quicker now, there is an obvious difference between now and a few days ago.

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 30 December 2016 - 12:19 PM

Clean up temp files and reduce startup load with CCleaner.
 

  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • Leave only your antivirus enabled.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender.Or your antivirus.
  • Reboot the machine.

 

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.
 

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.





  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

 

Reset Host File

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

Disable IPV6


Instructions here.
 

  1. Hit start
  2. Control Panel
  3. Network & Internet
  4. NetWork & Sharing Center
  5. Change Adapter Settings.
  6. Right Click Your Connection
  7. Select Properties
  8. Un-Check Ipv6
  9. Hit ok.

Sdy7oFH.png



Reset Host File

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

Change some settings.


Use this tool to remove the Tunnel adapters.




Disable Computer Browser Service



1. Press the Windows + R key at the same time, a Run Window will appear
2. Type or copy and paste Services.msc hit enter.
3. Scroll to the Computer Browser Service
4. Right-Click Computer Browser Service and choose Stop the service.
5. Right Click Computer Browser Service again select Properties.
6. Change the Startup type to disabled.

Uh8lcOJ.png
7. Hit Apply then Ok.


Uninstall Netbt Driver.


1. Press the Windows + R key at the same time, a Run Window will appear.
2. Now enter or copy and paste devmgmt.msc in the Run Window and click on OK
3. Click on View and select Show Hidden Devices


pEaOQt9.png


4. Then click on and unfold Non-Plug and Play Driver

NmvnIVR.png

5. Then find NET BT, Right-click the device and choose to Uninstall the Driver.
6. Reboot your device when asked.




Hit enter after each command below.




1. Open Start and type cmd, then right-click Command Prompt and choose Run as Administrator
2. Once Command Prompt has started enter the following command. nbtstat -R
3. Wait for that command to complete, a new line will appear, now enter the following command. nbtstat -RR
4 Wait for that command to complete, a new line will appear, now enter the following command. Shutdown – R


Disable netbios over tcpip.



Windows key & r at the same time.
Type or copy and paste ncpa.cpl hit enter.
Right click your connection hit properties.
Select internet protocol version 4 then properties.
Select Advanced, then Wins tab.
Put a tick next to Disable Net Bios over TCPIP.




Use DNS Jumper to set your dns to google dns.



Dns Jumper Download

 



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 30 December 2016 - 05:48 PM

Grab your free 6 month copy of adguard.

 

 

Update your old programs with Patch My PC

 

 

Set your routers DNS to Alternate DNS -- This will stop 70 % of ads on all your devices connected to it.

 

 

You also need to only have one antivirus, you seem to have three,.....

 

 

Emsisoft Protection Service (a2AntiMalware) - The service is running
Microsoft Antimalware Service (MsMpSvc) - The service is running
360 Total Security (QHActiveDefense) - The service is running

 

 

Remove the programs below with Geek Uninstaller --- Use Force Mode if needed.

 

CouponXplorer Firefox Toolbar (HKLM-x32\...\CouponXplorer_5zbar Uninstall Firefox) (Version:  - Mindspark Interactive Network)
CouponXplorer Internet Explorer Toolbar (HKLM-x32\...\CouponXplorer_5zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
SLOW-PCfighter (HKLM\...\{7648D847-AEBC-4DEF-ADA2-F93314A5F4F2}) (Version: 1.7.68 - SPAMfighter ApS) Hidden
SLOW-PCfighter (HKLM\...\SLOW-PCfighter) (Version: 1.7.68 - SPAMfighter ApS.)



After the above, please post a new Security Check Log.


Edited by InadequateInfirmity, 30 December 2016 - 05:58 PM.


#9 CadenOlson

CadenOlson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 30 December 2016 - 06:12 PM

# AdwCleaner v6.041 - Logfile created 30/12/2016 at 14:29:01

# Updated on 16/12/2016 by Malwarebytes

# Database : 2016-12-29.2 [Server]

# Operating System : Windows 7 Home Premium Service Pack 1 (X64)

# Username : Caden - CADEN

# Running from : C:\Users\Caden\Desktop\adwcleaner_6.041.exe

# Mode: Clean

# Support : https://www.malwarebytes.com/support


 

***** [ Services ] *****


 

***** [ Folders ] *****

 

[-] Folder deleted: C:\Users\2011A\AppData\Roaming\FileAssociationManager

[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

 

***** [ Files ] *****

 

[-] File deleted: C:\Users\2011A\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml

[-] File deleted: C:\Users\2011A\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaojmikegpiepcfdkkjaplodkpfmlo_0.localstorage

