Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is infected. [Solved]


  • This topic is locked This topic is locked

#31
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, yes the Firefox button used to be Reset but is now Refresh.  If you can, copy the file to your USB stick. 

 

I'll post the JRT log for you here, and we still do have some tools at our disposal.  I'll be back...


  • 0

Advertisements


#32
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Question: You did right-click on the JRT program and select "Run as administrator", correct?  It seems odd to me that there is nothing listed aside from categories, but it may be OK...

 

Here's the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.1 (04.23.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ginette on 23/04/2015 at 13:44:47.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/04/2015 at 13:48:31.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#33
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Wait a minute!  :idea:

 

Try clicking on the More Reply Options button below the lower right corner of the editor box (next to the Post button)...

 

MoreReplyOptionsBtn.png

 

Now copy your AdwCleaner log contents and try pasting them into the advanced editor window.  Does the Paste command show up now???


  • 0

#34
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

did run as administrator. I did JRT again will post it. Should I delete Firefox. I tried to post adw log. I got it on my usb but it will not copy and when I try to attach it says error that I am not permitted to upload this kind of file.

Attached Files

  • Attached File  JRT.txt   1.3KB   89 downloads

Edited by ginnyjoe, 23 April 2015 - 03:02 PM.

  • 0

#35
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Ok I clicked on the clipboard and it pasted. Yeah

 

# AdwCleaner v3.017 - Report created 25/01/2014 at 23:02:15

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Ginette - GINETTE-HP

# Running from : C:\Users\Ginette\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\~0

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\iWin

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Program Files (x86)\1ClickDownload

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\BrowseFox

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Gophoto.it

Folder Deleted : C:\Program Files (x86)\jZip

Folder Deleted : C:\Program Files (x86)\PriceGong

Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer

Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

Folder Deleted : C:\Users\Ginette\AppData\Local\Conduit

Folder Deleted : C:\Users\Ginette\AppData\Local\jZip

Folder Deleted : C:\Users\Ginette\AppData\Local\PackageAware

Folder Deleted : C:\Users\Ginette\AppData\Local\Searchprotect

Folder Deleted : C:\Windows\TEMP\AskSearch

Folder Deleted : C:\Users\Ginette\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Ginette\AppData\LocalLow\Delta

Folder Deleted : C:\Users\Ginette\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Ginette\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Ginette\AppData\Roaming\Funmoods

Folder Deleted : C:\Users\Ginette\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Ginette\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\Smartbar

Folder Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\SweetPacksToolbarData

Folder Deleted : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Folder Deleted : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Folder Deleted : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\njljkdinboobkmkihgcohanchjnjpgjk

File Deleted : C:\END

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\Ginette\AppData\Local\funmoods.crx

File Deleted : C:\Windows\TEMP\Uninstall.exe

File Deleted : C:\Users\Ginette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk

File Deleted : C:\Users\Ginette\Desktop\jZip.lnk

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml

File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\Conduit.xml

File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\conduit-search.xml

File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\delta.xml

File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\Search_Results.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml

File Deleted : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\user.js

File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ppdjnkblmcjfnlogjjhpigpdgpcgdpll

Key Deleted : HKCU\Software\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader

Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1

Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO

Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\f

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\jZip.file

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe

Key Deleted : HKCU\Software\5d538cdee268ef12

Key Deleted : HKLM\SOFTWARE\5d538cdee268ef12

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3283791

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291326

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_turbozip_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_turbozip_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{006232F7-DBD6-4631-84E8-66EA161B43C4}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9507101-E464-4B3B-A4CB-291AAEDD94F2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443D-956C-DC523D85C9DB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\BrowseFox

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\delta LTD

Key Deleted : HKCU\Software\Funmoods

Key Deleted : HKCU\Software\jZip

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\Software\jZip

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v23.0.1 (en-US)

 

[ File : C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\prefs.js ]

 

Line Deleted : user_pref("CT3283791.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3283791.FF19Solved", "true");

Line Deleted : user_pref("CT3283791.FirstTime", "true");

Line Deleted : user_pref("CT3283791.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3283791.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=UM_ID&q=");

Line Deleted : user_pref("CT3283791.UserID", "UN33033134220457639");

Line Deleted : user_pref("CT3283791.YTbyClickFavorites.enc", "W10=");

Line Deleted : user_pref("CT3283791.YTbyClickRecent.enc", "W10=");

Line Deleted : user_pref("CT3283791.addressBarTakeOverEnabledInHidden", "true");

Line Deleted : user_pref("CT3283791.autoDisableScopes", 14);

Line Deleted : user_pref("CT3283791.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3283791.countryCode", "CA");

Line Deleted : user_pref("CT3283791.defaultSearch", "true");

Line Deleted : user_pref("CT3283791.enableAlerts", "always");

Line Deleted : user_pref("CT3283791.enableFix404ByUser", "FALSE");

Line Deleted : user_pref("CT3283791.enableSearchFromAddressBar", "true");

Line Deleted : user_pref("CT3283791.firstTimeDialogOpened", "true");

Line Deleted : user_pref("CT3283791.fixPageNotFoundError", "true");

Line Deleted : user_pref("CT3283791.fixPageNotFoundErrorByUser", "true");

Line Deleted : user_pref("CT3283791.fixPageNotFoundErrorInHidden", "true");

Line Deleted : user_pref("CT3283791.fixUrls", true);

Line Deleted : user_pref("CT3283791.fullUserID", "UN33033134220457639.UP.20130704074257");

