This topic is lockedOK, yes the Firefox button used to be Reset but is now Refresh. If you can, copy the file to your USB stick.
I'll post the JRT log for you here, and we still do have some tools at our disposal. I'll be back...
My computer is infected. [Solved]
Started by
ginnyjoe
, Apr 15 2015 01:22 PM
#32
Posted 23 April 2015 - 02:36 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Question: You did right-click on the JRT program and select "Run as administrator", correct? It seems odd to me that there is nothing listed aside from categories, but it may be OK...
Here's the JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.1 (04.23.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ginette on 23/04/2015 at 13:44:47.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/04/2015 at 13:48:31.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#33
Posted 23 April 2015 - 02:51 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Wait a minute! 
Try clicking on the More Reply Options button below the lower right corner of the editor box (next to the Post button)...
Now copy your AdwCleaner log contents and try pasting them into the advanced editor window. Does the Paste command show up now???
#34
Posted 23 April 2015 - 03:01 PM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
did run as administrator. I did JRT again will post it. Should I delete Firefox. I tried to post adw log. I got it on my usb but it will not copy and when I try to attach it says error that I am not permitted to upload this kind of file.
Attached Files
-
JRT.txt 1.3KB
190 downloads
Edited by ginnyjoe, 23 April 2015 - 03:02 PM.
#35
Posted 23 April 2015 - 03:03 PM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
Ok I clicked on the clipboard and it pasted. Yeah
# AdwCleaner v3.017 - Report created 25/01/2014 at 23:02:15
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ginette - GINETTE-HP
# Running from : C:\Users\Ginette\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\BrowseFox
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\PriceGong
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Ginette\AppData\Local\Conduit
Folder Deleted : C:\Users\Ginette\AppData\Local\jZip
Folder Deleted : C:\Users\Ginette\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ginette\AppData\Local\Searchprotect
Folder Deleted : C:\Windows\TEMP\AskSearch
Folder Deleted : C:\Users\Ginette\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ginette\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Ginette\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Ginette\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ginette\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Ginette\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Ginette\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\Smartbar
Folder Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\njljkdinboobkmkihgcohanchjnjpgjk
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Ginette\AppData\Local\funmoods.crx
File Deleted : C:\Windows\TEMP\Uninstall.exe
File Deleted : C:\Users\Ginette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Deleted : C:\Users\Ginette\Desktop\jZip.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\delta.xml
File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ppdjnkblmcjfnlogjjhpigpdgpcgdpll
Key Deleted : HKCU\Software\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Key Deleted : HKCU\Software\5d538cdee268ef12
Key Deleted : HKLM\SOFTWARE\5d538cdee268ef12
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3283791
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291326
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_turbozip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_turbozip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{006232F7-DBD6-4631-84E8-66EA161B43C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BrowseFox
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v23.0.1 (en-US)
[ File : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\prefs.js ]
Line Deleted : user_pref("CT3283791.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3283791.FF19Solved", "true");
Line Deleted : user_pref("CT3283791.FirstTime", "true");
Line Deleted : user_pref("CT3283791.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3283791.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=UM_ID&q=");
Line Deleted : user_pref("CT3283791.UserID", "UN33033134220457639");
Line Deleted : user_pref("CT3283791.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3283791.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3283791.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3283791.autoDisableScopes", 14);
Line Deleted : user_pref("CT3283791.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3283791.countryCode", "CA");
Line Deleted : user_pref("CT3283791.defaultSearch", "true");
Line Deleted : user_pref("CT3283791.enableAlerts", "always");
Line Deleted : user_pref("CT3283791.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3283791.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3283791.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3283791.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3283791.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3283791.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3283791.fixUrls", true);
Line Deleted : user_pref("CT3283791.fullUserID", "UN33033134220457639.UP.20130704074257");
Line Deleted : user_pref("CT3283791.homepageuserchanged", true);
Line Deleted : user_pref("CT3283791.installDate", "2/3/2013 23:03:18");
Line Deleted : user_pref("CT3283791.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3283791.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3283791.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3283791.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3283791.keyword", "true");
Line Deleted : user_pref("CT3283791.lastVersion", "10.16.70.505");
Line Deleted : user_pref("CT3283791.mam_gk_CouponBuddy_appState.enc", "b24=");
Line Deleted : user_pref("CT3283791.mam_gk_PriceGong_appState.enc", "b24=");
Line Deleted : user_pref("CT3283791.mam_gk_appStateReportTime.enc", "MTM2Mjg4MTIxOTEzNQ==");
Line Deleted : user_pref("CT3283791.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3283791.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3283791.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQzZmVjMDg1LWNkMzktNGQyZi05MDZhLTAyNTdkZjM2YzlhYiIsImRvbWFpbnMiOls[...]
