OK, yes the Firefox button used to be Reset but is now Refresh. If you can, copy the file to your USB stick.
I'll post the JRT log for you here, and we still do have some tools at our disposal. I'll be back...
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
OK, yes the Firefox button used to be Reset but is now Refresh. If you can, copy the file to your USB stick.
I'll post the JRT log for you here, and we still do have some tools at our disposal. I'll be back...
Question: You did right-click on the JRT program and select "Run as administrator", correct? It seems odd to me that there is nothing listed aside from categories, but it may be OK...
Here's the JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.1 (04.23.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ginette on 23/04/2015 at 13:44:47.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/04/2015 at 13:48:31.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
did run as administrator. I did JRT again will post it. Should I delete Firefox. I tried to post adw log. I got it on my usb but it will not copy and when I try to attach it says error that I am not permitted to upload this kind of file.
Edited by ginnyjoe, 23 April 2015 - 03:02 PM.
Ok I clicked on the clipboard and it pasted. Yeah
# AdwCleaner v3.017 - Report created 25/01/2014 at 23:02:15
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ginette - GINETTE-HP
# Running from : C:\Users\Ginette\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\BrowseFox
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\PriceGong
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Ginette\AppData\Local\Conduit
Folder Deleted : C:\Users\Ginette\AppData\Local\jZip
Folder Deleted : C:\Users\Ginette\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ginette\AppData\Local\Searchprotect
Folder Deleted : C:\Windows\TEMP\AskSearch
Folder Deleted : C:\Users\Ginette\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ginette\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Ginette\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Ginette\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ginette\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Ginette\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Ginette\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\Smartbar
Folder Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\njljkdinboobkmkihgcohanchjnjpgjk
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Ginette\AppData\Local\funmoods.crx
File Deleted : C:\Windows\TEMP\Uninstall.exe
File Deleted : C:\Users\Ginette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Deleted : C:\Users\Ginette\Desktop\jZip.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\delta.xml
File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ppdjnkblmcjfnlogjjhpigpdgpcgdpll
Key Deleted : HKCU\Software\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Key Deleted : HKCU\Software\5d538cdee268ef12
Key Deleted : HKLM\SOFTWARE\5d538cdee268ef12
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3283791
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291326
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_turbozip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_turbozip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{006232F7-DBD6-4631-84E8-66EA161B43C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BrowseFox
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v23.0.1 (en-US)
[ File : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\prefs.js ]
Line Deleted : user_pref("CT3283791.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3283791.FF19Solved", "true");
Line Deleted : user_pref("CT3283791.FirstTime", "true");
Line Deleted : user_pref("CT3283791.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3283791.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=UM_ID&q=");
Line Deleted : user_pref("CT3283791.UserID", "UN33033134220457639");
Line Deleted : user_pref("CT3283791.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3283791.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3283791.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3283791.autoDisableScopes", 14);
Line Deleted : user_pref("CT3283791.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3283791.countryCode", "CA");
Line Deleted : user_pref("CT3283791.defaultSearch", "true");
Line Deleted : user_pref("CT3283791.enableAlerts", "always");
Line Deleted : user_pref("CT3283791.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3283791.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3283791.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3283791.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3283791.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3283791.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3283791.fixUrls", true);
Line Deleted : user_pref("CT3283791.fullUserID", "UN33033134220457639.UP.20130704074257");
Line Deleted : user_pref("CT3283791.homepageuserchanged", true);
Line Deleted : user_pref("CT3283791.installDate", "2/3/2013 23:03:18");
Line Deleted : user_pref("CT3283791.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3283791.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3283791.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3283791.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3283791.keyword", "true");
Line Deleted : user_pref("CT3283791.lastVersion", "10.16.70.505");
Line Deleted : user_pref("CT3283791.mam_gk_CouponBuddy_appState.enc", "b24=");
Line Deleted : user_pref("CT3283791.mam_gk_PriceGong_appState.enc", "b24=");
Line Deleted : user_pref("CT3283791.mam_gk_appStateReportTime.enc", "MTM2Mjg4MTIxOTEzNQ==");
Line Deleted : user_pref("CT3283791.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3283791.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3283791.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQzZmVjMDg1LWNkMzktNGQyZi05MDZhLTAyNTdkZjM2YzlhYiIsImRvbWFpbnMiOls[...]