Line Deleted : user_pref("CT3283791.homepageuserchanged", true);

Line Deleted : user_pref("CT3283791.installDate", "2/3/2013 23:03:18");

Line Deleted : user_pref("CT3283791.installId", "conduitinstaller.exe");

Line Deleted : user_pref("CT3283791.installType", "conduitnsisintegration");

Line Deleted : user_pref("CT3283791.isCheckedStartAsHidden", true);

Line Deleted : user_pref("CT3283791.isFirstTimeToolbarLoading", "false");

Line Deleted : user_pref("CT3283791.keyword", "true");

Line Deleted : user_pref("CT3283791.lastVersion", "10.16.70.505");

Line Deleted : user_pref("CT3283791.mam_gk_CouponBuddy_appState.enc", "b24=");

Line Deleted : user_pref("CT3283791.mam_gk_PriceGong_appState.enc", "b24=");

Line Deleted : user_pref("CT3283791.mam_gk_appStateReportTime.enc", "MTM2Mjg4MTIxOTEzNQ==");

Line Deleted : user_pref("CT3283791.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]

Line Deleted : user_pref("CT3283791.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3283791.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQzZmVjMDg1LWNkMzktNGQyZi05MDZhLTAyNTdkZjM2YzlhYiIsImRvbWFpbnMiOls[...]

Line Deleted : user_pref("CT3283791.mam_gk_currentVersion.enc", "MS40LjMuMg==");

Line Deleted : user_pref("CT3283791.mam_gk_eventsCache.enc", "eyI4ZTEyNDIyZi0yOGYwLTQ2YWYtYjZhYi0yMWI2NmZiYzZjNjIiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlkIjoiOGUxMjQyMmYtMjhmMC00N[...]

Line Deleted : user_pref("CT3283791.mam_gk_first_time.enc", "MQ==");

Line Deleted : user_pref("CT3283791.mam_gk_gadgetOpen.enc", "MA==");

Line Deleted : user_pref("CT3283791.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Line Deleted : user_pref("CT3283791.mam_gk_lastLoginTime.enc", "MTM2Mjg4MTIxNTI0Nw==");

Line Deleted : user_pref("CT3283791.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]

Line Deleted : user_pref("CT3283791.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3283791.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]

Line Deleted : user_pref("CT3283791.mam_gk_showCloseButton.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3283791.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3283791.mam_gk_userId.enc", "ODQwZWMxYTctMzEzYi00MWU5LWFkY2EtZjc0MzIyOTliYTk1");

Line Deleted : user_pref("CT3283791.mam_gk_user_apps_selection.enc", "");

Line Deleted : user_pref("CT3283791.migrateAppsAndComponents", true);

Line Deleted : user_pref("CT3283791.missingMachineIdSent", "true");

Line Deleted : user_pref("CT3283791.openThankYouPage", "false");

Line Deleted : user_pref("CT3283791.openUninstallPage", "true");

Line Deleted : user_pref("CT3283791.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=&q=");

Line Deleted : user_pref("CT3283791.revertSettingsEnabled", "false");

Line Deleted : user_pref("CT3283791.search.searchAppId", "130043635982747759");

Line Deleted : user_pref("CT3283791.search.searchCount", "0");

Line Deleted : user_pref("CT3283791.searchFromAddressBarEnabledByUser", "true");

Line Deleted : user_pref("CT3283791.searchInNewTabEnabledByUser", "true");

Line Deleted : user_pref("CT3283791.searchInNewTabEnabledInHidden", "true");

Line Deleted : user_pref("CT3283791.searchSuggestEnabledByUser", "true");

Line Deleted : user_pref("CT3283791.searchUserMode", "false");

Line Deleted : user_pref("CT3283791.serviceLayer_services_Configuration_lastUpdate", "1376147127340");

Line Deleted : user_pref("CT3283791.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362881206034");

Line Deleted : user_pref("CT3283791.serviceLayer_services_appsMetadata_lastUpdate", "1362881205976");

Line Deleted : user_pref("CT3283791.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362881205895");

Line Deleted : user_pref("CT3283791.serviceLayer_services_location_lastUpdate", "1372195711295");

Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364741508032");

Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.15.0.562_lastUpdate", "1371873230950");

Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.15.2.523_lastUpdate", "1372238913274");

Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374233826098");

Line Deleted : user_pref("CT3283791.serviceLayer_services_login_10.16.70.505_lastUpdate", "1376147127731");

Line Deleted : user_pref("CT3283791.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362881205938");

Line Deleted : user_pref("CT3283791.serviceLayer_services_searchAPI_lastUpdate", "1376147127304");

Line Deleted : user_pref("CT3283791.serviceLayer_services_serviceMap_lastUpdate", "1376147127192");

Line Deleted : user_pref("CT3283791.serviceLayer_services_setupAPI_lastUpdate", "1362881206059");

Line Deleted : user_pref("CT3283791.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362881205642");

Line Deleted : user_pref("CT3283791.serviceLayer_services_toolbarSettings_lastUpdate", "1376147127455");

Line Deleted : user_pref("CT3283791.serviceLayer_services_translation_lastUpdate", "1376147127607");

Line Deleted : user_pref("CT3283791.settingsINI", true);

Line Deleted : user_pref("CT3283791.shouldFirstTimeDialog", "false");

Line Deleted : user_pref("CT3283791.showToolbarPermission", "false");