Line Deleted : user_pref("CT3283791.mam_gk_currentVersion.enc", "MS40LjMuMg==");
Line Deleted : user_pref("CT3283791.mam_gk_eventsCache.enc", "eyI4ZTEyNDIyZi0yOGYwLTQ2YWYtYjZhYi0yMWI2NmZiYzZjNjIiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlkIjoiOGUxMjQyMmYtMjhmMC00N[...]
Line Deleted : user_pref("CT3283791.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3283791.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3283791.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3283791.mam_gk_lastLoginTime.enc", "MTM2Mjg4MTIxNTI0Nw==");
Line Deleted : user_pref("CT3283791.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3283791.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3283791.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3283791.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3283791.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3283791.mam_gk_userId.enc", "ODQwZWMxYTctMzEzYi00MWU5LWFkY2EtZjc0MzIyOTliYTk1");
Line Deleted : user_pref("CT3283791.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3283791.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3283791.missingMachineIdSent", "true");
Line Deleted : user_pref("CT3283791.openThankYouPage", "false");
Line Deleted : user_pref("CT3283791.openUninstallPage", "true");
Line Deleted : user_pref("CT3283791.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=&q=");
Line Deleted : user_pref("CT3283791.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3283791.search.searchAppId", "130043635982747759");
Line Deleted : user_pref("CT3283791.search.searchCount", "0");
Line Deleted : user_pref("CT3283791.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3283791.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3283791.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3283791.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3283791.searchUserMode", "false");
Line Deleted : user_pref("CT3283791.serviceLayer_services_Configuration_lastUpdate", "1376147127340");
Line Deleted : user_pref("CT3283791.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362881206034");
Line Deleted : user_pref("CT3283791.serviceLayer_services_appsMetadata_lastUpdate", "1362881205976");
Line Deleted : user_pref("CT3283791.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362881205895");
Line Deleted : user_pref("CT3283791.serviceLayer_services_location_lastUpdate", "1372195711295");
Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364741508032");
Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.15.0.562_lastUpdate", "1371873230950");
Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.15.2.523_lastUpdate", "1372238913274");
Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374233826098");
Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.16.70.505_lastUpdate", "1376147127731");
Line Deleted : user_pref("CT3283791.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362881205938");
Line Deleted : user_pref("CT3283791.serviceLayer_services_searchAPI_lastUpdate", "1376147127304");
Line Deleted : user_pref("CT3283791.serviceLayer_services_serviceMap_lastUpdate", "1376147127192");
Line Deleted : user_pref("CT3283791.serviceLayer_services_setupAPI_lastUpdate", "1362881206059");
Line Deleted : user_pref("CT3283791.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362881205642");
Line Deleted : user_pref("CT3283791.serviceLayer_services_toolbarSettings_lastUpdate", "1376147127455");
Line Deleted : user_pref("CT3283791.serviceLayer_services_translation_lastUpdate", "1376147127607");
Line Deleted : user_pref("CT3283791.settingsINI", true);
Line Deleted : user_pref("CT3283791.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3283791.showToolbarPermission", "false");
Line Deleted : user_pref("CT3283791.smartbar.CTID", "CT3283791");
Line Deleted : user_pref("CT3283791.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3283791.smartbar.homepage", true);
Line Deleted : user_pref("CT3283791.smartbar.toolbarName", "ytbyclick B1 ");
Line Deleted : user_pref("CT3283791.startPage", "true");
Line Deleted : user_pref("CT3283791.toolbarBornServerTime", "10-3-2013");
Line Deleted : user_pref("CT3283791.toolbarCurrentServerTime", "10-8-2013");
Line Deleted : user_pref("CT3283791.toolbarDisabled", "true");
Line Deleted : user_pref("CT3283791.toolbarLoginClientTime", "Mon Jun 17 2013 23:51:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3291326.FF19Solved", "true");
Line Deleted : user_pref("CT3291326.UserID", "UN22149223555371579");
Line Deleted : user_pref("CT3291326.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3291326.fullUserID", "UN22149223555371579.IN.20130908170348");
Line Deleted : user_pref("CT3291326.installDate", "08/09/2013 17:03:50");
Line Deleted : user_pref("CT3291326.installSessionId", "{56D9894E-5A0A-4E77-B160-A993C7F41448}");
Line Deleted : user_pref("CT3291326.installSp", "TRUE");
Line Deleted : user_pref("CT3291326.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3291326.keyword", "true");
Line Deleted : user_pref("CT3291326.originalHomepage", "hxxp://ca.msn.com/|hxxp://www.ehow.com/how_4452356_change-home-page-firefox.html");
Line Deleted : user_pref("CT3291326.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=false&q=");
Line Deleted : user_pref("CT3291326.originalSearchEngine", "ytbyclick B1 Customized Web Search");