Line Deleted : user_pref("CT3283791.mam_gk_currentVersion.enc", "MS40LjMuMg==");
Line Deleted : user_pref("CT3283791.mam_gk_eventsCache.enc", "eyI4ZTEyNDIyZi0yOGYwLTQ2YWYtYjZhYi0yMWI2NmZiYzZjNjIiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlkIjoiOGUxMjQyMmYtMjhmMC00N[...]
Line Deleted : user_pref("CT3283791.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3283791.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3283791.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3283791.mam_gk_lastLoginTime.enc", "MTM2Mjg4MTIxNTI0Nw==");
Line Deleted : user_pref("CT3283791.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3283791.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3283791.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3283791.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3283791.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3283791.mam_gk_userId.enc", "ODQwZWMxYTctMzEzYi00MWU5LWFkY2EtZjc0MzIyOTliYTk1");
Line Deleted : user_pref("CT3283791.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3283791.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3283791.missingMachineIdSent", "true");
Line Deleted : user_pref("CT3283791.openThankYouPage", "false");
Line Deleted : user_pref("CT3283791.openUninstallPage", "true");
Line Deleted : user_pref("CT3283791.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=&q=");
Line Deleted : user_pref("CT3283791.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3283791.search.searchAppId", "130043635982747759");
Line Deleted : user_pref("CT3283791.search.searchCount", "0");
Line Deleted : user_pref("CT3283791.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3283791.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3283791.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3283791.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3283791.searchUserMode", "false");
Line Deleted : user_pref("CT3283791.serviceLayer_services_Configuration_lastUpdate", "1376147127340");
Line Deleted : user_pref("CT3283791.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362881206034");
Line Deleted : user_pref("CT3283791.serviceLayer_services_appsMetadata_lastUpdate", "1362881205976");
Line Deleted : user_pref("CT3283791.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362881205895");
Line Deleted : user_pref("CT3283791.serviceLayer_services_location_lastUpdate", "1372195711295");
Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364741508032");
Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.15.0.562_lastUpdate", "1371873230950");
Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.15.2.523_lastUpdate", "1372238913274");
Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374233826098");
Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.16.70.505_lastUpdate", "1376147127731");
Line Deleted : user_pref("CT3283791.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362881205938");
Line Deleted : user_pref("CT3283791.serviceLayer_services_searchAPI_lastUpdate", "1376147127304");
Line Deleted : user_pref("CT3283791.serviceLayer_services_serviceMap_lastUpdate", "1376147127192");
Line Deleted : user_pref("CT3283791.serviceLayer_services_setupAPI_lastUpdate", "1362881206059");
Line Deleted : user_pref("CT3283791.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362881205642");
Line Deleted : user_pref("CT3283791.serviceLayer_services_toolbarSettings_lastUpdate", "1376147127455");
Line Deleted : user_pref("CT3283791.serviceLayer_services_translation_lastUpdate", "1376147127607");
Line Deleted : user_pref("CT3283791.settingsINI", true);
Line Deleted : user_pref("CT3283791.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3283791.showToolbarPermission", "false");
Line Deleted : user_pref("CT3283791.smartbar.CTID", "CT3283791");
Line Deleted : user_pref("CT3283791.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3283791.smartbar.homepage", true);
Line Deleted : user_pref("CT3283791.smartbar.toolbarName", "ytbyclick B1 ");
Line Deleted : user_pref("CT3283791.startPage", "true");
Line Deleted : user_pref("CT3283791.toolbarBornServerTime", "10-3-2013");
Line Deleted : user_pref("CT3283791.toolbarCurrentServerTime", "10-8-2013");
Line Deleted : user_pref("CT3283791.toolbarDisabled", "true");
Line Deleted : user_pref("CT3283791.toolbarLoginClientTime", "Mon Jun 17 2013 23:51:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3291326.FF19Solved", "true");
Line Deleted : user_pref("CT3291326.UserID", "UN22149223555371579");
Line Deleted : user_pref("CT3291326.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3291326.fullUserID", "UN22149223555371579.IN.20130908170348");
Line Deleted : user_pref("CT3291326.installDate", "08/09/2013 17:03:50");
