# DNS server



## Britfellow (Dec 26, 2013)

Can someone please explain what the DNS server is and why it does not respond?.
When I try to log on to my e-mail account [email protected] I am constantly getting the message " DNS server not responding". Then when I click " close" I can access my e-mail ????????
Thank you.


----------



## lunarlander (Sep 22, 2007)

A DNS server is a system that houses domain names and their ip address. Say you type in google.com into your browser. The browser go ask the DNS server what the ip address of google.com is, and then use the ip address to contact google and retrieve the web page.

Usually, the DNS server your system uses is fetched from your ISP. But you can specify it yourself in your network settings.


----------



## Britfellow (Dec 26, 2013)

Thank you lunarlander ... not sure how to use that information.
Thanks again


----------



## lunarlander (Sep 22, 2007)

If you have the Network icon on your desktop ( you can customize the set of icons thats displayed ) you can right click on it and choose Properties. Then click on Local Area Connection, Properties button, and you will see a list of networking components. Click on IPv4 and choose Properties. In here, you are given 2 spots to key in your preferred DNS servers. I use the ips of the OpenDNS servers, 208.67.222.222 and 208.67.220.220. Keying in your own DNS addresses is not really necessary, because as it says on that panel, DNS servers can be obtained automatically, through your router from your ISP. But when in your case where the ISP's DNS servers are not always responding quickly, you can try the OpenDNS addresses and see if things improve.


----------



## Hingle (Feb 4, 2014)

You can get the best dns server for your machine with this tool.
http://code.google.com/p/namebench/

After you apply the dns settings then you will need to flush your dns then register it and reboot.

From elevated command enter one at a time and hit enter after.

ipconfig /flushdns
ipconfig /registerdns

Then run temp file cleaner like this one,yes it works on windows 7 I use it on my machine.
http://www.atribune.org/?option=com_content&task=view&id=25&Itemid=25


----------



## Britfellow (Dec 26, 2013)

My apologies for the way that this screen shot appears, I really have no clue as to how to resize properly. this is the listing of the LAN on my computer. Do I need to change anything?. Thank you .


----------



## Hingle (Feb 4, 2014)

There is no screen shot if you have difficulties then upload the shot to http://imgur.com/ then post the resulting link.


----------



## Britfellow (Dec 26, 2013)

Thanks hingle ... I have followed the instructions to upload a file .. hopefully it appears, although I don't see the attachment anywhere !!. It shows the listing of LAN on my laptop.


----------



## Hingle (Feb 4, 2014)

Download minitoolbox and post the log run it with the following boxes ticked.

http://www.bleepingcomputer.com/download/minitoolbox/

List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs


----------



## Britfellow (Dec 26, 2013)

Thanks hingle ... I downloaded the link, it now shows a huge log. Do you need me to post the log for viewing?, if so, how do I do that?. Do I need to do anything further since downloading?.
thanks again.


----------



## Hingle (Feb 4, 2014)

Well the idea is for you to copy and paste it here for my review.

If I find any issues then I will point them out for you.


----------



## Britfellow (Dec 26, 2013)

Another snag, hingle .... how do I copy and paste?, I tried right click, nothing to indicate "copy" or "paste"! 
Thank you.


----------



## Hingle (Feb 4, 2014)

Open the log.
Edit at the top of notepad.
Select all.
Right click copy.
When you reply here, right click under a word you type.
Select paste.


----------



## Britfellow (Dec 26, 2013)

Thank you hiMiniToolBox by Farbar Version: 23-01-2014
Ran by james (administrator) on 05-02-2014 at 13:13:45
Running from "C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00Y1X13U"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================
Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration
Host Name . . . . . . . . . . . . : james-PC
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : netgear.com
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-1B-B1-8D-38-A8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 00-1B-B1-8D-38-A8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : netgear.com
Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : F0-4D-A2-C0-BA-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2602:306:c868:a209:15b:d9f3:3ab8:bb59(Preferred) 
Temporary IPv6 Address. . . . . . : 2602:306:c868:a209:84fc:964f:e5dc:7b6b(Preferred) 
Link-local IPv6 Address . . . . . : fe80::15b:d9f3:3ab8:bb59%10(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 05, 2014 10:54:17 AM
Lease Expires . . . . . . . . . . : Thursday, February 06, 2014 1:06:47 PM
Default Gateway . . . . . . . . . : fe80::4e60:deff:feb5:7a6e%10
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 250629538
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-9D-79-B7-F0-4D-A2-C0-BA-11
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Reusable ISATAP Interface {8E7B7322-C28F-4C7C-B863-EAC900B081C3}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.netgear.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:38ab:c13:3f57:febf(Preferred) 
Link-local IPv6 Address . . . . . : fe80::38ab:c13:3f57:febf%13(Preferred) 
Default Gateway . . . . . . . . . : 
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.Belkin:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Name: google.com
Addresses: 2607:f8b0:4004:800::1004
74.125.228.134
74.125.228.130
74.125.228.132
74.125.228.133
74.125.228.136
74.125.228.142
74.125.228.128
74.125.228.137
74.125.228.129
74.125.228.135
74.125.228.131

Pinging google.com [2607:f8b0:4004:803::100e] with 32 bytes of data:
Reply from 2607:f8b0:4004:803::100e: time=26ms 
Reply from 2607:f8b0:4004:803::100e: time=26ms 
Ping statistics for 2607:f8b0:4004:803::100e:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 26ms, Average = 26ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Name: yahoo.com
Addresses: 98.139.183.24
206.190.36.45
98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=137ms TTL=41
Reply from 206.190.36.45: bytes=32 time=148ms TTL=41
Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 137ms, Maximum = 148ms, Average = 142ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...06 1b b1 8d 38 a8 ......Microsoft Virtual WiFi Miniport Adapter
11...00 1b b1 8d 38 a8 ......Atheros AR9285 802.11b/g/n WiFi Adapter
10...f0 4d a2 c0 ba 11 ......Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 276 ::/0 fe80::4e60:deff:feb5:7a6e
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:90d7:38ab:c13:3f57:febf/128
On-link
10 28 2602:306:c868:a209::/64 On-link
10 276 2602:306:c868:a209:15b:d9f3:3ab8:bb59/128
 On-link
10 276 2602:306:c868:a209:84fc:964f:e5dc:7b6b/128
On-link
10 276 fe80::/64 On-link
13 306 fe80::/64 On-link
10 276 fe80::15b:d9f3:3ab8:bb59/128
On-link
13 306 fe80::38ab:c13:3f57:febf/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (02/04/2014 07:07:19 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (02/04/2014 10:56:37 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (02/02/2014 00:02:09 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (01/31/2014 04:47:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (01/31/2014 04:47:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (01/31/2014 11:43:03 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (01/31/2014 11:43:03 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (01/31/2014 10:07:31 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (01/31/2014 10:07:31 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (01/31/2014 09:38:29 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (02/05/2014 10:55:01 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/05/2014 10:53:56 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:53:03 AM on ?2/?5/?2014 was unexpected.
Error: (02/05/2014 10:18:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/05/2014 10:17:20 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:15:38 AM on ?2/?5/?2014 was unexpected.
Error: (02/05/2014 10:15:52 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (02/02/2014 02:51:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
Error: (02/02/2014 11:10:33 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
Error: (01/31/2014 01:06:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (01/31/2014 01:05:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (01/30/2014 11:20:58 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd

Microsoft Office Sessions:
=========================
Error: (02/04/2014 07:07:19 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (02/04/2014 10:56:37 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (02/02/2014 00:02:09 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (01/31/2014 04:47:16 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (01/31/2014 04:47:16 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (01/31/2014 11:43:03 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (01/31/2014 11:43:03 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (01/31/2014 10:07:31 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (01/31/2014 10:07:31 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (01/31/2014 09:38:29 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 6.2.2)
ABBYY FineReader 9.0 Sprint (Version: 9.00.595.5857)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Belkin Setup and Router Monitor
BufferChm (Version: 140.0.212.000)
Coupon Printer for Windows (Version: 5.0.0.1)
D1600 (Version: 140.0.690.000)
D3DX10 (Version: 15.4.2368.0902)
DefaultTab (Version: 1.2.8.0)
DefaultTab Chrome (Version: 1.1.25)
Defraggler (Version: 2.15)
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell DataSafe Online (Version: 2.1.19634)
Dell Dock (Version: 2.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Home Systems Service Agreement (Version: 2.0.0)
Dell Product Registration (Version: 1.0.3)
Dell Support Center (Version: 3.0.5621.01)
Dell System Detect (Version: 5.4.0.4)
Dell Touchpad (Version: 7.1107.101.209)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless Driver Installation (Version: 8.0)
DJ_SF_06_D1600_SW_Min (Version: 140.0.690.000)
FoxTab Media Player
Google+ Auto Backup (Version: 1.0.21.81)
HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6 (Version: 14.0)
HPPhotoGadget (Version: 140.0.524.000)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2202)
Intel(R) Rapid Storage Technology (Version: 9.6.4.1002)
InternetHelper3.7 Toolbar for IE (Version: 6.17.2.8)
Java 7 Update 10 (64-bit) (Version: 7.0.100)
Junk Mail filter update (Version: 15.4.3502.0922)
Lexmark S410 Series Uninstaller
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
PDF Creator
PDF Creator Packages
Picasa 3 (Version: 3.9)
Quickset64 (Version: 10.06.02)
Realtek High Definition Audio Driver (Version: 6.0.1.6136)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30109)
Roxio Burn (Version: 1.01)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.11 (Version: 6.11.102)
Software Version Updater (Version: 1.1.3.8)
SUPERAntiSpyware (Version: 5.7.1018)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 140.0.428.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for PDF Creator
WebReg (Version: 140.0.212.017)
WhiteSmoke New Toolbar for IE (Version: 6.16.1.9)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)
**** End of log ****
ngle


----------



## Hingle (Feb 4, 2014)

I see some items that need to be taken care of before we proceed I am not authorized in this forum to deal with malware so let me ask another member to assist you on removing some adware/malware from your machine before we proceed.