Line Deleted : user_pref("CT3291326.originalSearchEngineName", "ytbyclick B1 Customized Web Search");
Line Deleted : user_pref("CT3291326.searchRevert", "false");
Line Deleted : user_pref("CT3291326.searchUserMode", "2");
Line Deleted : user_pref("CT3291326.smartbar.homepage", "true");
Line Deleted : user_pref("CT3291326.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3291326.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "ytbyclick B1 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=UM_ID&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=false&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3283791");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.13 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&CUI=UN22149223555371579&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=6eb7fd3c000000000000d0df9a33ba45");
Line Deleted : user_pref("extensions.funmoods.aflt", "axl");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Line Deleted : user_pref("extensions.funmoods.cntry", "CA");
Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Line Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Line Deleted : user_pref("extensions.funmoods.dfltsrch", "false");
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.fmupdtFirst", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "25265C511EE2161E0A9D62C59CB52CCD");
Line Deleted : user_pref("extensions.funmoods.hmpg", false);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154");
Line Deleted : user_pref("extensions.funmoods.hrdid", "D0DF9A33BA45FD3C");
Line Deleted : user_pref("extensions.funmoods.id", "D0DF9A33BA45FD3C");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15568");
Line Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Line Deleted : user_pref("extensions.funmoods.instlday", "15568");
Line Deleted : user_pref("extensions.funmoods.instlref", "axl");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.keywordurl", "");
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:7:5");
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.monitorreport", true);
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154");
Line Deleted : user_pref("extensions.funmoods.newtab", "false");
Line Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154");
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Line Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Line Deleted : user_pref("extensions.funmoods.sg", "{smplGrp}");
Line Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "19544442d90913bd");
Line Deleted : user_pref("extensions.funmoods.smplgrp", "free");
Line Deleted : user_pref("extensions.funmoods.srch", "");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154&[...]
Line Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154&[...]
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnts", "");
Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:7:5");
Line Deleted : user_pref("searchreset.backup.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=61&CUI=UN22149223555371579&UM=2&UP=SPFF5DC88C-9185-460F-90C6-01D171CA7F[...]
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3283791");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3291326");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3283791&octid=CT3283791&SearchSource=61&CUI=UN33033134220457639&UM=UM_ID&UP=SP11511E82-2212-4BAF-8C8B-B61C4538BA37,hxxp://s[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291326");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3291326");
Line Deleted : user_pref("smartbar.machineId", "K7OY+J+BL+OSS2OXL50RXRDFHP/AAIOG05VN6GJ9MBMG0R3I7CGBNNDPJW5RZB7MVAFELT+OJUSOZJS7TD6Z3Q");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://isearch.avg.com/?cid={661BD582-63D8-43E9-948C-D1DC91D01798}&mid=68a402d36a7d4039a14e6b06faad0df2-dc06851b40e306c3cc1d573d12d035915e84b793&lang=en&ds=hk01[...]
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?cid={661BD582-63D8-43E9-948C-D1DC91D01798}&mid=68a402d36a7d4039a14e6b06faad0df2-dc06851b40e306c3cc1d573d12d035915e84b793&l[...]
Line Deleted : user_pref("smartbar.originalSearchEngine", "AVG Secure Search");
Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{B0E18D55-E806-11E1-9D51-2C27D7337176}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.9.0.0");
-\\ Google Chrome v
[ File : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [43233 octets] - [25/01/2014 22:59:29]
AdwCleaner[S0].txt - [42696 octets] - [25/01/2014 23:02:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [42757 octets] ##########
Edited by ginnyjoe, 23 April 2015 - 03:05 PM.
#36
Posted 23 April 2015 - 03:06 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Woo-hoo! You got it to work finally! 
Have you been using the More Reply Options button right along, or did you just try it and now you can Paste?
#37
Posted 23 April 2015 - 03:24 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
You can uninstall Firefox if you like, but there were a lot of malware-related items that AdwCleaner removed. I would like you to reboot first.
Next, let's run the following scans:
First
Please download Farbar Service Scanner, save it to the Desktop, and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Second
Scan with Security Check
Please download Security Check by Screen317 and save it to your Desktop.
- Right-click on the downloaded program and select Run as Administrator to start the tool.