Line Deleted : user_pref("CT3291326.installSessionId", "{56D9894E-5A0A-4E77-B160-A993C7F41448}");
Line Deleted : user_pref("CT3291326.installSp", "TRUE");
Line Deleted : user_pref("CT3291326.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3291326.keyword", "true");
Line Deleted : user_pref("CT3291326.originalHomepage", "hxxp://ca.msn.com/|hxxp://www.ehow.com/how_4452356_change-home-page-firefox.html");
Line Deleted : user_pref("CT3291326.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=false&q=");
Line Deleted : user_pref("CT3291326.originalSearchEngine", "ytbyclick B1 Customized Web Search");
Line Deleted : user_pref("CT3291326.originalSearchEngineName", "ytbyclick B1 Customized Web Search");
Line Deleted : user_pref("CT3291326.searchRevert", "false");
Line Deleted : user_pref("CT3291326.searchUserMode", "2");
Line Deleted : user_pref("CT3291326.smartbar.homepage", "true");
Line Deleted : user_pref("CT3291326.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3291326.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "ytbyclick B1 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=UM_ID&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=false&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3283791");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.13 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&CUI=UN22149223555371579&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=6eb7fd3c000000000000d0df9a33ba45");
Line Deleted : user_pref("extensions.funmoods.aflt", "axl");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Line Deleted : user_pref("extensions.funmoods.cntry", "CA");
Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Line Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Line Deleted : user_pref("extensions.funmoods.dfltsrch", "false");
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.fmupdtFirst", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "25265C511EE2161E0A9D62C59CB52CCD");
Line Deleted : user_pref("extensions.funmoods.hmpg", false);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154");
Line Deleted : user_pref("extensions.funmoods.hrdid", "D0DF9A33BA45FD3C");
Line Deleted : user_pref("extensions.funmoods.id", "D0DF9A33BA45FD3C");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15568");
Line Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Line Deleted : user_pref("extensions.funmoods.instlday", "15568");
Line Deleted : user_pref("extensions.funmoods.instlref", "axl");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.keywordurl", "");
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:7:5");
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.monitorreport", true);
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154");
Line Deleted : user_pref("extensions.funmoods.newtab", "false");
Line Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154");
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Line Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Line Deleted : user_pref("extensions.funmoods.sg", "{smplGrp}");
Line Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "19544442d90913bd");
Line Deleted : user_pref("extensions.funmoods.smplgrp", "free");
Line Deleted : user_pref("extensions.funmoods.srch", "");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154&[...]
Line Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154&[...]
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnts", "");
Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:7:5");
Line Deleted : user_pref("searchreset.backup.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=61&CUI=UN22149223555371579&UM=2&UP=SPFF5DC88C-9185-460F-90C6-01D171CA7F[...]
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3283791");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3291326");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3283791&octid=CT3283791&SearchSource=61&CUI=UN33033134220457639&UM=UM_ID&UP=SP11511E82-2212-4BAF-8C8B-B61C4538BA37,hxxp://s[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291326");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3291326");
Line Deleted : user_pref("smartbar.machineId", "K7OY+J+BL+OSS2OXL50RXRDFHP/AAIOG05VN6GJ9MBMG0R3I7CGBNNDPJW5RZB7MVAFELT+OJUSOZJS7TD6Z3Q");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://isearch.avg.com/?cid={661BD582-63D8-43E9-948C-D1DC91D01798}&mid=68a402d36a7d4039a14e6b06faad0df2-dc06851b40e306c3cc1d573d12d035915e84b793&lang=en&ds=hk01[...]
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?cid={661BD582-63D8-43E9-948C-D1DC91D01798}&mid=68a402d36a7d4039a14e6b06faad0df2-dc06851b40e306c3cc1d573d12d035915e84b793&l[...]