----------



## Britfellow (Dec 26, 2013)

Thank you hingle. I have run the SuperantiSpyware program several times, there is always a long list of adware items shown up.
Thanks again.


----------



## Hingle (Feb 4, 2014)

There are many other tools at their disposal for you to run, I just want to make sure that all avenues are traveled before I advise any further. 

I have sent a Private Message to a qualified Malware Expert, help is on the way.


----------



## Britfellow (Dec 26, 2013)

Thank you Hingle ... this is an amazing site !.... with amazingly adept people.


----------



## Mark1956 (May 7, 2011)

Hi Britfellow. please follow these instructions below and post the log requested.

Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop: 

You will then see the screen below, click on the *Scan* button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the *Clean* button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


----------



## Britfellow (Dec 26, 2013)

Hi Mark 1956... I followed your instructions ... following is the report
# AdwCleaner v3.018 - Report created 05/02/2014 at 22:28:56
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : james - JAMES-PC
# Running from : C:\Users\james\Downloads\AdwCleaner (2).exe
# Option : Clean
***** [ Services ] *****
Service Deleted : DefaultTabUpdate
***** [ Files / Folders ] *****
Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Program Files (x86)\MyPC Backup 
Folder Deleted : C:\Program Files (x86)\MyWebSearch
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime
Folder Deleted : C:\Program Files (x86)\weDownload Manager Pro
Folder Deleted : C:\Program Files (x86)\InternetHelper3.7
Folder Deleted : C:\Program Files (x86)\WhiteSmoke_New
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\james\AppData\Local\apn
Folder Deleted : C:\Users\james\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\james\AppData\Local\Conduit
Folder Deleted : C:\Users\james\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\james\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\james\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\james\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\james\AppData\LocalLow\iac
Folder Deleted : C:\Users\james\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\james\AppData\LocalLow\InternetHelper3.7
Folder Deleted : C:\Users\james\AppData\LocalLow\WhiteSmoke_New
Folder Deleted : C:\Users\james\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\james\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\james\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\james\AppData\Roaming\Systweak
Folder Deleted : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb
Folder Deleted : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb
Folder Deleted : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\james\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\alotservice_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\alotservice_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315828
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B052E68E-A114-4480-B416-C8E617D346A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B052E68E-A114-4480-B416-C8E617D346A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94F20610-B113-450C-8973-9D6B34A6125E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCA49181-7E95-4F89-AFB8-8331289D6A31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F172260-C306-4FC1-99B1-DCF54EB87E22}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D96B031-5F36-4365-AC96-3D0BBC590593}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8E2479DE-6096-41F3-90AB-83BE9946AA2D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8E2479DE-6096-41F3-90AB-83BE9946AA2D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8E2479DE-6096-41F3-90AB-83BE9946AA2D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{30CBDB40-5B21-481B-A09B-F87CEF73F020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\RadioRage_4j
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\RadioRage_4j
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.7
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\RadioRage_4j
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\InternetHelper3.7
Key Deleted : HKLM\Software\WhiteSmoke_New
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
-\\ Google Chrome v
[ File : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [25008 octets] - [05/02/2014 22:27:20]
AdwCleaner[S0].txt - [22934 octets] - [05/02/2014 22:28:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22995 octets] ##########


----------



## Mark1956 (May 7, 2011)

That found a good collection of Adware, please run it again to make sure nothing remains. Just follow the same process as before and post the new log produced after the reboot.

Please also tell us how well the PC is performing and give details of any remaining issues.


----------



## Britfellow (Dec 26, 2013)

Thank you Mark 1956 ... I ran the program again... this is the report.
# AdwCleaner v3.018 - Report created 06/02/2014 at 09:42:04
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : james - JAMES-PC
# Running from : C:\Users\james\Downloads\AdwCleaner (2).exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v
[ File : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [25008 octets] - [05/02/2014 22:27:20]
AdwCleaner[R1].txt - [1119 octets] - [06/02/2014 09:41:21]
AdwCleaner[S0].txt - [23160 octets] - [05/02/2014 22:28:56]
AdwCleaner[S1].txt - [1045 octets] - [06/02/2014 09:42:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1105 octets] ##########

I am still having issue with connections to my e-mail and also to this site i.e. .. "this page cannot be displayed", DNS server not responding.
Also when the laptop rebooted after running the cleaning program there was a banner that told me that here was a problem up .??


----------



## Mark1956 (May 7, 2011)

Two entries have returned from Google Chrome extensions. Once we have this cleared up we can tackle the DNS problem.

Please first run this program and post the log, when done do another run with Adwcleaner and post the log from that.

Please download Junkware Removal Tool  to your desktop.


Shutdown your antivirus to avoid any conflicts.
Right-mouse click JRT.exe and select Run as administrator *(If using XP just double click on the icon to run it.)*
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## Britfellow (Dec 26, 2013)

Thank you Mark1956 ... I followed your instruction.. this is the JRT.txt report.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by james on Thu 02/06/2014 at 12:04:56.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Value Name Type Value Data 
========================================================================================
BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4FF36647-C2B3-416C-A845-627076EBEB7C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6BA7B3E2-E9D0-4FD4-B24E-656852B300F7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{F194CFD8-D3D5-42DF-805C-0087A161448F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\couponalert_2pei
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\produtools_manuals_2.1_b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2pinstaller.start
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2pinstaller.start.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-1FC0_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-1FC0_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-1FC0_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-1FC0_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{72075FF8-36FD-48AA-9E43-0A923777DF0A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3775BAA-FEF4-47AC-99D3-D247D1CB97F6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C3E78F07-3496-4F20-869B-679ADD81F0E2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}

~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\sho142.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho14B0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho57CF.tmp