Line Deleted : user_pref("CT3283791.smartbar.CTID", "CT3283791");

Line Deleted : user_pref("CT3283791.smartbar.Uninstall", "0");

Line Deleted : user_pref("CT3283791.smartbar.homepage", true);

Line Deleted : user_pref("CT3283791.smartbar.toolbarName", "ytbyclick B1 ");

Line Deleted : user_pref("CT3283791.startPage", "true");

Line Deleted : user_pref("CT3283791.toolbarBornServerTime", "10-3-2013");

Line Deleted : user_pref("CT3283791.toolbarCurrentServerTime", "10-8-2013");

Line Deleted : user_pref("CT3283791.toolbarDisabled", "true");

Line Deleted : user_pref("CT3283791.toolbarLoginClientTime", "Mon Jun 17 2013 23:51:35 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT3291326.FF19Solved", "true");

Line Deleted : user_pref("CT3291326.UserID", "UN22149223555371579");

Line Deleted : user_pref("CT3291326.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3291326.fullUserID", "UN22149223555371579.IN.20130908170348");

Line Deleted : user_pref("CT3291326.installDate", "08/09/2013 17:03:50");

Line Deleted : user_pref("CT3291326.installSessionId", "{56D9894E-5A0A-4E77-B160-A993C7F41448}");

Line Deleted : user_pref("CT3291326.installSp", "TRUE");

Line Deleted : user_pref("CT3291326.installerVersion", "1.6.1.2");

Line Deleted : user_pref("CT3291326.keyword", "true");

Line Deleted : user_pref("CT3291326.originalHomepage", "hxxp://ca.msn.com/|hxxp://www.ehow.com/how_4452356_change-home-page-firefox.html");

Line Deleted : user_pref("CT3291326.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=false&q=");

Line Deleted : user_pref("CT3291326.originalSearchEngine", "ytbyclick B1 Customized Web Search");

Line Deleted : user_pref("CT3291326.originalSearchEngineName", "ytbyclick B1 Customized Web Search");

Line Deleted : user_pref("CT3291326.searchRevert", "false");

Line Deleted : user_pref("CT3291326.searchUserMode", "2");

Line Deleted : user_pref("CT3291326.smartbar.homepage", "true");

Line Deleted : user_pref("CT3291326.versionFromInstaller", "10.19.2.5");

Line Deleted : user_pref("CT3291326.xpeMode", "0");

Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "ytbyclick B1 Customized Web Search");

Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=UM_ID&q=");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=false&q=");

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3283791");

Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.13 Customized Web Search");

Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&CUI=UN22149223555371579&UM=2&SearchSource=3&q={searchTerms}");

Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=6eb7fd3c000000000000d0df9a33ba45");

Line Deleted : user_pref("extensions.funmoods.aflt", "axl");

Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Line Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");

Line Deleted : user_pref("extensions.funmoods.cntry", "CA");

Line Deleted : user_pref("extensions.funmoods.cv", "cv5");

Line Deleted : user_pref("extensions.funmoods.dfltLng", "");

Line Deleted : user_pref("extensions.funmoods.dfltSrch", false);

Line Deleted : user_pref("extensions.funmoods.dfltlng", "en");

Line Deleted : user_pref("extensions.funmoods.dfltsrch", "false");

Line Deleted : user_pref("extensions.funmoods.dnsErr", true);

Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Line Deleted : user_pref("extensions.funmoods.excTlbr", false);

Line Deleted : user_pref("extensions.funmoods.fmupdtFirst", false);

Line Deleted : user_pref("extensions.funmoods.hdrMd5", "25265C511EE2161E0A9D62C59CB52CCD");

Line Deleted : user_pref("extensions.funmoods.hmpg", false);

Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154");

Line Deleted : user_pref("extensions.funmoods.hrdid", "D0DF9A33BA45FD3C");

Line Deleted : user_pref("extensions.funmoods.id", "D0DF9A33BA45FD3C");

Line Deleted : user_pref("extensions.funmoods.instlDay", "15568");

Line Deleted : user_pref("extensions.funmoods.instlRef", "axl");

Line Deleted : user_pref("extensions.funmoods.instlday", "15568");

Line Deleted : user_pref("extensions.funmoods.instlref", "axl");

Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Line Deleted : user_pref("extensions.funmoods.keywordurl", "");

Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:7:5");

Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Line Deleted : user_pref("extensions.funmoods.monitorreport", true);

Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154");

Line Deleted : user_pref("extensions.funmoods.newtab", "false");

Line Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154");

Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Line Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");

Line Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");

Line Deleted : user_pref("extensions.funmoods.sg", "{smplGrp}");

Line Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "19544442d90913bd");

Line Deleted : user_pref("extensions.funmoods.smplgrp", "free");

Line Deleted : user_pref("extensions.funmoods.srch", "");

Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Line Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");

Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154&[...]

Line Deleted : user_pref("extensions.funmoods.tlbrid", "base");

Line Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AtAtA0B0AyEyD0F0DtA0CtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785560154&[...]

Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Line Deleted : user_pref("extensions.funmoods.vrsnts", "");

Line Deleted : user_pref("extensions.funmoods_i.newTab", false);

Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:7:5");

Line Deleted : user_pref("searchreset.backup.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=61&CUI=UN22149223555371579&UM=2&UP=SPFF5DC88C-9185-460F-90C6-01D171CA7F[...]

Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3283791");

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3291326");

Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3283791&octid=CT3283791&SearchSource=61&CUI=UN33033134220457639&UM=UM_ID&UP=SP11511E82-2212-4BAF-8C8B-B61C4538BA37,hxxp://s[...]

Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3283791&SearchSource=2&CUI=UN33033134220457639&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]

Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291326");

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3291326");

Line Deleted : user_pref("smartbar.machineId", "K7OY+J+BL+OSS2OXL50RXRDFHP/AAIOG05VN6GJ9MBMG0R3I7CGBNNDPJW5RZB7MVAFELT+OJUSOZJS7TD6Z3Q");

Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://isearch.avg.com/?cid={661BD582-63D8-43E9-948C-D1DC91D01798}&mid=68a402d36a7d4039a14e6b06faad0df2-dc06851b40e306c3cc1d573d12d035915e84b793&lang=en&ds=hk01[...]

Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?cid={661BD582-63D8-43E9-948C-D1DC91D01798}&mid=68a402d36a7d4039a14e6b06faad0df2-dc06851b40e306c3cc1d573d12d035915e84b793&l[...]

Line Deleted : user_pref("smartbar.originalSearchEngine", "AVG Secure Search");

Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");

Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");

Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");

Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");

Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");

Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");

Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");

Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");

Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");

Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");

Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");

Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");

Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");

Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");

Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");

Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");

Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");

Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");

Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");

Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");

Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");

Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");

Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");

Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]

Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");

Line Deleted : user_pref("sweetim.toolbar.newtab.created", "false");

Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");

Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");

Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");

Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");

Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{B0E18D55-E806-11E1-9D51-2C27D7337176}");

Line Deleted : user_pref("sweetim.toolbar.version", "1.9.0.0");

 

-\\ Google Chrome v

 

[ File : C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [43233 octets] - [25/01/2014 22:59:29]

AdwCleaner[S0].txt - [42696 octets] - [25/01/2014 23:02:15]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [42757 octets] ##########


Edited by ginnyjoe, 23 April 2015 - 03:05 PM.

  • 0

#36
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Woo-hoo!  You got it to work finally!  :yeah:

 

Have you been using the More Reply Options button right along, or did you just try it and now you can Paste?


  • 0

#37
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

You can uninstall Firefox if you like, but there were a lot of malware-related items that AdwCleaner removed.  I would like you to reboot first.

 

Next, let's run the following scans:

 

First

 

Please download Farbar Service Scanner, save it to the Desktop, and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

Second

 

Scan with Security Check

Please download Security Check by Screen317 and save it to your Desktop.

  • Right-click on the downloaded program and select Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan shouldn't take very long.
  • Soon a notepad document called checkup.txt will open automatically.

Please include the contents of that document in your next reply.


  • 0

#38
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

I have been using the more Reply Options all along. This time I again used the more options but I clicked on the clipboard and because I had already copied it the clipboard added it in. I tried copy and paste again no luck so I will do the more options.

 

Farbar Service Scanner Version: 17-01-2015
Ran by Ginette (administrator) on 23-04-2015 at 18:22:36
Running from "C:\Users\Ginette\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

 Results of screen317's Security Check version 1.00 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 17.0.0.169 
 Adobe Reader XI 
 Mozilla Firefox (37.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

Fss was done with the clipboard and Security check was able to copy and paste. What a puzzle. Oh and Firefox still will not

open unless I do administrator even though I did a restart.
 


Edited by ginnyjoe, 23 April 2015 - 04:42 PM.

  • 0

#39
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, good, another step forward... :)  

 

I find that in the forum software here, I can sometimes more easily use Control-C (copy) and Control-V (paste).  Sometimes, if my cursor is at the end the text in the editor window, I won't get the Paste option myself... but the keyboard commands still work.

 

We still have more to do, so hang tight for right now while I prepare the next steps for you.


  • 0

#40
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, the next scans/tools we need are below:

 

 

First

 

Run Windows Repair (All In One)

Please download Windows Repair All-In-One Portable by Tweaking.com to your Desktop.
 

  • Extract the downloaded zip file to your Desktop by right-clicking on the file and selecting Extract...
  • Open My Computer, and browse to your Desktop.  Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
    • When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" and the Create button under "2. System Restore":
      backup_zps9blpxusb.png
    • Now, select the Repairs tab, then click on the "Open Repairs" button:
      repairs_zpscvq674py.png
    • Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue.  Agree to any User Account Control prompts.
    • In the list that it presents put a check (tick) in the following as follows:
      NOTE: The below image is only for a reference.  Please select the following items:
      • 01 - Reset Registry Permissions

      • 02 - Reset File Permissions
      • 03 - Reset Service Permissions
      • 04 - Register System Files
      • 05 - Repair WMI
      • 06 - Repair Windows Firewall
      • 07 - Repair Internet Explorer
      • 09 - Repair Hosts File
      • 10 - Remove Policies Set by Infections
      • 11 - Repair Start Menu Icons Removed By Infections
      • 12 - Repair Icons
      • 13 - Repair Winsock & DNS Cache
      • 14 - Remove Temp Files
      • 15 - Repair Proxy Settings
      • 16 - Unhide Non System Files
      • 19 - Repair Volume Shadow Copy Service
      • 22 - Repair Windows Snipping Tool
      • 23 - Repair File Associations
      • 26 - Restore Important Windows Services
      • 27 - Set Windows Services to Default Startup
      • 32 - Restore UAC (User Account Control) Settings
      repair_selections2_zpsf8t0tzwz.png
    • Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
    • Then click on the Start Repairs button if it doesn't do it automatically
    • If it asks you to back up your system click Yes and continue
  • After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply.
  • The computer should reboot automatically..