- Follow onscreen instructions inside the black box. This scan shouldn't take very long.
- Soon a notepad document called checkup.txt will open automatically.
Please include the contents of that document in your next reply.
#38
Posted 23 April 2015 - 04:39 PM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
I have been using the more Reply Options all along. This time I again used the more options but I clicked on the clipboard and because I had already copied it the clipboard added it in. I tried copy and paste again no luck so I will do the more options.
Farbar Service Scanner Version: 17-01-2015
Ran by Ginette (administrator) on 23-04-2015 at 18:22:36
Running from "C:\Users\Ginette\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Results of screen317's Security Check version 1.00
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (37.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Fss was done with the clipboard and Security check was able to copy and paste. What a puzzle. Oh and Firefox still will not
open unless I do administrator even though I did a restart.
Edited by ginnyjoe, 23 April 2015 - 04:42 PM.
#39
Posted 23 April 2015 - 07:23 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
OK, good, another step forward... 
I find that in the forum software here, I can sometimes more easily use Control-C (copy) and Control-V (paste). Sometimes, if my cursor is at the end the text in the editor window, I won't get the Paste option myself... but the keyboard commands still work.
We still have more to do, so hang tight for right now while I prepare the next steps for you.
#40
Posted 24 April 2015 - 11:25 AM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
OK, the next scans/tools we need are below:
First
Run Windows Repair (All In One)
Please download Windows Repair All-In-One Portable by Tweaking.com to your Desktop.
- Extract the downloaded zip file to your Desktop by right-clicking on the file and selecting Extract...
- Open My Computer, and browse to your Desktop. Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
- When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" and the Create button under "2. System Restore":
- Now, select the Repairs tab, then click on the "Open Repairs" button:
- Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue. Agree to any User Account Control prompts.
- In the list that it presents put a check (tick) in the following as follows:
NOTE: The below image is only for a reference. Please select the following items:-
01 - Reset Registry Permissions
- 02 - Reset File Permissions
- 03 - Reset Service Permissions
- 04 - Register System Files
- 05 - Repair WMI
- 06 - Repair Windows Firewall
- 07 - Repair Internet Explorer
- 09 - Repair Hosts File
- 10 - Remove Policies Set by Infections
- 11 - Repair Start Menu Icons Removed By Infections
- 12 - Repair Icons
- 13 - Repair Winsock & DNS Cache
- 14 - Remove Temp Files
- 15 - Repair Proxy Settings
- 16 - Unhide Non System Files
- 19 - Repair Volume Shadow Copy Service
- 22 - Repair Windows Snipping Tool
- 23 - Repair File Associations
- 26 - Restore Important Windows Services
- 27 - Set Windows Services to Default Startup
- 32 - Restore UAC (User Account Control) Settings
-
- Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
- Then click on the Start Repairs button if it doesn't do it automatically
- If it asks you to back up your system click Yes and continue
- When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" and the Create button under "2. System Restore":
- After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply.
- The computer should reboot automatically..
Second
Install and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here
- Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
- If prompted to uninstall a previous version, please do so.
- During installation, make sure to uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later
:
- If an update is found, it should download and install the latest updates automatically:
- Now select the Settings tab, and check the box next to Scan for rootkits:
- Go back to the Dashboard tab, and click the Scan Now button:
- The scan may take some time to finish,so please be patient.
- When the scan is complete, it will show you the results:
- Make sure that everything is checked, and click Remove Selected (or similar).
- When disinfection is completed, a log may open in Notepad and you may be prompted to Restart. (See Extra Note below)
- The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
- Choose the latest Scan Log:
- In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
- Copy & Paste the entire contents of the report log in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.
Third
Please run a free online scan with the ESET Online Scanner:
Important: You must use Internet Explorer and also disable your Anti-Virus scanner for this step!
- Visit the ESET Online Scanner Web Page
- Select the blue Run ESET Online Scanner button:
- Tick the box next to Yes, I accept the Terms of Use and click Start
- When asked, allow the ActiveX control to install.
- Select Enable detection of potentially unwanted applications.
- Select Advanced Settings:
- Check the option Enable Anti-Stealth technology, but make sure that Remove found threats is unchecked!
- Click Start. (This scan can take several hours, so please be patient.)
- Allow the program to update:
- Once the scan is completed, select List of found threats:
- Select Export to text file... and save the file as ESETlog.txt on your Desktop:
- Click the Back button.
- Important: Make sure that the Uninstall application on close and Delete quarantined files checkboxes are both unchecked !