~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\james\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\james\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\james\appdata\local\browsersafeguard"
Successfully deleted: [Folder] "C:\Users\james\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\james\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\james\appdata\locallow\recipehub_2j"
Successfully deleted: [Folder] "C:\Users\james\appdata\locallow\recipehub_2jei"
Successfully deleted: [Folder] "C:\Users\james\appdata\locallow\wedownload ltd"
Successfully deleted: [Folder] "C:\Program Files (x86)\couponalert_2pei"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\produtools_manuals_2.1_b"
Successfully deleted: [Folder] "C:\Program Files (x86)\recipehub_2jei"
Successfully deleted: [Folder] "C:\Program Files (x86)\social privacy"
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{02D2DE29-6162-41E9-A90A-1EBCB1631F59}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{03C4D65A-74C5-4A31-BB5C-3D6192B59F30}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{04651236-0CF2-433A-9088-6BC1984D4D4C}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{07B54627-EA25-4AC5-8818-F9F8F47C565B}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{098F99AA-88B2-4C47-B26A-EC1513D945CC}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{09A934AE-25F8-4C01-956B-723A7076B064}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{0A7B1121-FEFF-47AD-AC59-AB9A020D7B3C}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{0DDA743C-946A-45EC-B818-3A0B382BE4C9}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{0E446419-A542-45F1-BB59-88785500E71C}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{0E4B0DBB-6117-424B-A04B-7F89B73B4DB8}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{0F916A64-0417-41A5-A163-31DE653FD6DB}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{1000E3ED-8823-48EE-8C4A-B04E9675C18B}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{14241F8B-B4D4-45C3-B60E-B0D969394BCB}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{14F110CA-0984-4782-9C14-A4E313973BE0}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{1575D941-073F-4FC1-8438-137B6E8022AE}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{16817469-5F2B-4463-BF6D-19555F9AFD19}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{177297A3-07C0-4867-A3BC-08FFC0879181}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{1787BB7A-4502-4FF5-9BB7-ADACFE665DCF}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{1938C6DF-5A40-43E5-BA0A-B99361FF54CD}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{19FC7F56-8BEF-4D93-BF7D-B511D42E58CE}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{1B01EBC6-681B-4F6E-B114-DD93A816CF92}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{1B42F609-992B-4890-9A49-3476197E693A}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{1DD0F4A0-A3AA-47CA-A69F-F820C48CD4C1}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{2183644A-37D0-452C-94EC-E0D7921372A4}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{2215B036-1CE6-4CA9-B2F8-F39768959877}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{274DAECE-BA16-46C7-B030-9BBA9931BED7}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{281B7F25-D201-4F0C-87EA-8D304D2C07B1}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{293F2497-2C47-45A0-9F95-4288EFC26F99}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{29441F77-16E0-4B0B-B3F7-404D848E7693}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{29C6F2AD-7C54-4B1E-913A-52F466A75443}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{2BF337DD-ED57-4DB8-88C4-13647DA571BA}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{2D0DEB7D-9274-4746-87C4-0B761932F7D6}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{30B88536-5630-4012-B984-C945026E3535}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{35F2C3C9-65F3-4493-8BD1-CC2A23250F3F}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{3798203B-EAFA-4358-8CC2-1064AC14F065}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{395AFA51-1A66-49A1-ADCB-20A32A432799}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{3AE780F9-888A-4ACC-9325-FD9456F171D7}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{3B44363D-B132-4939-82B2-83B7388D979B}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{3B4F5F01-8238-4B05-AE54-83684C35FFEA}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{3B84B0DE-F492-4370-B5A6-8B3D34B6447D}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{3BFC5A7C-D90D-4D1A-B0A9-8A21DBDFFF8E}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{3CEF9986-F5B0-458E-A6ED-29017FD07782}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{3DA8C83F-238E-4B3E-B2BB-BE1DF511A3E2}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{3DC818A4-E74B-4DDA-8BD5-DF5FC84AD504}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{3EA6D33A-B7FC-49B1-8918-BD40C66F2AFF}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{4124E792-3A27-4CA0-9187-68335552076C}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{455A4C63-843F-4D88-9E82-DDDE9151CD3F}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{49ABEABA-8CC8-42C1-8275-9BF57DB2F28E}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{49C6D460-FF2E-44E2-B6C4-7310F703F206}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{4A88D354-6936-4C9B-B94C-D373369C9D78}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{4ACFC69F-1D1F-46D6-9725-C6020D770367}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{4DB98A85-F219-405A-8951-861C09046966}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{4FD61A00-A5BA-42A2-8692-5323EF913AB3}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{50F34858-3063-4760-BDA0-0C41279990E9}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{5177A96B-952B-4D5A-BF33-CAEB55226C8E}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{51BD48A2-CDCC-447F-82B5-171C35909825}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{53D63A13-A69B-443D-8350-D8DBB2080123}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{565D0579-4746-4EB4-8A29-D84AA0FB3518}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{5BC526EB-9EB5-4315-A793-5C81B08C09EE}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{5D6D3604-23CB-4E3A-AB46-0D9AB6F6CC2E}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{60FFB58A-0CA5-43F9-81BF-5D9549F013B1}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{62EEE95D-ADD5-41BD-B73F-D466CE15FCD5}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{63B60574-66C7-4884-B215-01B3EF5AAFC9}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{651CF004-08E6-445F-8B10-329A130FD266}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{6DD6C245-0714-445E-965E-3A5849774875}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{6E6803C2-CBFF-46AA-A9E9-E16D3D13D4F7}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{6FA2A3B6-47D9-4F1B-BA10-7E162350F312}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{7137CAC0-8264-4A37-A66A-BD28DA4B818A}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{71CAC77C-DC76-469D-911A-3375FA130853}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{72F453F8-B5D7-484F-98D2-2EBF1868328D}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{79A42BEB-C964-4C9E-979A-D9497EC61D8F}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{7A40DC8D-85BB-4FC2-9EF1-50B965A4E623}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{7EC49E66-019D-4A81-A6C0-AB14E02A66FE}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{7F08A0F5-BED6-4935-8489-0E864B9D6946}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{7FF4A054-EE2B-48CE-93FD-1C29575FEB99}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{8002CC14-EBE5-4C39-B0C6-77E7216127EC}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{802D45FC-31CE-4B7F-8769-83EAF90E00C3}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{81F3E34E-CA66-43D7-AFF0-55FB03110E84}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{8368CF7A-7C92-4646-9268-572373578A35}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{836ACCB2-3B32-46D1-AE8A-D1CD12FF276E}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{8C0210B6-E138-4546-906C-43675F82EB18}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{8C38FCAE-A4FA-4300-AA5C-7C04361EBB42}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{8DC76588-AF57-400B-942D-0ED69C82A20C}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{8EDFC686-3AF1-453C-8652-F8DC259A71E3}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{900BA73D-184F-4077-80BB-CFC0BE7B9D01}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{914F643D-E802-4268-8C50-EBFA401994FF}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{91BCAEBE-07D7-41AB-9959-FDFCA22B9283}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{92501DC3-54D8-43C4-991D-59210C9BD963}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{92CF4476-AE75-47B4-A621-9D8F37D8BD8A}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{949D2316-CA65-4BBD-9131-4ED9FDE9AEF0}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{97A4E70E-4AB2-4EE6-BD18-F119CCB287A5}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{99866F2F-BE42-42F4-A90A-5B06527516E9}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{99F2BC83-4E77-408B-88F0-D16E8297AF37}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{A2BB2043-7BE2-4B2F-AFA7-8E42407E5000}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{A3FCCC48-1713-4521-8883-934144912E81}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{A4FC8186-8D46-4C2A-83B2-32617C012DF7}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{A510DDCB-4AB1-499E-8B45-CED71AC829BB}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{A8A3564D-CDBC-41DB-ACDF-EFBEEAC3FB0C}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{ABC2CB89-755E-415A-BBBE-ED16BE27C73C}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{ACC4C325-FDFB-4B30-90E8-599FC6F354B9}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{ACDA5365-4829-4060-A202-E2EA06B48A5D}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{AD95D005-D13E-4B4F-A3B1-40341EF0F530}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{AE58E529-54C8-44F8-B72E-541F307793D7}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{B0AA6A1A-CC1C-4A2B-9EED-C8553EC9CDA1}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{B271C4B9-F601-4E14-B56A-DC5A8F2E0B00}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{B2C23740-9EE0-4951-B50C-0C87D5C69A1A}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{B43AA3BC-68A4-4FA8-BD84-DCC63F3D8BC0}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{B4B1997E-095C-46D5-A985-EEA379F9B60F}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{B5A5EF9D-2708-41E2-A873-3498B26BD0BC}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{B61E97E3-25AB-41C0-9A8F-46272957606C}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{B6228B2F-3862-49FC-BC56-496C71169DFE}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{B7C3A9EB-81BB-4131-9E69-CE0A29928FC2}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{B7D56C92-E5E0-4CE5-AC01-4B6B298B6BB3}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{BD6857EB-7DBF-4721-9900-CCD810840F1C}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{BF93D171-3111-4F50-8054-179F056F1782}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{C134C436-E490-442A-8532-F1001283F8BF}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{C14AF394-F30D-4B21-9451-2B223E6434D6}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{C92964EA-599A-4DF2-822A-C9F22BC6DA49}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{C9D4EBC3-D72B-41EF-970D-07C5FD71E74F}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{CBB13F40-170C-4F42-B1B0-35FA46100E05}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{CBCDCD6A-6F7A-4A4B-AB90-9B8ECD8BBBD6}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{CE6DB9D0-DA47-498C-B2BF-EE4EA2B6C7E4}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D0FCB305-CF19-49B0-AEFD-01C25657FEDC}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D3192A1B-96B4-4D8A-A655-33E23683D847}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D45A41AF-5B55-4AD9-9569-EC403BDA8121}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D46217F7-2223-4BDA-B7FA-283DEFEFE17B}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D5326100-ABFB-4152-AE11-0CC1EBF28120}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D59D1B6C-40CF-4966-B47F-DB555505CD9F}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D6864055-0684-4BDE-B076-0A8E627772CD}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D86297B6-621F-4CC7-A5E4-DC21793C9C54}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D8840361-5826-4521-911E-CEEF7F17C6B9}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D8EF5C26-2BCF-4C74-B9F0-079302CC8AD3}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D91DC7C9-DAC2-46C2-AEBB-D2F8B3311DBC}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{D9BAEAAC-C041-441C-A021-1F6CCEB3C7C7}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{DA8F7DE5-9F47-43CB-ADAC-999ABFC15DC6}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{DECDF60E-3CFB-4FCD-A7EE-1AA899CD87F3}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{DF0347B7-7AE4-419F-B9FA-4EDDC0167C7B}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{E6D1B894-F533-482D-A027-E587E531BA6A}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{E7B71DCA-524E-4F43-870D-D156025D4683}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{E7F52074-2AD7-46FB-A550-0A00AA9DFB6A}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{E8EC836B-7545-4ACA-A5C2-EC33593BFC35}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{E9C3A030-6D26-481B-8EEB-5872F3DC9741}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{EB04014D-3E9A-48A4-9580-4BBDAFB3E0E7}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{F0641C6D-EEDF-4D78-93FB-4008E6C8C877}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{F0E7E844-0A1D-44AC-ACB3-542723EE778E}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{F4181E67-2442-4E5C-808F-AE5C25643945}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{F7C218FF-8690-4DAE-B593-550F5AA2B606}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{F8480432-68A7-464E-9E48-8C6F1884A0E9}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{F9E20864-4AA9-4337-A17D-10EBE635292A}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{FDD5BEA2-6F75-433F-970B-0FDB3BB38225}
Successfully deleted: [Empty Folder] C:\Users\james\appdata\local\{FF100F99-5AD8-4882-AFA7-B466A0F40561}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/06/2014 at 12:12:14.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ... I did follow up run with Adware program ... this is the report from that run.
# AdwCleaner v3.018 - Report created 06/02/2014 at 12:34:53
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : james - JAMES-PC
# Running from : C:\Users\james\Downloads\AdwCleaner (3).exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v
[ File : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [25008 octets] - [05/02/2014 22:27:20]
AdwCleaner[R1].txt - [1119 octets] - [06/02/2014 09:41:21]
AdwCleaner[R2].txt - [996 octets] - [06/02/2014 12:34:23]
AdwCleaner[S0].txt - [23160 octets] - [05/02/2014 22:28:56]
AdwCleaner[S1].txt - [1185 octets] - [06/02/2014 09:42:04]
AdwCleaner[S2].txt - [918 octets] - [06/02/2014 12:34:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [977 octets] ##########


----------



## Mark1956 (May 7, 2011)

JRT took out quite a lot of bad entries and now the Adwcleaner log is clean.