[-] File deleted: C:\Users\2011A\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage

 

***** [ DLL ] *****


 

***** [ WMI ] *****


 

***** [ Shortcuts ] *****


 

***** [ Scheduled Tasks ] *****


 

***** [ Registry ] *****

 

[-] Key deleted: HKLM\SOFTWARE\Classes\.wtb

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\.wtb

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9

 

***** [ Web browsers ] *****

 

[-] [C:\Users\2011A\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: websearch.ask.com

[-] [C:\Users\2011A\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

[-] [C:\Users\2011A\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com_

[-] [C:\Users\2011A\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

[-] [C:\Users\2011A\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ippkomaaonokjnfjoikaemidanojkfmm

[-] [C:\Users\Caden\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

[-] [C:\Users\Caden\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

 

*************************

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C0].txt - [5904 Bytes] - [30/12/2016 14:29:01]

C:\AdwCleaner\AdwCleaner[R0].txt - [6880 Bytes] - [05/12/2013 10:36:27]

C:\AdwCleaner\AdwCleaner[R1].txt - [2681 Bytes] - [17/01/2014 12:39:02]

C:\AdwCleaner\AdwCleaner[S0].txt - [7036 Bytes] - [05/12/2013 10:38:21]

C:\AdwCleaner\AdwCleaner[S1].txt - [6244 Bytes] - [30/12/2016 14:25:44]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6269 Bytes] ##########



 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.0 (12.05.2016)

Operating System: Windows 7 Home Premium x64

Ran by Caden (Administrator) on Fri 12/30/2016 at 15:02:51.60

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



 

File System: 34

 

Successfully deleted: C:\ProgramData\drivergenius (Folder)

Successfully deleted: C:\ProgramData\Start Menu\Programs\driver genius (Folder)

Successfully deleted: C:\Users\Caden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Caden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Caden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Caden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSC90YUE (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Caden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Caden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LR424MKU (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Caden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSXA2LTW (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Caden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSAEVGIS (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSC90YUE (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LR424MKU (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSXA2LTW (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSAEVGIS (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\SysWOW64\sho1D2C.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho2954.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho4163.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho43CA.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho5E8.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho937A.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho93F8.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho9F4A.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoAB2E.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoB184.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoB198.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoB7C4.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoD23B.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoFC1.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoFC49.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoFDDE.tmp (File)


 

Registry: 1

 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} (Registry Key)



 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 12/30/2016 at 15:11:47.56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



 

-|x| RstHosts v2.0 - Rapport créé le 30/12/2016 à 15:16:02

-|x| Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

-|x| Nom d'utilisateur : Caden - CADEN (Administrateur)

 

-|x|- Informations -|x|-

 

Emplacement : C:\Windows\System32\drivers\etc\hosts

Attribut(s) : RASH

Propriétaire : Administrators - BUILTIN

Taille : 89 bytes

Date de création : 13/07/2009 - 19:34:48

Date de modification : 30/12/2016 - 15:15:47

Date de dernier accès : 30/12/2016 - 15:15:47

 

-|x|- Contenu du fichier -|x|-

 

# Fichier Hosts créé par RstHosts

 

127.0.0.1       localhost

::1             localhost

 

-|x|- E.O.F - C:\RstHosts.txt - 621 bytes -|x|-



 

-|x| RstHosts v2.0 - Rapport créé le 30/12/2016 à 15:19:27

-|x| Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

-|x| Nom d'utilisateur : Caden - CADEN (Administrateur)

 

-|x|- Informations -|x|-

 

Emplacement : C:\Windows\System32\drivers\etc\hosts

Attribut(s) : RASH

Propriétaire : Administrators - BUILTIN

Taille : 89 bytes

Date de création : 13/07/2009 - 19:34:48

Date de modification : 30/12/2016 - 15:19:18

Date de dernier accès : 30/12/2016 - 15:19:18

 

-|x|- Contenu du fichier -|x|-

 

# Fichier Hosts créé par RstHosts

 

127.0.0.1       localhost

::1             localhost

 

-|x|- E.O.F - C:\RstHosts.txt - 621 bytes -|x|-





 



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 30 December 2016 - 06:31 PM

After all of the above is complete, clean your event viewer logs reboot your computer and post a new minitoolbox log with the same settings that you ran them earlier in this thread.



#11 CadenOlson

CadenOlson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 30 December 2016 - 07:23 PM

These programs were not on Geek Uninstaller 
 
CouponXplorer Firefox Toolbar (HKLM-x32\...\CouponXplorer_5zbar Uninstall Firefox) (Version:  - Mindspark Interactive Network)
CouponXplorer Internet Explorer Toolbar (HKLM-x32\...\CouponXplorer_5zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network)
SLOW-PCfighter (HKLM\...\{7648D847-AEBC-4DEF-ADA2-F93314A5F4F2}) (Version: 1.7.68 - SPAMfighter ApS) Hidden
SLOW-PCfighter (HKLM\...\SLOW-PCfighter) (Version: 1.7.68 - SPAMfighter ApS.)
 
SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 30.12.2016 17:19:16
Path starting: C:\Users\Caden\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Caden
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________
 
Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 10.11.2011 16:52:43
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [917.8 Gb] Used: [121.6 Gb] Free: [796.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 10.0.9200.17609 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
The elevation prompt for administrators disabled
^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^
Automatically download and notify of installatio
Date install updates: 2016-12-28 17:22:50
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.7015.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Microsoft Security Essentials (enabled and up to date)
Emsisoft Anti-Malware (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
Disabled the public profile of Windows Firewall
Disabled the standard profile for Windows Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Emsisoft Anti-Malware (enabled and up to date)
Microsoft Security Essentials (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Microsoft Security Essentials v.4.10.209.0
-------------------------- [ SecurityUtilities ] --------------------------
Emsisoft Anti-Malware v.12.0
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Adguard v.6.1.298.1564
Zemana AntiMalware v.2.70.244
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 16.04 (x64 edition) v.16.04.00.0
Microsoft Silverlight v.5.1.50901.0
7-Zip 9.20
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.24.0.0.180
Adobe Flash Player 24 ActiveX v.24.0.0.186
Adobe Flash Player 24 NPAPI v.24.0.0.186
Adobe Acrobat Reader DC v.15.020.20039 Warning! Download Update
^Please run Acrobat Reader DC and go Help - Check for updates...^
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
Mozilla Firefox 50.1.0 (x86 en-US) v.50.1.0
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.15.4.3502.0922
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.55.0.2883.87
chrome.exe
------------------ [ AntivirusFirewallProcessServices ] -------------------
Adguard Service (Adguard Service) - The service is running
C:\Program Files (x86)\Adguard\AdguardSvc.exe v.6.1.298.1564
C:\Program Files\Emsisoft Anti-Malware\a2start.exe v.12.1.1.7014
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe v.12.1.1.7014
Emsisoft Protection Service (a2AntiMalware) - The service is running
C:\Program Files\Emsisoft Anti-Malware\a2service.exe v.12.1.1.7014
Microsoft Antimalware Service (MsMpSvc) - The service is running
C:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.10.209.0
Microsoft Network Inspection (NisSrv) - The service is running
C:\Program Files\Microsoft Security Client\NisSrv.exe v.4.10.209.0
Windows Defender (WinDefend) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service has stopped
360 Total Security (QHActiveDefense) - The service has stopped
----------------------------- [ End of Log ] ------------------------------


#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 30 December 2016 - 08:06 PM

Ok, you can remove hidden items with D-Unisntaller.

 

Other than that, how is your machine running?

 

Are you happy to call this issue solved?



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 30 December 2016 - 08:07 PM

Also, it seems that you just disabled 360 Total security --- 360 Total Security (QHActiveDefense) - The service has stopped

 

I highly advise that you uninstall it...

 

Edit: I also suggest that you reset the windows firewall to default settings.


Edited by InadequateInfirmity, 30 December 2016 - 08:09 PM.


#14 CadenOlson

CadenOlson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 30 December 2016 - 08:14 PM

For some reason I can't figure out how to install d uninstaller, i don't see any links for downloading. My machine is running much better, the only abnormality is that sometimes when i reboot, it sits on a black screen and doesn't do anything. The only way i can get out of this screen is to go into safe mode, and then continue to log out. Other than that, it is running much faster, and I am very happy with the position that my computer is now in. 



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 PM

Posted 30 December 2016 - 08:33 PM

For some reason I can't figure out how to install d uninstaller, i don't see any links for downloading.

 

 

The link for the D-Uninstaller is near the bottom of the page.  As an alternate you can delete remnants with Everything Search Engine 

 

 

Add the take ownership to your right click as you may need this. Also, install unlocker.

 

 

 

TMHndNV.png

 

This guide will show you how to use unlocker to remove multiple files.

Jrcq6Zr.png

 

 

My machine is running much better, the only abnormality is that sometimes when i reboot, it sits on a black screen and doesn't do anything.

 

 

 

 

Time to run a check disk on the machine.

 

Run chkdsk /f /r from elevated command prompt.

 

 

 

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.



Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.



Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users