 

 

Second

Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application.  (x.x.x.xxxx represents the current version number).
  • If prompted to uninstall a previous version, please do so.
  • During installation, make sure to uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish.  You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
     
  • If an update is found, it should download and install the latest updates automatically:
    MBAM_Dash_zpsd9c2j7gn.png
     
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM_ScanSettings_zpsobmtmm4g.png
     
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM_Dash_zpsd9c2j7gn.png
     
  • The scan may take some time to finish,so please be patient.
    MBAM_Scanning_zps7ytxgci2.png
     
  • When the scan is complete, it will show you the results:
    MBAM_Remove_zpszsjiczt4.png
     
  • Make sure that everything is checked, and click Remove Selected (or similar).
  • When disinfection is completed, a log may open in Notepad and you may be prompted to Restart.  (See Extra Note below)
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
  • Choose the latest Scan Log:
    MBAM_ScanLog_zpslkvxr7dk.png
     
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.
    MBAM_ExportLog_zpswbzi1y40.png
  • Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


Third

 

Please run a free online scan with the ESET Online Scanner:

Important: You must use Internet Explorer and also disable your Anti-Virus scanner for this step!
 

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to Yes, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications.
  • Select Advanced Settings:
    ESET2_zpsc701c045.png
  • Check the option Enable Anti-Stealth technology, but make sure that Remove found threats is unchecked!
  • Click Start.  (This scan can take several hours, so please be patient.)
  • Allow the program to update:
    ESETupdate_zps36feabec.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Important: Make sure that the Uninstall application on close and Delete quarantined files checkboxes are both unchecked !

    Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)
  • Copy and paste that log as a reply to this topic.

 

 


  • 0

Advertisements


#41
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Tweaking.com - Windows Repair v3.1.3
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GINETTE-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ginette
Current Profile SID: S-1-5-21-3037352765-1606511786-2657095333-1000
Current Profile Classes: S-1-5-21-3037352765-1606511786-2657095333-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ginette\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 07:41:20

Process Count: 76
Commit Total: 2.21 GB
Commit Limit: 7.93 GB
Commit Peak: 3.58 GB
Handle Count: 26793
Kernel Total: 482.70 MB
Kernel Paged: 396.13 MB
Kernel Non Paged: 86.58 MB
System Cache: 1.38 GB
Thread Count: 1002
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.63 GB(41.162%)
Memory Avail.: 2.33 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.36 GB(34.2201%)
Memory Avail.: 2.61 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (24/04/2015 3:07:26 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 174
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (24/04/2015 3:07:39 PM)

   Running Repair Under Current User Account
   Done (24/04/2015 3:08:18 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (24/04/2015 3:08:18 PM)

Decompressing & Updating Windows Permission File services.txt
Done,  0.44 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:15:23 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (24/04/2015 3:15:23 PM)

   Running Repair Under System Account
   Done (24/04/2015 3:16:58 PM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (24/04/2015 3:16:58 PM)

   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (24/04/2015 3:29:38 PM)

02 - Reset File Permissions: D:
   D: & Sub Folders
   Start (24/04/2015 3:29:38 PM)

   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (24/04/2015 3:29:50 PM)

02 - Reset File Permissions: All Profiles
   C:\Users & Sub Folders
   Start (24/04/2015 3:29:50 PM)

   Running Repair Under System Account
   Done (24/04/2015 3:34:04 PM)

02 - Reset File Permissions: Current Profile
   C:\Users\Ginette & Sub Folders
   Start (24/04/2015 3:34:04 PM)

   Running Repair Under System Account
   Done (24/04/2015 3:37:42 PM)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (24/04/2015 3:37:42 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:37:55 PM)

03 - Reset Service Permissions
   Start (24/04/2015 3:37:55 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:39:20 PM)

04 - Register System Files
   Start (24/04/2015 3:39:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:40:54 PM)

05 - Repair WMI
   Start (24/04/2015 3:40:54 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Microsoft Security Essentials Exported.

   Exporting AntiSpyware Info...
   Microsoft Security Essentials Exported.
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (24/04/2015 3:43:47 PM)

06 - Repair Windows Firewall
   Start (24/04/2015 3:43:47 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.17 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:44:22 PM)

07 - Repair Internet Explorer
   Start (24/04/2015 3:44:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:45:47 PM)

08 - Repair MDAC/MS Jet
   Start (24/04/2015 3:45:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:46:21 PM)

09 - Repair Hosts File
   Start (24/04/2015 3:46:21 PM)
   Running Repair Under System Account
   Done (24/04/2015 3:46:29 PM)

10 - Remove Policies Set By Infections
   Start (24/04/2015 3:46:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:46:45 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (24/04/2015 3:46:45 PM)
   Running Repair Under System Account
   Done (24/04/2015 3:46:53 PM)

12 - Repair Icons
   Start (24/04/2015 3:46:54 PM)
   Running Repair Under Current User Account
   Done (24/04/2015 3:46:55 PM)

13 - Repair Winsock & DNS Cache
   Start (24/04/2015 3:46:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:47:35 PM)

14 - Remove Temp Files
   Start (24/04/2015 3:47:35 PM)
   Running Repair Under System Account
   Done (24/04/2015 3:47:47 PM)

15 - Repair Proxy Settings
   Start (24/04/2015 3:47:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:47:59 PM)