As JRT detected a suspicious run key in the registry we need to run a couple more scans.

*SCAN 1*
Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note:* If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click on FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the*Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run from. Please copy and paste it into your next reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.

*SCAN 2*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page, scroll down until you see these two icons:

 Select the 32bit (on the left) or the 64bit button to match the bit rate of your version of Windows.


Quit all running programs.
Start RogueKiller.exe by double clicking on the icon.
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## Britfellow (Dec 26, 2013)

Hi Mark 1956 ... I ran the first scan .. this is the report
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-02-2014
Ran by james at 2014-02-06 15:56:28
Running from C:\Users\james\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.595.5857 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.595.5857 - ABBYY) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Belkin Setup and Router Monitor (x32 Version: - )
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (x32 Version: 5.0.0.1 - Coupons.com Incorporated) <==== ATTENTION
D1600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (Version: 2.15 - Piriform)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (x32 Version: 9.4.60 - Dell)
Dell DataSafe Online (x32 Version: 2.1.19634 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Dock (x32 Version: 2.0 - Stardock Corporation)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (x32 Version: 2.0.0 - Dell Inc.)
Dell Product Registration (x32 Version: 1.0.3 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKCU Version: 5.4.0.4 - Dell)
Dell Touchpad (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (x32 Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless Driver Installation (x32 Version: 8.0 - Dell)
DJ_SF_06_D1600_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
FoxTab Media Player (HKCU Version: - ) <==== ATTENTION
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6 (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.4.1002 - Intel Corporation)
InternetHelper3.7 Toolbar for IE (x32 Version: 6.17.2.8 - InternetHelper3.7)
Java 7 Update 10 (64-bit) (Version: 7.0.100 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark S410 Series Uninstaller (Version: - Lexmark International, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PDF Creator (Version: - )
PDF Creator Packages (HKCU Version: - ) <==== ATTENTION
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Quickset64 (Version: 10.06.02 - Dell Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for PDF Creator (HKCU Version: - Update for PDF Creator) <==== ATTENTION
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WhiteSmoke New Toolbar for IE (x32 Version: 6.16.1.9 - WhiteSmoke New)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
10-01-2014 08:00:20 Windows Update
11-01-2014 08:00:20 Windows Update
12-01-2014 08:00:27 Windows Update
15-01-2014 15:28:19 Windows Update
16-01-2014 08:00:42 Windows Update
19-01-2014 21:39:56 Windows Update
23-01-2014 02:22:36 Windows Update
26-01-2014 18:18:03 Windows Update
30-01-2014 23:58:02 Windows Update
03-02-2014 15:01:13 Windows Update
05-02-2014 15:41:32 Removed CWA Reminder by We-Care.com v4.1.26.3
06-02-2014 17:15:25 Windows Update
==================== Hosts content: ==========================
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1B6BB379-88C7-49F8-A79B-BF1A7CBE62FF} - System32\Tasks\DTReg => C:\Users\james\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {25048A39-3C95-419D-9582-415FFA489A68} - System32\Tasks\Digital Sites => C:\Users\james\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {4D8F5C53-7B05-4FF1-9836-A9384F6B9785} - \AmiUpdXp No Task File
Task: {9303E17C-9EE9-4A20-8EC7-73C68D1565D8} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2011-06-03] ()
Task: {D23AA561-E890-4F25-A02D-AEC9B78BE07B} - System32\Tasks\{5B9695C1-E7B4-4357-AA58-C43FC029A002} => Iexplore.exe http://ui.skype.com/ui/0/6.0.0.126/en/eula?source=lightinstaller
Task: {E2553BFE-76B1-4EEF-B45D-7A4206D25ECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {F560C2EA-1225-40FE-A431-CD8CD7866340} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\james\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-08-15 02:38 - 2013-08-15 02:38 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\6adce3800cbb5d24db126fa82691c75c\VistaBridgeLibrary.ni.dll
2011-02-27 16:45 - 2010-07-28 14:34 - 00022424 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2013-11-01 15:11 - 2013-11-01 15:11 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2011-02-27 16:45 - 2010-06-23 15:11 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2011-02-27 16:45 - 2010-06-23 15:11 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2011-02-27 16:45 - 2010-06-23 15:12 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2011-02-27 16:45 - 2010-06-23 15:11 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2011-02-27 16:45 - 2010-06-23 14:38 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2011-02-27 16:45 - 2010-07-28 14:02 - 00658432 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2013-08-15 02:45 - 2013-08-15 02:45 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\55ed9c64f5bf19f2110ff33b19f3ad35\IsdiInterop.ni.dll
2010-12-17 14:46 - 2010-06-08 11:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_0favicon1129903636
AlternateDataStreams: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_1favicon-298702541
AlternateDataStreams: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_2favicon-1464078272
AlternateDataStreams: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_3favicon-860043155
AlternateDataStreams: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_4favicon640180837
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: hlnfd
Description: hlnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: hlnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (02/06/2014 00:36:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hlnfd
Error: (02/06/2014 00:36:13 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.3.0 service failed to start due to the following error: 
%%2

Microsoft Office Sessions:
=========================
==================== Memory info =========================== 
Percentage of memory in use: 63%
Total physical RAM: 3034.36 MB
Available physical RAM: 1121.37 MB
Total Pagefile: 6066.91 MB
Available Pagefile: 3714.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:238.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E94AE992)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End Of Log ============================