Click the Finish button:
- Use Notepad to open the saved log file (on your Desktop- ESET.txt)
- Copy and paste that log as a reply to this topic.
#41
Posted 24 April 2015 - 06:55 PM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
Tweaking.com - Windows Repair v3.1.3
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GINETTE-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ginette
Current Profile SID: S-1-5-21-3037352765-1606511786-2657095333-1000
Current Profile Classes: S-1-5-21-3037352765-1606511786-2657095333-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ginette\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 07:41:20
Process Count: 76
Commit Total: 2.21 GB
Commit Limit: 7.93 GB
Commit Peak: 3.58 GB
Handle Count: 26793
Kernel Total: 482.70 MB
Kernel Paged: 396.13 MB
Kernel Non Paged: 86.58 MB
System Cache: 1.38 GB
Thread Count: 1002
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.63 GB(41.162%)
Memory Avail.: 2.33 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.36 GB(34.2201%)
Memory Avail.: 2.61 GB
--------------------------------------------------------------------------------
Starting Repairs...
Started at (24/04/2015 3:07:26 PM)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 174
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (24/04/2015 3:07:39 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:08:18 PM)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (24/04/2015 3:08:18 PM)
Decompressing & Updating Windows Permission File services.txt
Done, 0.44 seconds.
Running Repair Under System Account
Done (24/04/2015 3:15:23 PM)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (24/04/2015 3:15:23 PM)
Running Repair Under System Account
Done (24/04/2015 3:16:58 PM)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (24/04/2015 3:16:58 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:38 PM)
02 - Reset File Permissions: D:
D: & Sub Folders
Start (24/04/2015 3:29:38 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:50 PM)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (24/04/2015 3:29:50 PM)
Running Repair Under System Account
Done (24/04/2015 3:34:04 PM)
02 - Reset File Permissions: Current Profile
C:\Users\Ginette & Sub Folders
Start (24/04/2015 3:34:04 PM)
Running Repair Under System Account
Done (24/04/2015 3:37:42 PM)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (24/04/2015 3:37:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:37:55 PM)
03 - Reset Service Permissions
Start (24/04/2015 3:37:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:39:20 PM)
04 - Register System Files
Start (24/04/2015 3:39:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:40:54 PM)
05 - Repair WMI
Start (24/04/2015 3:40:54 PM)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Microsoft Security Essentials Exported.
Exporting AntiSpyware Info...
Microsoft Security Essentials Exported.
Windows Defender Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (24/04/2015 3:43:47 PM)
06 - Repair Windows Firewall
Start (24/04/2015 3:43:47 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:44:22 PM)
07 - Repair Internet Explorer
Start (24/04/2015 3:44:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:45:47 PM)
08 - Repair MDAC/MS Jet
Start (24/04/2015 3:45:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:21 PM)
09 - Repair Hosts File
Start (24/04/2015 3:46:21 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:29 PM)
10 - Remove Policies Set By Infections
Start (24/04/2015 3:46:29 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:45 PM)
11 - Repair Start Menu Icons Removed By Infections
Start (24/04/2015 3:46:45 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:53 PM)
12 - Repair Icons
Start (24/04/2015 3:46:54 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:46:55 PM)
13 - Repair Winsock & DNS Cache
Start (24/04/2015 3:46:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:35 PM)
14 - Remove Temp Files
Start (24/04/2015 3:47:35 PM)
Running Repair Under System Account
Done (24/04/2015 3:47:47 PM)
15 - Repair Proxy Settings
Start (24/04/2015 3:47:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:59 PM)
16 - Unhide Non System Files
Start (24/04/2015 3:47:59 PM)
C:\ - Total Files Unhidden: 689 - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
Done (24/04/2015 3:48:26 PM)
19 - Repair Volume Shadow Copy Service
Start (24/04/2015 3:48:26 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:49:02 PM)
22 - Repair Windows Snipping Tool
Start (24/04/2015 3:49:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:11 PM)
23.01 - Repair bat Association
Start (24/04/2015 3:49:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:20 PM)
23.02 - Repair cmd Association
Start (24/04/2015 3:49:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:30 PM)
23.03 - Repair com Association
Start (24/04/2015 3:49:30 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:39 PM)
23.04 - Repair Directory Association
Start (24/04/2015 3:49:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:49 PM)
23.05 - Repair Drive Association
Start (24/04/2015 3:49:49 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:58 PM)
23.06 - Repair exe Association
Start (24/04/2015 3:49:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:07 PM)
23.07 - Repair Folder Association
Start (24/04/2015 3:50:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:17 PM)
23.08 - Repair inf Association
Start (24/04/2015 3:50:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:26 PM)
23.09 - Repair lnk (Shortcuts) Association
Start (24/04/2015 3:50:26 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:35 PM)
23.10 - Repair msc Association
Start (24/04/2015 3:50:35 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:45 PM)
23.11 - Repair reg Association
Start (24/04/2015 3:50:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:54 PM)
23.12 - Repair scr Association
Start (24/04/2015 3:50:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:04 PM)
26 - Restore Important Windows Services
Start (24/04/2015 3:51:04 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.19 seconds.