16 - Unhide Non System Files
   Start (24/04/2015 3:47:59 PM)
   C:\ - Total Files Unhidden: 689 - Check Unhidden_Files.txt for list of files unhidden
   D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
   Done (24/04/2015 3:48:26 PM)

19 - Repair Volume Shadow Copy Service
   Start (24/04/2015 3:48:26 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.17 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:49:02 PM)

22 - Repair Windows Snipping Tool
   Start (24/04/2015 3:49:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:11 PM)

23.01 - Repair bat Association
   Start (24/04/2015 3:49:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:20 PM)

23.02 - Repair cmd Association
   Start (24/04/2015 3:49:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:30 PM)

23.03 - Repair com Association
   Start (24/04/2015 3:49:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:39 PM)

23.04 - Repair Directory Association
   Start (24/04/2015 3:49:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:49 PM)

23.05 - Repair Drive Association
   Start (24/04/2015 3:49:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:58 PM)

23.06 - Repair exe Association
   Start (24/04/2015 3:49:58 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:07 PM)

23.07 - Repair Folder Association
   Start (24/04/2015 3:50:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:17 PM)

23.08 - Repair inf Association
   Start (24/04/2015 3:50:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:26 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (24/04/2015 3:50:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:35 PM)

23.10 - Repair msc Association
   Start (24/04/2015 3:50:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:45 PM)

23.11 - Repair reg Association
   Start (24/04/2015 3:50:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:54 PM)

23.12 - Repair scr Association
   Start (24/04/2015 3:50:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:51:04 PM)

26 - Restore Important Windows Services
   Start (24/04/2015 3:51:04 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.19 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:51:27 PM)

27 - Set Windows Services To Default Startup
   Start (24/04/2015 3:51:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:51:47 PM)

32 - Restore UAC (User Account Control) Settings
   Start (24/04/2015 3:51:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:51:57 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (24/04/2015 3:51:57 PM)
   Total Repair Time: 00:44:33

...YOU MUST RESTART YOUR SYSTEM...

Tweaking.com - Windows Repair v3.1.3
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GINETTE-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ginette
Current Profile SID: S-1-5-21-3037352765-1606511786-2657095333-1000
Current Profile Classes: S-1-5-21-3037352765-1606511786-2657095333-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ginette\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 07:41:20

Process Count: 76
Commit Total: 2.21 GB
Commit Limit: 7.93 GB
Commit Peak: 3.58 GB
Handle Count: 26793
Kernel Total: 482.70 MB
Kernel Paged: 396.13 MB
Kernel Non Paged: 86.58 MB
System Cache: 1.38 GB
Thread Count: 1002
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.63 GB(41.162%)
Memory Avail.: 2.33 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.36 GB(34.2201%)
Memory Avail.: 2.61 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (24/04/2015 3:07:26 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 174
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (24/04/2015 3:07:39 PM)

   Running Repair Under Current User Account
   Done (24/04/2015 3:08:18 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (24/04/2015 3:08:18 PM)

Decompressing & Updating Windows Permission File services.txt
Done,  0.44 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:15:23 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (24/04/2015 3:15:23 PM)

   Running Repair Under System Account
   Done (24/04/2015 3:16:58 PM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (24/04/2015 3:16:58 PM)

   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (24/04/2015 3:29:38 PM)

02 - Reset File Permissions: D:
   D: & Sub Folders
   Start (24/04/2015 3:29:38 PM)

   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (24/04/2015 3:29:50 PM)

02 - Reset File Permissions: All Profiles
   C:\Users & Sub Folders
   Start (24/04/2015 3:29:50 PM)

   Running Repair Under System Account
   Done (24/04/2015 3:34:04 PM)

02 - Reset File Permissions: Current Profile
   C:\Users\Ginette & Sub Folders
   Start (24/04/2015 3:34:04 PM)

   Running Repair Under System Account
   Done (24/04/2015 3:37:42 PM)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (24/04/2015 3:37:42 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:37:55 PM)

03 - Reset Service Permissions
   Start (24/04/2015 3:37:55 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:39:20 PM)

04 - Register System Files
   Start (24/04/2015 3:39:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:40:54 PM)

05 - Repair WMI
   Start (24/04/2015 3:40:54 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Microsoft Security Essentials Exported.

   Exporting AntiSpyware Info...
   Microsoft Security Essentials Exported.
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (24/04/2015 3:43:47 PM)

06 - Repair Windows Firewall
   Start (24/04/2015 3:43:47 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.17 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:44:22 PM)

07 - Repair Internet Explorer
   Start (24/04/2015 3:44:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:45:47 PM)

08 - Repair MDAC/MS Jet
   Start (24/04/2015 3:45:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:46:21 PM)

09 - Repair Hosts File
   Start (24/04/2015 3:46:21 PM)
   Running Repair Under System Account
   Done (24/04/2015 3:46:29 PM)

10 - Remove Policies Set By Infections
   Start (24/04/2015 3:46:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:46:45 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (24/04/2015 3:46:45 PM)
   Running Repair Under System Account
   Done (24/04/2015 3:46:53 PM)

12 - Repair Icons
   Start (24/04/2015 3:46:54 PM)
   Running Repair Under Current User Account
   Done (24/04/2015 3:46:55 PM)

13 - Repair Winsock & DNS Cache
   Start (24/04/2015 3:46:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:47:35 PM)