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956... this is the first part of the scan report
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014
Ran by james (administrator) on JAMES-PC on 06-02-2014 15:54:59
Running from C:\Users\james\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dell) C:\Users\james\AppData\Local\Apps\2.0\H6DDDO18.8Z3\TG64AK70.EZV\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Farbar) C:\Users\james\Downloads\FRST64 (4).exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [InstallerLauncher] - "C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" <===== ATTENTION
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [InstaLAN] - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-09] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [SearchProtect] - \SearchProtect\bin\cltmng.exe
HKU\S-1-5-21-2979924756-982535303-1320960831-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2979924756-982535303-1320960831-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-2979924756-982535303-1320960831-1000\...\Run: [DellSystemDetect] - C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-2979924756-982535303-1320960831-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKCU - 64469A7A4F3B4B4681677D768EABC639 URL = http://search.conduit.com/ResultsEx...4&ctid=CT3315828&CUI=UN21918254333248665&UM=2
SearchScopes: HKCU - {88D44829-583B-4CC9-BB83-2CBCB336B1E3} URL = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20140206,20028,0,31,0
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{30FB9934-8A1E-44B4-BBF5-CAAE0C1E7A37}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6908E398-EF70-4B5F-81A6-7836558E92FC}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{CF5DA10D-A058-41AA-ACB5-67A68613B6CA}: [NameServer]8.8.8.8,8.8.4.4
Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-14]
CHR Extension: (No Name) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb [2013-12-01]
CHR Extension: (No Name) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-01-06]
CHR Extension: (No Name) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-09-16]
CHR Extension: (Skype Click to Call) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-15]
CHR Extension: (Google Wallet) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-11-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-10-09]
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-20] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-10-17] ()
S1 hlnfd; system32\drivers\hlnfd.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-02-06 15:54 - 2014-02-06 15:55 - 00014051 _____ () C:\Users\james\Downloads\FRST.txt
2014-02-06 15:54 - 2014-02-06 15:54 - 00000000 ____D () C:\FRST
2014-02-06 15:53 - 2014-02-06 15:54 - 02079744 _____ (Farbar) C:\Users\james\Downloads\FRST64 (4).exe
2014-02-06 15:51 - 2014-02-06 15:51 - 02079744 _____ (Farbar) C:\Users\james\Downloads\FRST64 (3).exe
2014-02-06 15:48 - 2014-02-06 15:48 - 02079744 _____ (Farbar) C:\Users\james\Downloads\FRST64 (2).exe
2014-02-06 15:47 - 2014-02-06 15:47 - 02079744 _____ (Farbar) C:\Users\james\Downloads\FRST64 (1).exe
2014-02-06 15:46 - 2014-02-06 15:46 - 02079744 _____ (Farbar) C:\Users\james\Downloads\FRST64.exe
2014-02-06 12:12 - 2014-02-06 12:12 - 00022248 _____ () C:\Users\james\Desktop\JRT.txt
2014-02-06 12:04 - 2014-02-06 12:04 - 00000000 ____D () C:\Windows\ERUNT
2014-02-06 12:03 - 2014-02-06 12:03 - 01037530 _____ (Thisisu) C:\Users\james\Downloads\JRT.exe
2014-02-05 22:50 - 2014-02-05 22:50 - 01166132 _____ () C:\Users\james\Downloads\AdwCleaner (1).exe
2014-02-05 22:27 - 2014-02-06 12:34 - 00000000 ____D () C:\AdwCleaner
2014-02-05 13:13 - 2014-02-05 13:14 - 00024179 _____ () C:\Users\james\Desktop\Result.txt
2014-02-05 10:18 - 2014-02-05 10:55 - 00003370 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-05 10:17 - 2014-02-05 22:30 - 00011820 _____ () C:\Windows\PFRO.log
2014-02-02 12:05 - 2014-02-02 12:05 - 00000000 ____D () C:\Users\james\AppData\Local\Microsoft Help
2014-02-02 12:05 - 2014-02-02 12:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-01 14:07 - 2014-02-01 14:07 - 00000000 ____D () C:\SUPERDelete
2014-01-31 13:05 - 2014-02-06 12:35 - 00000336 _____ () C:\Windows\setupact.log
2014-01-31 13:05 - 2014-01-31 13:05 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-31 13:05 - 2014-01-31 13:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-31 11:45 - 2014-02-02 12:57 - 00058016 _____ () C:\Users\james\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-31 10:38 - 2014-02-05 22:23 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-31 10:38 - 2014-01-31 10:38 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-31 10:38 - 2014-01-31 10:38 - 00000000 ____D () C:\Users\james\AppData\Roaming\SUPERAntiSpyware.com
2014-01-31 10:38 - 2014-01-31 10:38 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-01-29 13:30 - 2014-01-29 13:30 - 00045444 _____ () C:\ProgramData\1391014598.bdinstall.bin
2014-01-28 14:54 - 2014-01-30 10:22 - 00000005 _____ () C:\Users\james\AppData\Roaming\WBPU-TTL.DAT
2014-01-28 14:52 - 2014-02-06 15:52 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-01-28 14:52 - 2014-02-02 09:30 - 00000093 _____ () C:\Users\james\AppData\Roaming\WB.CFG
2014-01-28 14:52 - 2014-01-28 14:52 - 00003232 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-01-28 14:52 - 2014-01-28 14:52 - 00000000 ____D () C:\Users\james\AppData\Roaming\DigitalSites
2014-01-28 14:52 - 2014-01-28 14:52 - 00000000 ____D () C:\ProgramData\Real
2014-01-28 14:52 - 2014-01-28 14:52 - 00000000 ____D () C:\Program Files\PDFCreator
2014-01-28 14:52 - 2014-01-28 14:52 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-01-28 14:52 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\system32\custmon64i.dll
2014-01-28 10:56 - 2014-01-28 10:56 - 00045439 _____ () C:\ProgramData\1390924268.bdinstall.bin
2014-01-28 10:51 - 2014-01-28 10:51 - 00000000 ____D () C:\Users\james\AppData\Roaming\QuickScan
2014-01-26 22:59 - 2009-09-02 06:13 - 00131072 _____ (Dell, Inc.) C:\Windows\SysWOW64\DellSPMsg.dll
2014-01-17 13:49 - 2014-02-06 12:36 - 00000000 ____D () C:\Users\james\AppData\Local\Deployment
2014-01-17 13:49 - 2014-01-17 13:49 - 00000000 ____D () C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-01-17 13:49 - 2014-01-17 13:49 - 00000000 ____D () C:\Users\james\AppData\Local\Apps\2.0
2014-01-15 10:28 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 10:28 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 10:28 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 10:28 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 10:28 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 10:28 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 10:28 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 10:28 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 10:28 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 03:01 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-12 03:01 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-12 03:01 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-12 03:01 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-12 03:01 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-12 03:01 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-12 03:01 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-12 03:01 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-12 03:01 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-12 03:01 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-12 03:01 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-12 03:01 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-12 03:01 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-12 03:01 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-12 03:01 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-12 03:01 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-12 03:01 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-12 03:01 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-12 03:00 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-12 03:00 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-12 03:00 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-12 03:00 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-12 03:00 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-12 03:00 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-12 03:00 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-12 03:00 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-12 03:00 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-12 03:00 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-12 03:00 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-12 03:00 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-12 03:00 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-11 03:26 - 2014-01-11 03:26 - 00000000 __SHD () C:\found.000
2014-01-11 03:02 - 2014-01-11 03:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-11 03:02 - 2014-01-11 03:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-11 03:02 - 2014-01-11 03:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-11 03:02 - 2014-01-11 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-11 03:02 - 2014-01-11 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-11 03:02 - 2014-01-11 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-11 03:02 - 2014-01-11 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-10 23:01 - 2014-02-05 13:07 - 00003790 _____ () C:\Windows\System32\Tasks\DTReg
2014-01-09 19:37 - 2014-01-09 19:37 - 00000000 ____D () C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-07 03:05 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-07 03:05 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-07 03:05 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-07 03:05 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
==================== One Month Modified Files and Folders =======
2014-02-06 15:55 - 2014-02-06 15:54 - 00014051 _____ () C:\Users\james\Downloads\FRST.txt
2014-02-06 15:54 - 2014-02-06 15:54 - 00000000 ____D () C:\FRST
2014-02-06 15:54 - 2014-02-06 15:53 - 02079744 _____ (Farbar) C:\Users\james\Downloads\FRST64 (4).exe
2014-02-06 15:52 - 2014-01-28 14:52 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-06 15:52 - 2012-01-01 13:27 - 00000000 ____D () C:\Users\james\AppData\Roaming\Skype
2014-02-06 15:51 - 2014-02-06 15:51 - 02079744 _____ (Farbar) C:\Users\james\Downloads\FRST64 (3).exe
2014-02-06 15:48 - 2014-02-06 15:48 - 02079744 _____ (Farbar) C:\Users\james\Downloads\FRST64 (2).exe
2014-02-06 15:47 - 2014-02-06 15:47 - 02079744 _____ (Farbar) C:\Users\james\Downloads\FRST64 (1).exe
2014-02-06 15:46 - 2014-02-06 15:46 - 02079744 _____ (Farbar) C:\Users\james\Downloads\FRST64.exe
2014-02-06 15:37 - 2013-10-25 09:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-06 15:37 - 2013-02-26 11:29 - 01196074 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 13:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-06 13:00 - 2012-02-10 11:50 - 00000000 ____D () C:\Users\james\AppData\Roaming\SoftGrid Client
2014-02-06 12:47 - 2011-11-04 21:03 - 00002066 ____H () C:\Users\james\Documents\Default.rdp
2014-02-06 12:43 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 12:43 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 12:41 - 2012-02-25 10:23 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8B075F38-84C9-497C-ABAF-1BC4B357A820}
2014-02-06 12:36 - 2014-01-17 13:49 - 00000000 ____D () C:\Users\james\AppData\Local\Deployment
2014-02-06 12:36 - 2011-02-27 12:24 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-02-06 12:36 - 2011-02-27 12:24 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-02-06 12:36 - 2010-12-17 15:21 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-02-06 12:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 12:35 - 2014-01-31 13:05 - 00000336 _____ () C:\Windows\setupact.log
2014-02-06 12:34 - 2014-02-05 22:27 - 00000000 ____D () C:\AdwCleaner
2014-02-06 12:12 - 2014-02-06 12:12 - 00022248 _____ () C:\Users\james\Desktop\JRT.txt
2014-02-06 12:04 - 2014-02-06 12:04 - 00000000 ____D () C:\Windows\ERUNT
2014-02-06 12:03 - 2014-02-06 12:03 - 01037530 _____ (Thisisu) C:\Users\james\Downloads\JRT.exe
2014-02-05 22:50 - 2014-02-05 22:50 - 01166132 _____ () C:\Users\james\Downloads\AdwCleaner (1).exe
2014-02-05 22:30 - 2014-02-05 10:17 - 00011820 _____ () C:\Windows\PFRO.log
2014-02-05 22:23 - 2014-01-31 10:38 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-05 21:44 - 2013-08-13 17:42 - 00000258 __RSH () C:\Users\james\ntuser.pol
2014-02-05 21:44 - 2011-02-27 12:20 - 00000000 ____D () C:\Users\james
2014-02-05 13:14 - 2014-02-05 13:13 - 00024179 _____ () C:\Users\james\Desktop\Result.txt
2014-02-05 13:07 - 2014-01-10 23:01 - 00003790 _____ () C:\Windows\System32\Tasks\DTReg
2014-02-05 11:01 - 2013-10-25 09:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 11:01 - 2013-10-25 09:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 11:01 - 2013-10-25 09:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 10:55 - 2014-02-05 10:18 - 00003370 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-05 10:18 - 2013-09-08 16:37 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-05 10:13 - 2012-07-26 10:39 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-02-02 12:57 - 2014-01-31 11:45 - 00058016 _____ () C:\Users\james\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-02 12:05 - 2014-02-02 12:05 - 00000000 ____D () C:\Users\james\AppData\Local\Microsoft Help
2014-02-02 12:05 - 2014-02-02 12:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-02 09:30 - 2014-01-28 14:52 - 00000093 _____ () C:\Users\james\AppData\Roaming\WB.CFG
2014-02-01 14:07 - 2014-02-01 14:07 - 00000000 ____D () C:\SUPERDelete
2014-01-31 16:47 - 2009-07-14 00:13 - 00005392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-31 13:05 - 2014-01-31 13:05 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-31 13:05 - 2014-01-31 13:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-31 10:38 - 2014-01-31 10:38 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-31 10:38 - 2014-01-31 10:38 - 00000000 ____D () C:\Users\james\AppData\Roaming\SUPERAntiSpyware.com
2014-01-31 10:38 - 2014-01-31 10:38 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-01-30 11:20 - 2009-07-14 00:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-30 10:22 - 2014-01-28 14:54 - 00000005 _____ () C:\Users\james\AppData\Roaming\WBPU-TTL.DAT
2014-01-29 13:30 - 2014-01-29 13:30 - 00045444 _____ () C:\ProgramData\1391014598.bdinstall.bin
2014-01-29 13:30 - 2011-02-27 13:57 - 00002127 _____ () C:\Windows\epplauncher.mif
2014-01-28 14:52 - 2014-01-28 14:52 - 00003232 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-01-28 14:52 - 2014-01-28 14:52 - 00000000 ____D () C:\Users\james\AppData\Roaming\DigitalSites
2014-01-28 14:52 - 2014-01-28 14:52 - 00000000 ____D () C:\ProgramData\Real
2014-01-28 14:52 - 2014-01-28 14:52 - 00000000 ____D () C:\Program Files\PDFCreator
2014-01-28 14:52 - 2014-01-28 14:52 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-01-28 10:56 - 2014-01-28 10:56 - 00045439 _____ () C:\ProgramData\1390924268.bdinstall.bin
2014-01-28 10:51 - 2014-01-28 10:51 - 00000000 ____D () C:\Users\james\AppData\Roaming\QuickScan
2014-01-28 10:41 - 2013-11-20 11:51 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-01-26 22:58 - 2010-12-17 17:33 - 00000000 ____D () C:\Dell
2014-01-19 02:33 - 2011-02-27 14:24 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 13:49 - 2014-01-17 13:49 - 00000000 ____D () C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-01-17 13:49 - 2014-01-17 13:49 - 00000000 ____D () C:\Users\james\AppData\Local\Apps\2.0
2014-01-16 03:04 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:01 - 2011-05-01 08:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-11 09:58 - 2009-04-28 11:27 - 00000000 ____D () C:\Windows\Panther
2014-01-11 09:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-01-11 09:37 - 2013-03-21 09:15 - 00001415 _____ () C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-11 09:37 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-11 03:26 - 2014-01-11 03:26 - 00000000 __SHD () C:\found.000
2014-01-11 03:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-11 03:02 - 2014-01-11 03:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-11 03:02 - 2014-01-11 03:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-11 03:02 - 2014-01-11 03:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-11 03:02 - 2014-01-11 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-11 03:02 - 2014-01-11 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-11 03:02 - 2014-01-11 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-11 03:02 - 2014-01-11 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-11 03:02 - 2014-01-11 03:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-11 03:02 - 2014-01-11 03:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-10 23:02 - 2013-11-15 12:25 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-01-09 19:37 - 2014-01-09 19:37 - 00000000 ____D () C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-08 13:27 - 2011-02-27 14:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-08 03:48 - 2013-08-30 15:45 - 00000000 ____D () C:\Windows\System32\Tasks\Games
Some content of TEMP:
====================
C:\Users\james\AppData\Local\Temp\Quarantine.exe
C:\Users\james\AppData\Local\Temp\System.Data.SQLite.dll

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-04 12:45
==================== End Of Log ============================


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 .... I tried downloading RogueKiller and was not sure if the page is correct .. got some pop ups,
Thank you.


----------



## Mark1956 (May 7, 2011)

That is the correct page for RogueKiller, but it has changed its layout since my instructions were written. You need to scroll down the page until you find the two blue icons, the left one is for the 32bit version and the right is for the 64bit version, you need to click on the 64bit version. I have edited the instructions so you can see what to look for.

There are several entries in the FRST logs marked for attention, once I have the RogueKiller log we can start the clean up.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ... I successfully ran the second scan ... thanks for the guidance ... following is that report...

RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : james [Admin rights]
Mode : Scan -- Date : 02/06/2014 21:23:35
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : InstallerLauncher ("C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" [x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2979924756-982535303-1320960831-1000\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 6 ¤¤¤
[V1][SUSP PATH] Digital Sites.job : C:\Users\james\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V1][SUSP PATH] MySearchDial.job : C:\Users\james\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][SUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x] -> FOUND
[V2][SUSP PATH] Digital Sites : C:\Users\james\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][SUSP PATH] DTReg : C:\Users\james\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe [x] -> FOUND
[V2][SUSP PATH] MySearchDial : C:\Users\james\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-75A23T0 +++++
--- User ---
[MBR] 34a59aae8c7068f2d0f2ab1a2538de8d
[BSP] eeff9c9efaaaf620ba88b8864461de13 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_02062014_212335.txt >>


----------



## Mark1956 (May 7, 2011)

Now we need to do some cleaning up, starting with RogueKiller, when this is done please check to see if the DNS problem has been fixed and let me know.


Quit all running programs. 
Start RogueKiller.exe by double clicking on the icon. 
Wait until Prescan has finished. 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on *Delete* when complete.
Click on Report when the Deletion completes. Copy/paste the contents of the report into your next reply.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 .... I ran the RogueKiller delete program ... following is the report. Although I did not get a DNS server failure message I am still having issues with connection " troubleshooting cannot find a cause".
RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : james [Admin rights]
Mode : Remove -- Date : 02/07/2014 09:19:57
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x]) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : InstallerLauncher ("C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" [x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2979924756-982535303-1320960831-1000\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x]) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 6 ¤¤¤
[V1][SUSP PATH] Digital Sites.job : C:\Users\james\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
[V1][SUSP PATH] MySearchDial.job : C:\Users\james\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED
[V2][SUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x] -> DELETED
[V2][SUSP PATH] Digital Sites : C:\Users\james\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
[V2][SUSP PATH] DTReg : C:\Users\james\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe [x] -> DELETED
[V2][SUSP PATH] MySearchDial : C:\Users\james\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-75A23T0 +++++
--- User ---
[MBR] 34a59aae8c7068f2d0f2ab1a2538de8d
[BSP] eeff9c9efaaaf620ba88b8864461de13 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_02072014_091957.txt >>
RKreport[0]_S_02062014_212335.txt


----------



## Mark1956 (May 7, 2011)

Ok, please run these two scans and post the logs.

Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and select *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. *Please Copy & Paste the entire log in your next reply.*
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

Please download *Farbar Service Scanner* and run it on the computer with the issue.

*Make sure the following options are checked:*

*Internet Services*


Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ... sorry about the delay. Thank you for your help. I ran the Rkill program ... report as follows.
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 02/07/2014 03:43:17 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity: 
* No issues found.
Searching for Missing Digital Signatures: 
* No issues found.
Checking HOSTS File: 
* No issues found.
Program finished at: 02/07/2014 03:46:25 PM
Execution time: 0 hours(s), 3 minute(s), and 7 seconds(s)


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ... I ran the second of the scans Farbar Service Scanner.... report as follows
Thank you.
Farbar Service Scanner Version: 02-02-2014
Ran by james (administrator) on 07-02-2014 at 15:51:28
Running from "C:\Users\james\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Mark1956 (May 7, 2011)

Those scans don't show any issues and no problem with internet connection.

What exactly is happening with your connection, pleas describe the symptoms. Are you on a wireless connection or cable. Are there any other PC's using the same Network and are they ok?


----------



## Britfellow (Dec 26, 2013)

Thank you Mark1956. 
Typically when I boot up my laptop and try to log onto my e-mail I get either "DNS server is not responding" ( that just happened this afternoon after I shut down after I ran the two scans), or I get a message : " that page cannot be displayed" I click on "diagnose connection problem", the troubleshooting program runs but typically states " troubleshooting could not identify the problem", as soon as I click "close" I am taken to the page requested. Twice today as I tried to log onto this site I got a message " that page cannot be displayed". There is also an issue involving the cursor jumping as I type, I don't know if that may be a symptom connected to the other issues. The typing issue has not occurred during this reply, typically it happens when I use my e-mail account. I have tried to turn off the touch pad but there is no facility to do that.
There are no other computers in use.
I use an Ethernet cable ... the wireless modem is unreliable.
Thank you for your time and guidance ... very much appreciated .


----------



## Mark1956 (May 7, 2011)

If you can, get a friend or neighbor to come round with another PC and connect it to your Ethernet cable and see if it displays the same issues. This will be a quick way to prove if it is your PC or your internet connection. Alternatively, connect your PC to someone elses Ethernet connection and see if it is any better.

Meanwhile, there are some remnants of AVG Anti Virus on your system still running (this could be adding to the problem) did you ever have AVG Anti Virus installed?

If yes, please run this removal tool: 
AVG Removal tool You must select the correct tool to match the version of AVG installed and the bit rate (32 or 64bit).

There is something else I have seen in the logs, a driver called hlnfd.sys which as far as I can tell is related to an item of software called Highlightly, this is known to be Adware.

Please download *SystemLook* from the following link below and save it to your Desktop.


*SystemLook (64-bit)*


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:


```
:filefind
*Highlightly*
hlnfd.sys
:folderfind
*Highlightly*
:regfind
Highlightly
hlnfd.sys
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 .... thank you for your help . I ran the AGV removal ... no report issued ?. I ran the System look program also ... that report follows....
SystemLook 30.07.11 by jpshortstuff
Log created at 11:56 on 08/02/2014 by james
Administrator - Elevation successful
========== filefind ==========
Searching for "*Highlightly*"
No files found.
Searching for "hlnfd.sys"
No files found.
========== folderfind ==========
Searching for "*Highlightly*"
No folders found.
========== regfind ==========
Searching for "Highlightly"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Highlightly]
Searching for "hlnfd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hlnfd]
"ImagePath"="system32\drivers\hlnfd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\hlnfd]
"ImagePath"="system32\drivers\hlnfd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hlnfd]
"ImagePath"="system32\drivers\hlnfd.sys"
-= EOF =-


----------



## Mark1956 (May 7, 2011)

We just need to remove those entries found with SystemLook, post the log when done and then you just need to check out what I suggested in my last post, then we will know what we are dealing with. The attachment also includes the deletion script for several other files that need to be removed and orphaned entries found in the FRST logs.

Download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ... I followed your instructions, thank you ... report as follows. I must say, my laptop is much faster than previously, I have not yet seen the "DNS server not responding" note today !

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2014
Ran by james at 2014-02-08 15:28:33 Run:1
Running from C:\Users\james\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
cmd: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Highlightly
cmd: reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hlnfd
cmd: reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\hlnfd
cmd: reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hlnfd
C:\Windows\system32\drivers\hlnfd.sys
C:\Users\james\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe
C:\Users\james\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe
C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe
Task: {1B6BB379-88C7-49F8-A79B-BF1A7CBE62FF} - System32\Tasks\DTReg => C:\Users\james\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {25048A39-3C95-419D-9582-415FFA489A68} - System32\Tasks\Digital Sites => C:\Users\james\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {4D8F5C53-7B05-4FF1-9836-A9384F6B9785} - \AmiUpdXp No Task File
Task: {F560C2EA-1225-40FE-A431-CD8CD7866340} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\james\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM\...\Run: [InstallerLauncher] - "C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" <===== ATTENTION
HKU\S-1-5-21-2979924756-982535303-1320960831-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContain er.dll",DllRun <===== ATTENTION
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - 64469A7A4F3B4B4681677D768EABC639 URL = http://search.conduit.com/ResultsExt...333248665&UM=2
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - No File
S1 hlnfd; system32\drivers\hlnfd.sys [X]
*****************

========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Highlightly =========
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Highlightly (Yes/No)? The operation completed successfully.

========= End of CMD: =========

========= reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hlnfd =========
Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hlnfd (Yes/No)? The operation completed successfully.

========= End of CMD: =========

========= reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\hlnfd =========
Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\hlnfd (Yes/No)? The operation completed successfully.

========= End of CMD: =========

========= reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hlnfd =========
Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hlnfd (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
========= End of CMD: =========
"C:\Windows\system32\drivers\hlnfd.sys" => File/Directory not found.
"C:\Users\james\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe" => File/Directory not found.
"C:\Users\james\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe" => File/Directory not found.
"C:\Users\james\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" => File/Directory not found.
"C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" => File/Directory not found.
"C:\Users\james\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B6BB379-88C7-49F8-A79B-BF1A7CBE62FF} => Key not found.
C:\Windows\System32\Tasks\DTReg not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25048A39-3C95-419D-9582-415FFA489A68} => Key not found.
C:\Windows\System32\Tasks\Digital Sites not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D8F5C53-7B05-4FF1-9836-A9384F6B9785} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D8F5C53-7B05-4FF1-9836-A9384F6B9785} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F560C2EA-1225-40FE-A431-CD8CD7866340} => Key not found.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key not found.
C:\Windows\Tasks\Digital Sites.job not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\InstallerLauncher => Value not found.
HKU\S-1-5-21-2979924756-982535303-1320960831-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\64469A7A4F3B4B4681677D768EABC639 => Key deleted successfully.
HKCR\CLSID\64469A7A4F3B4B4681677D768EABC639 => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\!{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\!{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} => Value deleted successfully.
HKCR\CLSID\{2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} => Key not found.
hlnfd => Service not found.
==== End of Fixlog ====


----------



## Mark1956 (May 7, 2011)

From your comment it sounds like we have fixed it. Please continue to use the PC for a few days to make sure all is well and let me know how it goes.


----------



## Britfellow (Dec 26, 2013)

Thank you Mark1956 . I have not seen the "DNS server not responding" as yet. I also tried hooking up another computer to my ether net cable ... no issues there. I still have an issue ... sporadic... with connection to my e-mail .. is this possibly linked to the other issue?.
Thank you again ... very much appreciated.


----------



## Mark1956 (May 7, 2011)

Not sure what could cause that and you're most welcome.

Which browser are you using to log in to your email, whichever one it is, try using the other browser and see it it displays the same problem.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 .... , I have used my laptop quite a lot over the past two days ... have not had any issues with the " DNS server not responding" message .... I think that we can say that you have cleared that gremlin!.
Thank you so much. Is it ok for me to periodically run the " clean up" programs that you gave me whilst investigating the recent issue?.
Thank you again ... much appreciated.


----------



## Mark1956 (May 7, 2011)

That sounds encouraging, but what is the current state of your email access?

You should remove all the tools used by right clicking on them and selecting Delete. You can keep Adwcleaner as that is the most useful (user friendly) tool for keeping adware off the system.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ... I am still having sporadic issues with e-mail access. Sometimes when I log on with my ID and password I get a message " that page cannot be displayed" , clicking on the " fix connection " button activates the " troubleshooting" programme, typically the message report is " troubleshooting cannot identify the problem". When I click on " close", I am taken to my e-mail page !. This also happens on some other web pages. Typically this all happens when I first start up my laptop, thereafter I don't USUALLY have the same issues ... not guaranteed though!. I use outlook.com for my e-mail, since Microsoft switched from Hotmail to outlook the issues have cropped up.
Thank you for your help .... good to know that we "rookies" have some backup !


----------



## Mark1956 (May 7, 2011)

I'm not too sure what could be causing that. Run this program and see if it helps:

Download this and save it to the desktop: Windows Repair Use the coloured button next to *Direct Download* just below *Installer (4.81MB)* to start the download. NOTE: DO NOT use the green buttons at the top of the page as this is dubious software that could infect your system with Adware.

Close your browser and any running programs, double click on the Tweaking icon on your desktop to run the tool. When the program opens click on the *Step 4* tab. Under System Restore click on *Create* and wait for the confirmation to appear just below the button.

When complete click on the tab *Start Repairs*, click on the *Start* button. Then click on *Unselect All* and tick the boxes next to the the items in the list below.

When done click on the *Start* button and leave it undisturbed until complete.


Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC/MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Set Windows Services To Default Startup
Restore Important Windows Services


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 .... I followed your instructions ... however, I was not able to copy the report, an advisory box came up saying that the system had to shut down before changes would take effect. I am not now able to find the report ?. Is there a way for me to locate the report?.
Thank you


----------



## Mark1956 (May 7, 2011)

There is no need to post the report, the important thing is to now see if it has done any good.


----------



## Britfellow (Dec 26, 2013)

Thank you Mark1956 .... I will use my laptop for a couple of days to see how it performs ... or not ! ... One immediate improvement seems to be that, when typing, the cursor follows the typing ... of late it has been jumping around, spoiling any typed words, i.e. the cursor would jump from the middle of a word to the beginning and subsequent letters would be in the wrong place, e.g. Mark1956 could be 1956kMar !.
Thank you again ... I will keep you posted. It would have been interesting to see the report .. just curious as to what may have caused the issues.


----------



## Mark1956 (May 7, 2011)

I never bother to ask for the report from Windows Repair as it is not very user friendly and when it fixes something it doesn't tell you why or what was wrong.

Glad to hear that things have improved, let us know how it goes.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ... sorry to report that the original DNS server problem has surfaced again, twice in the space of a few minutes ... once whilst trying to log on to my e-mail , and once whilst trying to log on to a "favourite" site. Also occurring is the " page cannot be displayed" annoyance. 
Something else is adding to the mystery ...in the small display box at top of the MSN home page, usually MSN is displayed, then when I select a site from "favourites" it would switch from MSN to show the selected site ... it does that, but immediately switches back to MSN and I then have to re select the chosen site. Not sure if that is tied in with the other glitches.
Thank you for your help ... and patience.


----------



## Mark1956 (May 7, 2011)

Ok, please run JRT, Adwcleaner and RogueKiller and post all the logs.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ... this is the report from the JRT scan ....
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by james on Fri 02/14/2014 at 11:36:36.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard

~~~ Registry Keys

~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\shoC3A0.tmp

~~~ Folders
Successfully deleted: [Folder] "C:\Users\james\appdata\local\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\bearshare applications"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/14/2014 at 11:44:31.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 .... I ran the Adware scan ... this is the report from that scan......
# AdwCleaner v3.018 - Report created 14/02/2014 at 11:51:37
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : james - JAMES-PC
# Running from : C:\Users\james\Downloads\AdwCleaner (1).exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518

-\\ Google Chrome v
[ File : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [25008 octets] - [05/02/2014 22:27:20]
AdwCleaner[R1].txt - [1119 octets] - [06/02/2014 09:41:21]
AdwCleaner[R2].txt - [996 octets] - [06/02/2014 12:34:23]
AdwCleaner[R3].txt - [3327 octets] - [12/02/2014 10:48:08]
AdwCleaner[R4].txt - [1236 octets] - [12/02/2014 19:17:04]
AdwCleaner[R5].txt - [2283 octets] - [14/02/2014 11:50:30]
AdwCleaner[S0].txt - [23160 octets] - [05/02/2014 22:28:56]
AdwCleaner[S1].txt - [1185 octets] - [06/02/2014 09:42:04]
AdwCleaner[S2].txt - [1056 octets] - [06/02/2014 12:34:53]
AdwCleaner[S3].txt - [2740 octets] - [12/02/2014 10:49:50]
AdwCleaner[S4].txt - [1298 octets] - [12/02/2014 19:18:49]
AdwCleaner[S5].txt - [2210 octets] - [14/02/2014 11:51:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2270 octets] ##########


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 .... Following is the RogueKiller report .....
RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : james [Admin rights]
Mode : Scan -- Date : 02/14/2014 12:09:16
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-75A23T0 +++++
--- User ---
[MBR] 34a59aae8c7068f2d0f2ab1a2538de8d
[BSP] eeff9c9efaaaf620ba88b8864461de13 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_02142014_120916.txt >>


----------



## Mark1956 (May 7, 2011)

A bit of Adware has got back into the system, one of the items removed by JRT was removed on the previous scan so there may will be something recreating it. Please reboot the system, then run JRT again and post the new log so we can see if those detections come back.


----------



## Britfellow (Dec 26, 2013)

Thank you Mark1956 .... this is the latest JRT scan report ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by james on Fri 02/14/2014 at 14:46:51.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



~~~ Services


~~~ Registry Values


~~~ Registry Keys


~~~ Files


~~~ Folders


~~~ Event Viewer Logs were cleared




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/14/2014 at 14:53:34.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Mark1956 (May 7, 2011)

The log is clean, so no problem there.

Try this:

Click on Start and type cmd into the search box.
As the menu pops up right click on cmd and select Run as Administrator.
At the command prompt type the following:

*ipconfig /flushdns* <-- (The space between g and / is needed)

Hit the Enter key and then type:

*ipconfig /renew*

Hit the Enter key, type* Exit*, hit Enter.

Reboot the PC and see if that has fixed the problem.

If that fails then open the command prompt, as above, and type in this command:

*netsh int ip reset resetlog.txt*

Hit the Enter key, wait for confirmation, type in *Exit* and hit the Enter key. Reboot and check again to see if that has fixed it.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ..... I had hopes of success, I ran both of the programs that you indicated. I did not have any issues with the DNS server for two days .. until my last log on 10 minutes ago. I tried logging on to my e-mail, had a long connection delay, then got the " DNS server not responding" . I have been seeing the usual delay in connection, usually with the message " troubleshooting cannot identify the problem", then when I click on " close " I get immediate connection ?????.
Thank you for your help.


----------



## Mark1956 (May 7, 2011)

Ok, try this:

Click on the Start button, type cmd into the search box, when the menu pops up right click on cmd and select Run as Administrator.
Copy and Paste the following commands one at a time at the command prompt and hit the Enter key, wait for confirmation and then do the next one, let me know if you receive any error messages.

*netsh winsock reset catalog

netsh int ipv4 reset reset.log

netsh int ipv6 reset reset.log

netsh int ip reset reset.log hit*

When complete reboot the system and try to connect to the internet.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ... I followed your instruction .....I typed in each individual line ... I was not sure about " copy and paste" .... the second line ... had a note .. " command not found", all other were ok. I was able to connect to the internet without any issues.
Thank you for your help .... and patience.


----------



## Mark1956 (May 7, 2011)

Ok, lets see how long this fix lasts .


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ..... so far there are no DNS server issues, my first e-mail log on after I ran your instructions was successful ... immediate connection. The last log on attempt failed with Windows troubleshooting unable to find a problem ... the message was " a security or firewall setting may be preventing connection" ???, clicking on "close" made an immediate connection!. This all seems to have a life of it's own 
I have not changed any security / firewall settings .... as far as I know.


----------



## Mark1956 (May 7, 2011)

Might be worth having a go at what was suggested in post 5. Your system is presently using the Google Public DNS, there may be something faster available. Or, you could set the system back to automatically finding a DNS server, need any help with that then just ask.

I doubt there is anything in your security or firewall blocking connection, the error message only says 'may be', why it should then connect without further delay is a bit of a mystery.


----------



## Britfellow (Dec 26, 2013)

Thank you Mark1956 .... not sure what I'm doing here ... I looked at posting 5 , a bit confusing. How do I go about setting up your suggestion?.
Thanks again.


----------



## Mark1956 (May 7, 2011)

I'll take you through it one step at a time, first thing is to download the program and run it, it will take 10 minutes or more to complete all the checks then a page of results will appear, in the top right hand corner it will show the fastest DNS server it found, take a screenshot of the page and attach it to your next post.

How to take a screen shot in Vista/Windows 7

*How to attach a screenshot.*
Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on it and a new window opens.
• Click on the *Browse* button, find the screenshot/folder you made earlier and doubleclick on it.
• Now click on the *Upload* button. When done, click on the *Close this window* button at the top of the page.
• Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 ... I followed your instruction .. boy, what an education I'm getting !.


----------



## Mark1956 (May 7, 2011)

That scan has found a DNS server that is nearly 7 times faster than your present one, it should make a noticeable difference.

Follow this guide to change the DNS settings. You need to use the Primary and Secondary server numbers shown below the Recommended configuration (fastest & nearest) box from the screenshot you posted.

How to change DNS settings

When you have entered the new DNS settings, click on Start and type CMD into the Search box, then right click on CMD at the top of the pop up menu and select Run as Administrator.

The command prompt window will open, type in these two commands and hit the Enter key after each one and wait for confirmation.
*
ipconfig /flushdns
ipconfig /registerdns*

When complete run this temporary file cleaner:

NOTE: This will empty your recycle bin, if you have anything you need in there please save it before you run this scan.

Download Temporary file cleaner and save it to the desktop. Make sure you do not use the Download button in the advert at the top of the page, use the button right next to the name *TFC - Temp File Cleaner by Old Timer*.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

When done try out any of your browsers and see how they perform.


----------



## Britfellow (Dec 26, 2013)

Thank you Mark1956 .... I followed your instruction and changed the DNS server to that indicated on the report. So far I have seen faster response on some connections, however, my e-mail still has connection issues, also, when clicking on a news item on the MSN homepage the bing.com search engine does not respond .... same old " page cannot be displayed" , but clicking on the " close " button gets an immediate connection ????!. I'm of the opinion that something is out of whack with Microsoft products.
Thank you for your help and patience.


Update .... In an attempt to help myself I went back and checked the DNS setting that I had installed this morning .... on the primary selection a number was out of place .... I corrected the sequence , shut down my laptop, re-booted and checked the DNS setting again, this time it was correct. I will use my laptop for a day or so and see what happens. Hopefully my error (?) was the reason for the connection issue's ??


----------



## Mark1956 (May 7, 2011)

Lets see how it goes, but as you have changed the DNS number again you should repeat the running of the *ipconfig /flushdns *and* ipconfig /registerdns* commands in the command prompt as you did before and do another run with the temp file cleaner, just to be sure the old settings are flushed out.


----------



## Britfellow (Dec 26, 2013)

Thank you Mark1956 .... can I go ahead and flush the old settings now, I have been using the laptop for a few hours .. or should I start from square one and complete the procedure as before ?.
Thank you.


----------



## Mark1956 (May 7, 2011)

All you need to do is run the commands and the temp file cleaner.


----------



## Britfellow (Dec 26, 2013)

Thank you Mark1956 .... did that, all is well as of now.
Thanks again.


----------



## Mark1956 (May 7, 2011)

Ok, let us know how it goes.


----------



## Britfellow (Dec 26, 2013)

Hi Mark1956 .... following almost a full day of use I can report NO connection issues, each log on was an almost instant connection. My laptop is much faster now.
Thank you so much for your guidance and patience.


----------



## Mark1956 (May 7, 2011)

You're welcome and glad to hear everything is ok.

You can delete all the tools used and any of the saved logs by right clicking on the item and selecting delete. You should keep Adwcleaner to run regular scans for Adware.

If there are any more problems please post again.


----------