Line Deleted : user_pref("smartbar.originalSearchEngine", "AVG Secure Search");
Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{B0E18D55-E806-11E1-9D51-2C27D7337176}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.9.0.0");
-\\ Google Chrome v
[ File : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [43233 octets] - [25/01/2014 22:59:29]
AdwCleaner[S0].txt - [42696 octets] - [25/01/2014 23:02:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [42757 octets] ##########
Edited by ginnyjoe, 23 April 2015 - 03:05 PM.
Woo-hoo! You got it to work finally!
Have you been using the More Reply Options button right along, or did you just try it and now you can Paste?
You can uninstall Firefox if you like, but there were a lot of malware-related items that AdwCleaner removed. I would like you to reboot first.
Next, let's run the following scans:
First
Please download Farbar Service Scanner, save it to the Desktop, and run it on the computer with the issue.
Second
Scan with Security Check
Please download Security Check by Screen317 and save it to your Desktop.
Please include the contents of that document in your next reply.
I have been using the more Reply Options all along. This time I again used the more options but I clicked on the clipboard and because I had already copied it the clipboard added it in. I tried copy and paste again no luck so I will do the more options.
Farbar Service Scanner Version: 17-01-2015
Ran by Ginette (administrator) on 23-04-2015 at 18:22:36
Running from "C:\Users\Ginette\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Results of screen317's Security Check version 1.00
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (37.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Fss was done with the clipboard and Security check was able to copy and paste. What a puzzle. Oh and Firefox still will not
open unless I do administrator even though I did a restart.
Edited by ginnyjoe, 23 April 2015 - 04:42 PM.
OK, good, another step forward...
I find that in the forum software here, I can sometimes more easily use Control-C (copy) and Control-V (paste). Sometimes, if my cursor is at the end the text in the editor window, I won't get the Paste option myself... but the keyboard commands still work.
We still have more to do, so hang tight for right now while I prepare the next steps for you.
OK, the next scans/tools we need are below:
First
Run Windows Repair (All In One)
Please download Windows Repair All-In-One Portable by Tweaking.com to your Desktop.
01 - Reset Registry Permissions
Second
Install and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.
Third
Please run a free online scan with the ESET Online Scanner:
Important: You must use Internet Explorer and also disable your Anti-Virus scanner for this step!
Tweaking.com - Windows Repair v3.1.3
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GINETTE-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ginette
Current Profile SID: S-1-5-21-3037352765-1606511786-2657095333-1000
Current Profile Classes: S-1-5-21-3037352765-1606511786-2657095333-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ginette\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 07:41:20
Process Count: 76
Commit Total: 2.21 GB
Commit Limit: 7.93 GB
Commit Peak: 3.58 GB
Handle Count: 26793
Kernel Total: 482.70 MB
Kernel Paged: 396.13 MB
Kernel Non Paged: 86.58 MB
System Cache: 1.38 GB
Thread Count: 1002
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.63 GB(41.162%)
Memory Avail.: 2.33 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.36 GB(34.2201%)
Memory Avail.: 2.61 GB
--------------------------------------------------------------------------------
Starting Repairs...
Started at (24/04/2015 3:07:26 PM)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 174
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (24/04/2015 3:07:39 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:08:18 PM)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (24/04/2015 3:08:18 PM)
Decompressing & Updating Windows Permission File services.txt
Done, 0.44 seconds.
Running Repair Under System Account
Done (24/04/2015 3:15:23 PM)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (24/04/2015 3:15:23 PM)
Running Repair Under System Account
Done (24/04/2015 3:16:58 PM)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (24/04/2015 3:16:58 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:38 PM)
02 - Reset File Permissions: D:
D: & Sub Folders
Start (24/04/2015 3:29:38 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:50 PM)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (24/04/2015 3:29:50 PM)
Running Repair Under System Account
Done (24/04/2015 3:34:04 PM)
02 - Reset File Permissions: Current Profile
C:\Users\Ginette & Sub Folders
Start (24/04/2015 3:34:04 PM)
Running Repair Under System Account
Done (24/04/2015 3:37:42 PM)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (24/04/2015 3:37:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:37:55 PM)
03 - Reset Service Permissions
Start (24/04/2015 3:37:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:39:20 PM)
04 - Register System Files
Start (24/04/2015 3:39:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:40:54 PM)
05 - Repair WMI
Start (24/04/2015 3:40:54 PM)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Microsoft Security Essentials Exported.