14 - Remove Temp Files
   Start (24/04/2015 3:47:35 PM)
   Running Repair Under System Account
   Done (24/04/2015 3:47:47 PM)

15 - Repair Proxy Settings
   Start (24/04/2015 3:47:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:47:59 PM)

16 - Unhide Non System Files
   Start (24/04/2015 3:47:59 PM)
   C:\ - Total Files Unhidden: 689 - Check Unhidden_Files.txt for list of files unhidden
   D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
   Done (24/04/2015 3:48:26 PM)

19 - Repair Volume Shadow Copy Service
   Start (24/04/2015 3:48:26 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.17 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:49:02 PM)

22 - Repair Windows Snipping Tool
   Start (24/04/2015 3:49:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:11 PM)

23.01 - Repair bat Association
   Start (24/04/2015 3:49:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:20 PM)

23.02 - Repair cmd Association
   Start (24/04/2015 3:49:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:30 PM)

23.03 - Repair com Association
   Start (24/04/2015 3:49:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:39 PM)

23.04 - Repair Directory Association
   Start (24/04/2015 3:49:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:49 PM)

23.05 - Repair Drive Association
   Start (24/04/2015 3:49:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:58 PM)

23.06 - Repair exe Association
   Start (24/04/2015 3:49:58 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:07 PM)

23.07 - Repair Folder Association
   Start (24/04/2015 3:50:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:17 PM)

23.08 - Repair inf Association
   Start (24/04/2015 3:50:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:26 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (24/04/2015 3:50:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:35 PM)

23.10 - Repair msc Association
   Start (24/04/2015 3:50:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:45 PM)

23.11 - Repair reg Association
   Start (24/04/2015 3:50:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:54 PM)

23.12 - Repair scr Association
   Start (24/04/2015 3:50:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:51:04 PM)

26 - Restore Important Windows Services
   Start (24/04/2015 3:51:04 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.19 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:51:27 PM)

27 - Set Windows Services To Default Startup
   Start (24/04/2015 3:51:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:51:47 PM)

32 - Restore UAC (User Account Control) Settings
   Start (24/04/2015 3:51:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:51:57 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (24/04/2015 3:51:57 PM)
   Total Repair Time: 00:44:33

...YOU MUST RESTART YOUR SYSTEM...

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],

Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],

Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],

Physical Sectors: 0
(No malicious items detected)

(end)

C:\Program Files (x86)\SR Toolbar\Datamngr\ChromeExtension\lib\default-config.js JS/Bandoo.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winzipdusetup.exe a variant of Win32/Systweak.N potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\winziprosetup.exe a variant of Win32/Systweak potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\BrowserConnection.dll Win32/Toolbar.SearchSuite.H potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\datamngr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.R potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\BrowserConnection.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\datamngr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\.60307506\x64\IEBHO.dll Win64/Toolbar.SearchSuite potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\197F0BF7-BAB0-7891-8815-D8B0C573E7C9\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\nsb42AF.tmp\__localxml.xml Win32/DownloadAdmin.A.Gen potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SearchquMediaBar.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application
C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\SR\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application
C:\Windows\Installer\MSIDCD7.tmp-\srpu.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application

 

www.malwarebytes.org

Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],

Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],

Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#42
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Sorry, it looks like there are two Windows AIO Repair logs, and then 2 posts of the Malwarebytes log, but between them is interrupted by other lines and it's not clear what log they come from...

 

Also, I"m not sure why the logs are coming up a italicized.  It makes them more difficult to read. 

 

Click your mouse anywhere in the editor after pasting a log in (yay you can paste!), then:

  1. Either right-click and choose Select All, or press Control+A
  2. Then click the Remove Formatting button in the toolbar RemoveFormatting.png

This will remove any formatting from the text.

 

Please re-post:

  1. The entire Malwarebytes log as a single post, then
  2. The entire ESET scan results as another separate post (when it's complete of course, if it isn't already).

  • 0

#43
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],

Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],

Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],

Physical Sectors: 0
(No malicious items detected)

(end)


Edited by ginnyjoe, 24 April 2015 - 09:21 PM.

  • 0

#44
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/04/2015
Scan Time: 4:17:22 PM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.24.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ginette

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425174
Time Elapsed: 29 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b1b577f93753e155b7122d96b3506997],

Registry Values: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [1c4acda3533711250ab9e3e01ce7cc34]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\defaults\preferences, Quarantined, [d492c7a9bfcb191dd2194d76df247987],

Files: 10
PUP.Optional.Bandoo.A, C:\Users\Ginette\AppData\Local\Temp\Searchqu_DM\DataMngr.dll, Quarantined, [25415b15e1a9ef4720ba0939e521ae52],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\manifest.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\chromeid.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\conduit.xml, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\CT3283791.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\dtime.csf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\initData.json, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\setup.ini.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\version.txt, Quarantined, [d492c7a9bfcb191dd2194d76df247987],
PUP.Optional.ConduitTB.Gen, C:\Users\Ginette\AppData\Local\Temp\ct3283791\xpi\install.rdf, Quarantined, [d492c7a9bfcb191dd2194d76df247987],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#45
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Tweaking.com - Windows Repair v3.1.3
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: GINETTE-HP
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ginette
Current Profile SID: S-1-5-21-3037352765-1606511786-2657095333-1000
Current Profile Classes: S-1-5-21-3037352765-1606511786-2657095333-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ginette\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 07:41:20