Running Repair Under System Account
Done (24/04/2015 3:51:27 PM)
27 - Set Windows Services To Default Startup
Start (24/04/2015 3:51:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:47 PM)
32 - Restore UAC (User Account Control) Settings
Start (24/04/2015 3:51:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:57 PM)
Cleaning up empty logs...
All Selected Repairs Done.
Done at (24/04/2015 3:51:57 PM)
Total Repair Time: 00:44:33
...YOU MUST RESTART YOUR SYSTEM...
Tweaking.com - Windows Repair v3.1.3
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GINETTE-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ginette
Current Profile SID: S-1-5-21-3037352765-1606511786-2657095333-1000
Current Profile Classes: S-1-5-21-3037352765-1606511786-2657095333-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ginette\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 07:41:20
Process Count: 76
Commit Total: 2.21 GB
Commit Limit: 7.93 GB
Commit Peak: 3.58 GB
Handle Count: 26793
Kernel Total: 482.70 MB
Kernel Paged: 396.13 MB
Kernel Non Paged: 86.58 MB
System Cache: 1.38 GB
Thread Count: 1002
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.63 GB(41.162%)
Memory Avail.: 2.33 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.36 GB(34.2201%)
Memory Avail.: 2.61 GB
--------------------------------------------------------------------------------
Starting Repairs...
Started at (24/04/2015 3:07:26 PM)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 174
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (24/04/2015 3:07:39 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:08:18 PM)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (24/04/2015 3:08:18 PM)
Decompressing & Updating Windows Permission File services.txt
Done, 0.44 seconds.
Running Repair Under System Account
Done (24/04/2015 3:15:23 PM)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (24/04/2015 3:15:23 PM)
Running Repair Under System Account
Done (24/04/2015 3:16:58 PM)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (24/04/2015 3:16:58 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:38 PM)
02 - Reset File Permissions: D:
D: & Sub Folders
Start (24/04/2015 3:29:38 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:50 PM)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (24/04/2015 3:29:50 PM)
Running Repair Under System Account
Done (24/04/2015 3:34:04 PM)
02 - Reset File Permissions: Current Profile
C:\Users\Ginette & Sub Folders
Start (24/04/2015 3:34:04 PM)
Running Repair Under System Account
Done (24/04/2015 3:37:42 PM)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (24/04/2015 3:37:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:37:55 PM)
03 - Reset Service Permissions
Start (24/04/2015 3:37:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:39:20 PM)
04 - Register System Files
Start (24/04/2015 3:39:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:40:54 PM)
05 - Repair WMI
Start (24/04/2015 3:40:54 PM)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Microsoft Security Essentials Exported.
Exporting AntiSpyware Info...
Microsoft Security Essentials Exported.
Windows Defender Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (24/04/2015 3:43:47 PM)
06 - Repair Windows Firewall
Start (24/04/2015 3:43:47 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:44:22 PM)
07 - Repair Internet Explorer
Start (24/04/2015 3:44:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:45:47 PM)
08 - Repair MDAC/MS Jet
Start (24/04/2015 3:45:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:21 PM)
09 - Repair Hosts File
Start (24/04/2015 3:46:21 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:29 PM)
10 - Remove Policies Set By Infections
Start (24/04/2015 3:46:29 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:45 PM)
11 - Repair Start Menu Icons Removed By Infections
Start (24/04/2015 3:46:45 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:53 PM)
12 - Repair Icons
Start (24/04/2015 3:46:54 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:46:55 PM)
13 - Repair Winsock & DNS Cache
Start (24/04/2015 3:46:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:35 PM)
14 - Remove Temp Files
Start (24/04/2015 3:47:35 PM)
Running Repair Under System Account
Done (24/04/2015 3:47:47 PM)
15 - Repair Proxy Settings
Start (24/04/2015 3:47:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:59 PM)
16 - Unhide Non System Files
Start (24/04/2015 3:47:59 PM)
C:\ - Total Files Unhidden: 689 - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
Done (24/04/2015 3:48:26 PM)
19 - Repair Volume Shadow Copy Service
Start (24/04/2015 3:48:26 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:49:02 PM)
22 - Repair Windows Snipping Tool
Start (24/04/2015 3:49:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:11 PM)
23.01 - Repair bat Association
Start (24/04/2015 3:49:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:20 PM)
23.02 - Repair cmd Association
Start (24/04/2015 3:49:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:30 PM)
23.03 - Repair com Association
Start (24/04/2015 3:49:30 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:39 PM)
23.04 - Repair Directory Association
Start (24/04/2015 3:49:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:49 PM)
23.05 - Repair Drive Association
Start (24/04/2015 3:49:49 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:58 PM)
23.06 - Repair exe Association
Start (24/04/2015 3:49:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:07 PM)
23.07 - Repair Folder Association
Start (24/04/2015 3:50:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:17 PM)
23.08 - Repair inf Association
Start (24/04/2015 3:50:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:26 PM)
23.09 - Repair lnk (Shortcuts) Association
Start (24/04/2015 3:50:26 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:35 PM)
23.10 - Repair msc Association
Start (24/04/2015 3:50:35 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:45 PM)
23.11 - Repair reg Association
Start (24/04/2015 3:50:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:54 PM)
23.12 - Repair scr Association
Start (24/04/2015 3:50:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:04 PM)
26 - Restore Important Windows Services
Start (24/04/2015 3:51:04 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.19 seconds.
Running Repair Under System Account
Done (24/04/2015 3:51:27 PM)
27 - Set Windows Services To Default Startup
Start (24/04/2015 3:51:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:47 PM)
32 - Restore UAC (User Account Control) Settings
Start (24/04/2015 3:51:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:57 PM)
Cleaning up empty logs...
All Selected Repairs Done.
Done at (24/04/2015 3:51:57 PM)
Total Repair Time: 00:44:33
...YOU MUST RESTART YOUR SYSTEM...
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],
Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Physical Sectors: 0
(No malicious items detected)
(end)
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\lib\default-config.js JS/Bandoo.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winzipdusetup.exe a variant of Win32/Systweak.N potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winziprosetup.exe a variant of Win32/Systweak potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\BrowserConnection.dll Win32/Toolbar.SearchSuite.H potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\datamngr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.R potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\BrowserConnection.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\datamngr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\IEBHO.dll Win64/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\nsb42AF.tmp\__localxml.xml Win32/DownloadAdmin.A.Gen potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SearchquMediaBar.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SR\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\srpu.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application
Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],
Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Physical Sectors: 0
(No malicious items detected)
(end)
#42
Posted 24 April 2015 - 07:46 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Sorry, it looks like there are two Windows AIO Repair logs, and then 2 posts of the Malwarebytes log, but between them is interrupted by other lines and it's not clear what log they come from...
Also, I"m not sure why the logs are coming up a italicized. It makes them more difficult to read.
Click your mouse anywhere in the editor after pasting a log in (yay you can paste!), then:
- Either right-click and choose Select All, or press Control+A
- Then click the Remove Formatting button in the toolbar
.
This will remove any formatting from the text.
Please re-post:
- The entire Malwarebytes log as a single post, then
- The entire ESET scan results as another separate post (when it's complete of course, if it isn't already).
#43
Posted 24 April 2015 - 09:14 PM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],
Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Physical Sectors: 0
(No malicious items detected)
(end)
Edited by ginnyjoe, 24 April 2015 - 09:21 PM.
#44
Posted 24 April 2015 - 09:16 PM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],
Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Physical Sectors: 0
(No malicious items detected)
(end)
#45
Posted 24 April 2015 - 09:20 PM
ginnyjoe
- Topic Starter
-
- Member
-
- 242 posts
Member
Tweaking.com - Windows Repair v3.1.3
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GINETTE-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ginette
Current Profile SID: S-1-5-21-3037352765-1606511786-2657095333-1000
Current Profile Classes: S-1-5-21-3037352765-1606511786-2657095333-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ginette\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 07:41:20
Process Count: 76
Commit Total: 2.21 GB
Commit Limit: 7.93 GB
Commit Peak: 3.58 GB
Handle Count: 26793
Kernel Total: 482.70 MB
Kernel Paged: 396.13 MB
Kernel Non Paged: 86.58 MB
System Cache: 1.38 GB
Thread Count: 1002
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.63 GB(41.162%)
Memory Avail.: 2.33 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.36 GB(34.2201%)
Memory Avail.: 2.61 GB
--------------------------------------------------------------------------------
Starting Repairs...
Started at (24/04/2015 3:07:26 PM)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 174
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (24/04/2015 3:07:39 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:08:18 PM)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (24/04/2015 3:08:18 PM)
Decompressing & Updating Windows Permission File services.txt
Done, 0.44 seconds.
Running Repair Under System Account
Done (24/04/2015 3:15:23 PM)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (24/04/2015 3:15:23 PM)
Running Repair Under System Account
Done (24/04/2015 3:16:58 PM)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (24/04/2015 3:16:58 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:38 PM)
02 - Reset File Permissions: D:
D: & Sub Folders
Start (24/04/2015 3:29:38 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:50 PM)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (24/04/2015 3:29:50 PM)
Running Repair Under System Account
Done (24/04/2015 3:34:04 PM)
02 - Reset File Permissions: Current Profile
C:\Users\Ginette & Sub Folders
Start (24/04/2015 3:34:04 PM)
Running Repair Under System Account
Done (24/04/2015 3:37:42 PM)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (24/04/2015 3:37:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:37:55 PM)
03 - Reset Service Permissions
Start (24/04/2015 3:37:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:39:20 PM)
04 - Register System Files
Start (24/04/2015 3:39:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:40:54 PM)
05 - Repair WMI
Start (24/04/2015 3:40:54 PM)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Microsoft Security Essentials Exported.
Exporting AntiSpyware Info...
Microsoft Security Essentials Exported.
Windows Defender Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (24/04/2015 3:43:47 PM)
06 - Repair Windows Firewall
Start (24/04/2015 3:43:47 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:44:22 PM)
07 - Repair Internet Explorer
Start (24/04/2015 3:44:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:45:47 PM)
08 - Repair MDAC/MS Jet
Start (24/04/2015 3:45:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:21 PM)
09 - Repair Hosts File
Start (24/04/2015 3:46:21 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:29 PM)
10 - Remove Policies Set By Infections
Start (24/04/2015 3:46:29 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:45 PM)
11 - Repair Start Menu Icons Removed By Infections
Start (24/04/2015 3:46:45 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:53 PM)
12 - Repair Icons
Start (24/04/2015 3:46:54 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:46:55 PM)
13 - Repair Winsock & DNS Cache
Start (24/04/2015 3:46:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:35 PM)
14 - Remove Temp Files
Start (24/04/2015 3:47:35 PM)
Running Repair Under System Account
Done (24/04/2015 3:47:47 PM)
15 - Repair Proxy Settings
Start (24/04/2015 3:47:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:59 PM)
16 - Unhide Non System Files
Start (24/04/2015 3:47:59 PM)
C:\ - Total Files Unhidden: 689 - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
Done (24/04/2015 3:48:26 PM)
19 - Repair Volume Shadow Copy Service
Start (24/04/2015 3:48:26 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:49:02 PM)
22 - Repair Windows Snipping Tool
Start (24/04/2015 3:49:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:11 PM)
23.01 - Repair bat Association
Start (24/04/2015 3:49:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:20 PM)
23.02 - Repair cmd Association
Start (24/04/2015 3:49:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:30 PM)
23.03 - Repair com Association
Start (24/04/2015 3:49:30 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:39 PM)
23.04 - Repair Directory Association
Start (24/04/2015 3:49:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:49 PM)
23.05 - Repair Drive Association
Start (24/04/2015 3:49:49 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:58 PM)
23.06 - Repair exe Association
Start (24/04/2015 3:49:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:07 PM)
23.07 - Repair Folder Association
Start (24/04/2015 3:50:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:17 PM)
23.08 - Repair inf Association
Start (24/04/2015 3:50:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:26 PM)
23.09 - Repair lnk (Shortcuts) Association
Start (24/04/2015 3:50:26 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:35 PM)
23.10 - Repair msc Association
Start (24/04/2015 3:50:35 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:45 PM)
23.11 - Repair reg Association
Start (24/04/2015 3:50:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:54 PM)
23.12 - Repair scr Association
Start (24/04/2015 3:50:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:04 PM)
26 - Restore Important Windows Services
Start (24/04/2015 3:51:04 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.19 seconds.
Running Repair Under System Account
Done (24/04/2015 3:51:27 PM)
27 - Set Windows Services To Default Startup
Start (24/04/2015 3:51:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:47 PM)
32 - Restore UAC (User Account Control) Settings
Start (24/04/2015 3:51:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:57 PM)
Cleaning up empty logs...
All Selected Repairs Done.
Done at (24/04/2015 3:51:57 PM)
Total Repair Time: 00:44:33
...YOU MUST RESTART YOUR SYSTEM...
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