Exporting AntiSpyware Info...
Microsoft Security Essentials Exported.
Windows Defender Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (24/04/2015 3:43:47 PM)
06 - Repair Windows Firewall
Start (24/04/2015 3:43:47 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:44:22 PM)
07 - Repair Internet Explorer
Start (24/04/2015 3:44:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:45:47 PM)
08 - Repair MDAC/MS Jet
Start (24/04/2015 3:45:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:21 PM)
09 - Repair Hosts File
Start (24/04/2015 3:46:21 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:29 PM)
10 - Remove Policies Set By Infections
Start (24/04/2015 3:46:29 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:45 PM)
11 - Repair Start Menu Icons Removed By Infections
Start (24/04/2015 3:46:45 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:53 PM)
12 - Repair Icons
Start (24/04/2015 3:46:54 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:46:55 PM)
13 - Repair Winsock & DNS Cache
Start (24/04/2015 3:46:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:35 PM)
14 - Remove Temp Files
Start (24/04/2015 3:47:35 PM)
Running Repair Under System Account
Done (24/04/2015 3:47:47 PM)
15 - Repair Proxy Settings
Start (24/04/2015 3:47:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:59 PM)
16 - Unhide Non System Files
Start (24/04/2015 3:47:59 PM)
C:\ - Total Files Unhidden: 689 - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
Done (24/04/2015 3:48:26 PM)
19 - Repair Volume Shadow Copy Service
Start (24/04/2015 3:48:26 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:49:02 PM)
22 - Repair Windows Snipping Tool
Start (24/04/2015 3:49:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:11 PM)
23.01 - Repair bat Association
Start (24/04/2015 3:49:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:20 PM)
23.02 - Repair cmd Association
Start (24/04/2015 3:49:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:30 PM)
23.03 - Repair com Association
Start (24/04/2015 3:49:30 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:39 PM)
23.04 - Repair Directory Association
Start (24/04/2015 3:49:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:49 PM)
23.05 - Repair Drive Association
Start (24/04/2015 3:49:49 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:58 PM)
23.06 - Repair exe Association
Start (24/04/2015 3:49:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:07 PM)
23.07 - Repair Folder Association
Start (24/04/2015 3:50:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:17 PM)
23.08 - Repair inf Association
Start (24/04/2015 3:50:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:26 PM)
23.09 - Repair lnk (Shortcuts) Association
Start (24/04/2015 3:50:26 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:35 PM)
23.10 - Repair msc Association
Start (24/04/2015 3:50:35 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:45 PM)
23.11 - Repair reg Association
Start (24/04/2015 3:50:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:54 PM)
23.12 - Repair scr Association
Start (24/04/2015 3:50:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:04 PM)
26 - Restore Important Windows Services
Start (24/04/2015 3:51:04 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.19 seconds.
Running Repair Under System Account
Done (24/04/2015 3:51:27 PM)
27 - Set Windows Services To Default Startup
Start (24/04/2015 3:51:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:47 PM)
32 - Restore UAC (User Account Control) Settings
Start (24/04/2015 3:51:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:57 PM)
Cleaning up empty logs...
All Selected Repairs Done.
Done at (24/04/2015 3:51:57 PM)
Total Repair Time: 00:44:33
...YOU MUST RESTART YOUR SYSTEM...
Tweaking.com - Windows Repair v3.1.3
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GINETTE-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ginette
Current Profile SID: S-1-5-21-3037352765-1606511786-2657095333-1000
Current Profile Classes: S-1-5-21-3037352765-1606511786-2657095333-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ginette\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 07:41:20
Process Count: 76
Commit Total: 2.21 GB
Commit Limit: 7.93 GB
Commit Peak: 3.58 GB
Handle Count: 26793
Kernel Total: 482.70 MB
Kernel Paged: 396.13 MB
Kernel Non Paged: 86.58 MB
System Cache: 1.38 GB
Thread Count: 1002
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.63 GB(41.162%)
Memory Avail.: 2.33 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.36 GB(34.2201%)
Memory Avail.: 2.61 GB
--------------------------------------------------------------------------------
Starting Repairs...
Started at (24/04/2015 3:07:26 PM)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 174
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (24/04/2015 3:07:39 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:08:18 PM)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (24/04/2015 3:08:18 PM)
Decompressing & Updating Windows Permission File services.txt
Done, 0.44 seconds.
Running Repair Under System Account
Done (24/04/2015 3:15:23 PM)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (24/04/2015 3:15:23 PM)
Running Repair Under System Account
Done (24/04/2015 3:16:58 PM)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (24/04/2015 3:16:58 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:38 PM)
02 - Reset File Permissions: D:
D: & Sub Folders
Start (24/04/2015 3:29:38 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:50 PM)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (24/04/2015 3:29:50 PM)
Running Repair Under System Account
Done (24/04/2015 3:34:04 PM)
02 - Reset File Permissions: Current Profile
C:\Users\Ginette & Sub Folders
Start (24/04/2015 3:34:04 PM)
Running Repair Under System Account
Done (24/04/2015 3:37:42 PM)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (24/04/2015 3:37:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:37:55 PM)
03 - Reset Service Permissions
Start (24/04/2015 3:37:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:39:20 PM)
04 - Register System Files
Start (24/04/2015 3:39:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:40:54 PM)
05 - Repair WMI
Start (24/04/2015 3:40:54 PM)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Microsoft Security Essentials Exported.
Exporting AntiSpyware Info...
Microsoft Security Essentials Exported.
Windows Defender Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (24/04/2015 3:43:47 PM)
06 - Repair Windows Firewall
Start (24/04/2015 3:43:47 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:44:22 PM)
07 - Repair Internet Explorer
Start (24/04/2015 3:44:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:45:47 PM)
08 - Repair MDAC/MS Jet
Start (24/04/2015 3:45:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:21 PM)
09 - Repair Hosts File
Start (24/04/2015 3:46:21 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:29 PM)
10 - Remove Policies Set By Infections
Start (24/04/2015 3:46:29 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:45 PM)
11 - Repair Start Menu Icons Removed By Infections
Start (24/04/2015 3:46:45 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:53 PM)
12 - Repair Icons
Start (24/04/2015 3:46:54 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:46:55 PM)
13 - Repair Winsock & DNS Cache
Start (24/04/2015 3:46:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:35 PM)
14 - Remove Temp Files
Start (24/04/2015 3:47:35 PM)
Running Repair Under System Account
Done (24/04/2015 3:47:47 PM)
15 - Repair Proxy Settings
Start (24/04/2015 3:47:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:59 PM)
16 - Unhide Non System Files
Start (24/04/2015 3:47:59 PM)
C:\ - Total Files Unhidden: 689 - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
Done (24/04/2015 3:48:26 PM)
19 - Repair Volume Shadow Copy Service
Start (24/04/2015 3:48:26 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:49:02 PM)
22 - Repair Windows Snipping Tool
Start (24/04/2015 3:49:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:11 PM)
23.01 - Repair bat Association
Start (24/04/2015 3:49:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:20 PM)
23.02 - Repair cmd Association
Start (24/04/2015 3:49:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:30 PM)
23.03 - Repair com Association
Start (24/04/2015 3:49:30 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:39 PM)
23.04 - Repair Directory Association
Start (24/04/2015 3:49:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:49 PM)
23.05 - Repair Drive Association
Start (24/04/2015 3:49:49 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:58 PM)
23.06 - Repair exe Association
Start (24/04/2015 3:49:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:07 PM)
23.07 - Repair Folder Association
Start (24/04/2015 3:50:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:17 PM)
23.08 - Repair inf Association
Start (24/04/2015 3:50:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:26 PM)
23.09 - Repair lnk (Shortcuts) Association
Start (24/04/2015 3:50:26 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:35 PM)
23.10 - Repair msc Association
Start (24/04/2015 3:50:35 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:45 PM)
23.11 - Repair reg Association
Start (24/04/2015 3:50:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:54 PM)
23.12 - Repair scr Association
Start (24/04/2015 3:50:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:04 PM)
26 - Restore Important Windows Services
Start (24/04/2015 3:51:04 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.19 seconds.
Running Repair Under System Account
Done (24/04/2015 3:51:27 PM)
27 - Set Windows Services To Default Startup
Start (24/04/2015 3:51:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:47 PM)
32 - Restore UAC (User Account Control) Settings
Start (24/04/2015 3:51:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:57 PM)
Cleaning up empty logs...
All Selected Repairs Done.
Done at (24/04/2015 3:51:57 PM)
Total Repair Time: 00:44:33
...YOU MUST RESTART YOUR SYSTEM...
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],
Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Physical Sectors: 0
(No malicious items detected)
(end)
C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\lib\default-config.js JS/Bandoo.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winzipdusetup.exe a variant of Win32/Systweak.N potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winziprosetup.exe a variant of Win32/Systweak potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\BrowserConnection.dll Win32/Toolbar.SearchSuite.H potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\datamngr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.R potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\BrowserConnection.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\datamngr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\IEBHO.dll Win64/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\nsb42AF.tmp\__localxml.xml Win32/DownloadAdmin.A.Gen potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SearchquMediaBar.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SR\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\srpu.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application
Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],
Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Physical Sectors: 0
(No malicious items detected)
(end)
Sorry, it looks like there are two Windows AIO Repair logs, and then 2 posts of the Malwarebytes log, but between them is interrupted by other lines and it's not clear what log they come from...
Also, I"m not sure why the logs are coming up a italicized. It makes them more difficult to read.
Click your mouse anywhere in the editor after pasting a log in (yay you can paste!), then:
This will remove any formatting from the text.
Please re-post:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],
Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Physical Sectors: 0
(No malicious items detected)
(end)
Edited by ginnyjoe, 24 April 2015 - 09:21 PM.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],
Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
Physical Sectors: 0
(No malicious items detected)
(end)
Tweaking.com - Windows Repair v3.1.3
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GINETTE-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ginette
Current Profile SID: S-1-5-21-3037352765-1606511786-2657095333-1000
Current Profile Classes: S-1-5-21-3037352765-1606511786-2657095333-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ginette\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 07:41:20
Process Count: 76
Commit Total: 2.21 GB
Commit Limit: 7.93 GB
Commit Peak: 3.58 GB
Handle Count: 26793
Kernel Total: 482.70 MB
Kernel Paged: 396.13 MB
Kernel Non Paged: 86.58 MB
System Cache: 1.38 GB
Thread Count: 1002
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.63 GB(41.162%)
Memory Avail.: 2.33 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.36 GB(34.2201%)
Memory Avail.: 2.61 GB
--------------------------------------------------------------------------------
Starting Repairs...
Started at (24/04/2015 3:07:26 PM)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 174
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (24/04/2015 3:07:39 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:08:18 PM)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (24/04/2015 3:08:18 PM)
Decompressing & Updating Windows Permission File services.txt
Done, 0.44 seconds.
Running Repair Under System Account
Done (24/04/2015 3:15:23 PM)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (24/04/2015 3:15:23 PM)
Running Repair Under System Account
Done (24/04/2015 3:16:58 PM)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (24/04/2015 3:16:58 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:38 PM)
02 - Reset File Permissions: D:
D: & Sub Folders
Start (24/04/2015 3:29:38 PM)
Trying To Run Repair As Trusted Installer.
This Repair Is Hidden By Windows Itself.
You Can See The Repair Working In The Task Manager.
Running Repair As Trusted Installer
Done (24/04/2015 3:29:50 PM)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (24/04/2015 3:29:50 PM)
Running Repair Under System Account
Done (24/04/2015 3:34:04 PM)
02 - Reset File Permissions: Current Profile
C:\Users\Ginette & Sub Folders
Start (24/04/2015 3:34:04 PM)
Running Repair Under System Account
Done (24/04/2015 3:37:42 PM)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (24/04/2015 3:37:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:37:55 PM)
03 - Reset Service Permissions
Start (24/04/2015 3:37:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:39:20 PM)
04 - Register System Files
Start (24/04/2015 3:39:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:40:54 PM)
05 - Repair WMI
Start (24/04/2015 3:40:54 PM)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Microsoft Security Essentials Exported.
Exporting AntiSpyware Info...
Microsoft Security Essentials Exported.
Windows Defender Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (24/04/2015 3:43:47 PM)
06 - Repair Windows Firewall
Start (24/04/2015 3:43:47 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:44:22 PM)
07 - Repair Internet Explorer
Start (24/04/2015 3:44:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:45:47 PM)
08 - Repair MDAC/MS Jet
Start (24/04/2015 3:45:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:21 PM)
09 - Repair Hosts File
Start (24/04/2015 3:46:21 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:29 PM)
10 - Remove Policies Set By Infections
Start (24/04/2015 3:46:29 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:46:45 PM)
11 - Repair Start Menu Icons Removed By Infections
Start (24/04/2015 3:46:45 PM)
Running Repair Under System Account
Done (24/04/2015 3:46:53 PM)
12 - Repair Icons
Start (24/04/2015 3:46:54 PM)
Running Repair Under Current User Account
Done (24/04/2015 3:46:55 PM)
13 - Repair Winsock & DNS Cache
Start (24/04/2015 3:46:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:35 PM)
14 - Remove Temp Files
Start (24/04/2015 3:47:35 PM)
Running Repair Under System Account
Done (24/04/2015 3:47:47 PM)
15 - Repair Proxy Settings
Start (24/04/2015 3:47:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:47:59 PM)
16 - Unhide Non System Files
Start (24/04/2015 3:47:59 PM)
C:\ - Total Files Unhidden: 689 - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
Done (24/04/2015 3:48:26 PM)
19 - Repair Volume Shadow Copy Service
Start (24/04/2015 3:48:26 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.17 seconds.
Running Repair Under System Account
Done (24/04/2015 3:49:02 PM)
22 - Repair Windows Snipping Tool
Start (24/04/2015 3:49:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:11 PM)
23.01 - Repair bat Association
Start (24/04/2015 3:49:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:20 PM)
23.02 - Repair cmd Association
Start (24/04/2015 3:49:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:30 PM)
23.03 - Repair com Association
Start (24/04/2015 3:49:30 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:39 PM)
23.04 - Repair Directory Association
Start (24/04/2015 3:49:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:49 PM)
23.05 - Repair Drive Association
Start (24/04/2015 3:49:49 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:49:58 PM)
23.06 - Repair exe Association
Start (24/04/2015 3:49:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:07 PM)
23.07 - Repair Folder Association
Start (24/04/2015 3:50:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:17 PM)
23.08 - Repair inf Association
Start (24/04/2015 3:50:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:26 PM)
23.09 - Repair lnk (Shortcuts) Association
Start (24/04/2015 3:50:26 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:35 PM)
23.10 - Repair msc Association
Start (24/04/2015 3:50:35 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:45 PM)
23.11 - Repair reg Association
Start (24/04/2015 3:50:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:50:54 PM)
23.12 - Repair scr Association
Start (24/04/2015 3:50:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:04 PM)
26 - Restore Important Windows Services
Start (24/04/2015 3:51:04 PM)
Running Repair Under Current User Account
Decompressing & Updating Windows Permission File services.txt
Done, 0.19 seconds.
Running Repair Under System Account
Done (24/04/2015 3:51:27 PM)
27 - Set Windows Services To Default Startup
Start (24/04/2015 3:51:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:47 PM)
32 - Restore UAC (User Account Control) Settings
Start (24/04/2015 3:51:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24/04/2015 3:51:57 PM)
Cleaning up empty logs...
All Selected Repairs Done.
Done at (24/04/2015 3:51:57 PM)
Total Repair Time: 00:44:33
...YOU MUST RESTART YOUR SYSTEM...
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.