Process Count: 76
Commit Total: 2.21 GB
Commit Limit: 7.93 GB
Commit Peak: 3.58 GB
Handle Count: 26793
Kernel Total: 482.70 MB
Kernel Paged: 396.13 MB
Kernel Non Paged: 86.58 MB
System Cache: 1.38 GB
Thread Count: 1002
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.63 GB(41.162%)
Memory Avail.: 2.33 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.97 GB
Memory Used: 1.36 GB(34.2201%)
Memory Avail.: 2.61 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (24/04/2015 3:07:26 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 174
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (24/04/2015 3:07:39 PM)

   Running Repair Under Current User Account
   Done (24/04/2015 3:08:18 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (24/04/2015 3:08:18 PM)

Decompressing & Updating Windows Permission File services.txt
Done,  0.44 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:15:23 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (24/04/2015 3:15:23 PM)

   Running Repair Under System Account
   Done (24/04/2015 3:16:58 PM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (24/04/2015 3:16:58 PM)

   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (24/04/2015 3:29:38 PM)

02 - Reset File Permissions: D:
   D: & Sub Folders
   Start (24/04/2015 3:29:38 PM)

   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (24/04/2015 3:29:50 PM)

02 - Reset File Permissions: All Profiles
   C:\Users & Sub Folders
   Start (24/04/2015 3:29:50 PM)

   Running Repair Under System Account
   Done (24/04/2015 3:34:04 PM)

02 - Reset File Permissions: Current Profile
   C:\Users\Ginette & Sub Folders
   Start (24/04/2015 3:34:04 PM)

   Running Repair Under System Account
   Done (24/04/2015 3:37:42 PM)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (24/04/2015 3:37:42 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:37:55 PM)

03 - Reset Service Permissions
   Start (24/04/2015 3:37:55 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:39:20 PM)

04 - Register System Files
   Start (24/04/2015 3:39:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:40:54 PM)

05 - Repair WMI
   Start (24/04/2015 3:40:54 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Microsoft Security Essentials Exported.

   Exporting AntiSpyware Info...
   Microsoft Security Essentials Exported.
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (24/04/2015 3:43:47 PM)

06 - Repair Windows Firewall
   Start (24/04/2015 3:43:47 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.17 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:44:22 PM)

07 - Repair Internet Explorer
   Start (24/04/2015 3:44:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:45:47 PM)

08 - Repair MDAC/MS Jet
   Start (24/04/2015 3:45:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:46:21 PM)

09 - Repair Hosts File
   Start (24/04/2015 3:46:21 PM)
   Running Repair Under System Account
   Done (24/04/2015 3:46:29 PM)

10 - Remove Policies Set By Infections
   Start (24/04/2015 3:46:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:46:45 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (24/04/2015 3:46:45 PM)
   Running Repair Under System Account
   Done (24/04/2015 3:46:53 PM)

12 - Repair Icons
   Start (24/04/2015 3:46:54 PM)
   Running Repair Under Current User Account
   Done (24/04/2015 3:46:55 PM)

13 - Repair Winsock & DNS Cache
   Start (24/04/2015 3:46:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:47:35 PM)

14 - Remove Temp Files
   Start (24/04/2015 3:47:35 PM)
   Running Repair Under System Account
   Done (24/04/2015 3:47:47 PM)

15 - Repair Proxy Settings
   Start (24/04/2015 3:47:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:47:59 PM)

16 - Unhide Non System Files
   Start (24/04/2015 3:47:59 PM)
   C:\ - Total Files Unhidden: 689 - Check Unhidden_Files.txt for list of files unhidden
   D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden
   Done (24/04/2015 3:48:26 PM)

19 - Repair Volume Shadow Copy Service
   Start (24/04/2015 3:48:26 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.17 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:49:02 PM)

22 - Repair Windows Snipping Tool
   Start (24/04/2015 3:49:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:11 PM)

23.01 - Repair bat Association
   Start (24/04/2015 3:49:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:20 PM)

23.02 - Repair cmd Association
   Start (24/04/2015 3:49:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:30 PM)

23.03 - Repair com Association
   Start (24/04/2015 3:49:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:39 PM)

23.04 - Repair Directory Association
   Start (24/04/2015 3:49:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:49 PM)

23.05 - Repair Drive Association
   Start (24/04/2015 3:49:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:49:58 PM)

23.06 - Repair exe Association
   Start (24/04/2015 3:49:58 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:07 PM)

23.07 - Repair Folder Association
   Start (24/04/2015 3:50:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:17 PM)

23.08 - Repair inf Association
   Start (24/04/2015 3:50:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:26 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (24/04/2015 3:50:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:35 PM)

23.10 - Repair msc Association
   Start (24/04/2015 3:50:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:45 PM)

23.11 - Repair reg Association
   Start (24/04/2015 3:50:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:50:54 PM)

23.12 - Repair scr Association
   Start (24/04/2015 3:50:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:51:04 PM)

26 - Restore Important Windows Services
   Start (24/04/2015 3:51:04 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.19 seconds.

   Running Repair Under System Account
   Done (24/04/2015 3:51:27 PM)

27 - Set Windows Services To Default Startup
   Start (24/04/2015 3:51:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:51:47 PM)

32 - Restore UAC (User Account Control) Settings
   Start (24/04/2015 3:51:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (24/04/2015 3:51:57 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (24/04/2015 3:51:57 PM)
   Total Repair Time: 00:44:33

...YOU MUST RESTART YOUR SYSTEM...


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP