Jump to content

quarantined pups return immediately


Recommended Posts

Welcome to the forum.

Can you post the log from Malwarebytes.

Please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS may not run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Using Pro

 

 

Latest scan  this AM  reported   131 pups again.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 914031806
 

 

 

 

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.11.9600.16521

3/19/2014 9:25:20 AM
mbam-log-2014-03-19 (09-25-20).txt

Scan type: Quick scan
Objects scanned: 177305
Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 23
Files Infected: 96

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.SearchProtect.A) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3306061 (PUP.Optional.Conduit.A) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9} (PUP.Optional.Conduit.A) -> Delete on reboot.
HKEY_CLASSES_ROOT\Toolbar.CT3306061 (PUP.Optional.Conduit.A) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9} (PUP.Optional.Conduit.A) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} (PUP.Optional.Conduit.A) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit.A) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit.A) -> Value: {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} (PUP.Optional.Conduit.A) -> Value: {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (PUP.Optional.SearchProtect.A) -> Bad: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Delete on reboot.

Folders Infected:
c:\program files\searchprotect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\Main\Logs (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\Main\rep (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\searchprotect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\searchprotect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\searchprotect\Logs (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\searchprotect\rep (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI\dialogs\protectionds (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\program files\searchprotect\UI\rep (PUP.Optional.SearchProtect.A) -> Delete on reboot.
c:\programdata\Conduit\IE (PUP.Optional.Conduit.A) -> Delete on reboot.
c:\programdata\Conduit\IE\ct3306061 (PUP.Optional.Conduit.A) -> Delete on reboot.
c:\program files\connect_dlc_5 (PUP.Optional.Conduit.A) -> Delete on reboot.

Files Infected:
c:\program files\searchprotect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\cltmngsvc.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\sptool.dll_1389824972408 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\sptool.dll_1389824972455 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\sptool.dll_1390836751058 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\sptool.dll_1390836751635 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\sptool.dll_1391029770035 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\sptool.dll_1391029770039 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\sptool.dll_1391386068139 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\sptool.dll_1391452709065 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\sptool.dll_1391452710424 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\Main\rep\systemrepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\searchprotect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\searchprotect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\searchprotect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\searchprotect\bin\spvc32loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\searchprotect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\searchprotect\bin\spvc64loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\bin\cltmngui.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\apply-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\bgsettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\bguninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\btnsilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\libs\dialogutils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\libs\spdialogapi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\protectionds\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\protectionds\protectionds.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\protectionds\protectionds.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\protectionds\protectionds.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\program files\searchprotect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
c:\windows\system32\tasks\backgroundcontainer startup task (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
c:\programdata\Conduit\IE\ct3306061\configutaion.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\programdata\Conduit\IE\ct3306061\setupicon.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\programdata\Conduit\IE\ct3306061\uninstallerui.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\connect_dlc_5toolbarhelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\gottenappscontextmenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\hk64tbconn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\hktbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\ldrtbconn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\otherappscontextmenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\prxtbconn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\sharedappscontextmenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\tbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\toolbar.cfg (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
c:\program files\connect_dlc_5\toolbarcontextmenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 

Link to post
Share on other sites

Rogue Killer report.

 

_________________________

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : root [Admin rights]
Mode : Scan -- Date : 03/19/2014 10:04:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\root\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil ("C:\Windows\system32\Rundll32.exe" "C:\Users\root\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil [7][x][x][x]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\Windows\system32\Rundll32.exe" "C:\Users\root\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-4035242801-2354223624-1984559072-1001\[...]\Run : SearchProtect (C:\Users\root\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-4035242801-2354223624-1984559072-1001\[...]\Run : ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil ("C:\Windows\system32\Rundll32.exe" "C:\Users\root\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil [7][x][x][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-4035242801-2354223624-1984559072-1001\[...]\Run : BackgroundContainer ("C:\Windows\system32\Rundll32.exe" "C:\Users\root\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND
[HJ][PUM] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V2][sUSP PATH] BackgroundContainer Startup Task : "C:\Windows\system32\Rundll32.exe" - "C:\Users\root\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x] -> FOUND
[V2][sUSP PATH] Estelle : C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe - "C:\Users\Estelle\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Estelle.nji" [7][-] -> FOUND
[V2][sUSP PATH] Estelle Merge : "C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe" - "C:\Users\Estelle\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Estelle Merge.nji" [7][-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAKS-75L9A0 ATA Device +++++
--- User ---
[MBR] 3db6cd5fc4ce84d6bc0b9a4b6a2615c7
[bSP] e7a4d88e39462edee4d9ce59ade9badd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 305204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Seagate Backup+  BK USB Device +++++
--- User ---
[MBR] 4ceda6359a8322de9dd2b6aad02fe3c0
[bSP] eae6c95397dfbc20c6b636d2909b6138 : Empty MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953868 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Patriot Memory USB Device +++++
--- User ---
[MBR] 15d879ef288cbe145c288f5f08ef3f1b
[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7630 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_03192014_100433.txt >>
RKreport[0]_S_03192014_094839.txt


 

Link to post
Share on other sites

Had to fight off the dental sites to get this.

Thanks for your patience.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521
Run by root at 20:34:40 on 2014-03-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3292.1804 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Users\Estelle\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\New Eudora\Eudora.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: Connect DLC 5 Toolbar: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - c:\program files\connect_dlc_5\prxtbConn.dll
mURLSearchHooks: Connect DLC 5 Toolbar: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - c:\program files\connect_dlc_5\prxtbConn.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Connect DLC 5 Toolbar: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - c:\program files\connect_dlc_5\prxtbConn.dll
TB: Connect DLC 5 Toolbar: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - c:\program files\connect_dlc_5\prxtbConn.dll
uRun: [searchProtect] c:\users\root\appdata\roaming\searchprotect\bin\cltmng.exe
uRun: [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil] "c:\windows\system32\rundll32.exe" "c:\users\root\appdata\local\temp\ct3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil
uRun: [backgroundContainer] "c:\windows\system32\rundll32.exe" "c:\users\root\appdata\local\conduit\backgroundcontainer\BackgroundContainer.dll",DllRun
uRunOnce: [iCloud] "c:\program files\common files\apple\internet services\iCloud.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DBAgent] "c:\program files\seagate\seagate dashboard 2.0\DBAgent.exe" /WinStart
mRunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
mRunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
mRunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
mRunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},c:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
mRunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},c:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
mRunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},c:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
mRunOnce: [*WerKernelReporting] c:\windows\system32\WerFault.exe -k -rq
dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll


TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D299E71D-8B10-4F79-A9CA-4B1911F743D6} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\root\appdata\roaming\mozilla\firefox\profiles\382vmlaq.default\

FF - prefs.js: browser.search.selectedEngine - Connect DLC 5 Customized Web Search


FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\root\appdata\roaming\mozilla\firefox\profiles\382vmlaq.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\plugins\np-mswmp.dll
FF - plugin: c:\users\root\appdata\roaming\mozilla\firefox\profiles\382vmlaq.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files\abbyy finereader 11\NetworkLicenseServer.exe [2011-10-12 819976]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-4-17 110592]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-3-3 2454816]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-9 366152]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-29 1153368]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files\seagate\seagate dashboard 2.0\MobileService.exe [2014-2-10 157264]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-20 273448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-9 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-12 108032]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104768]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-3 1343400]
.
=============== Created Last 30 ================
.
2014-03-20 02:34:35    62576    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{58cb70f6-1d9c-430c-8111-403a8b5b47d0}\offreg.dll
2014-03-19 05:06:37    7969936    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{58cb70f6-1d9c-430c-8111-403a8b5b47d0}\mpengine.dll
2014-03-18 02:47:58    7969936    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-03-15 00:28:39    765968    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{a27a3365-d4d8-45fc-8e9c-80f138010df4}\gapaengine.dll
2014-03-11 05:11:12    --------    d-----w-    c:\programdata\Nero
2014-03-11 05:10:48    --------    d-----w-    c:\program files\Seagate
2014-03-11 05:07:55    --------    d-----w-    c:\programdata\Seagate
2014-03-11 05:07:54    --------    d-----w-    c:\users\root\appdata\roaming\Seagate
.
==================== Find3M  ====================
.
2014-03-19 04:44:24    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-19 04:44:24    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-01 03:00:08    1964032    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-02-07 01:07:56    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 02:04:22    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-01-29 02:06:47    381440    ----a-w-    c:\windows\system32\wer.dll
2014-01-28 02:07:07    185344    ----a-w-    c:\windows\system32\wwansvc.dll
2014-01-19 07:32:23    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-06 19:23:36    4558848    ----a-w-    c:\windows\system32\GPhotos.scr
2013-12-24 23:09:41    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-12-21 08:56:47    454656    ----a-w-    c:\windows\system32\vbscript.dll
.
============= FINISH: 20:36:09.47 ===============
 

Link to post
Share on other sites

I can't help you if you don't post all the requested logs.

Please post the Attach.txt from DDS.

MrC

 

C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exeC:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exeC:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exeuRun: [SearchProtect] c:\users\root\appdata\roaming\searchprotect\bin\cltmng.exeuRun: [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil] "c:\windows\system32\rundll32.exe" "c:\users\root\appdata\local\temp\ct3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfciluRun: [BackgroundContainer] "c:\windows\system32\rundll32.exe" "c:\users\root\appdata\local\conduit\backgroundcontainer\BackgroundContainer.dll",DllRunAppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dllFF - plugin: c:\users\root\appdata\roaming\mozilla\firefox\profiles\382vmlaq.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\plugins\np-mswmp.dllFF - plugin: c:\users\root\appdata\roaming\mozilla\firefox\profiles\382vmlaq.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\plugins\npConduitFirefoxPlugin.dllR2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-3-3 2454816]

 

Link to post
Share on other sites

Uninstall Search Protect if possible.

Start with this: (make sure you have created a new system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

MrC

Link to post
Share on other sites

# AdwCleaner v3.022 - Report created 21/03/2014 at 09:14:48
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : root - ESTELLE-PC
# Running from : C:\Users\Estelle\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Connect_DLC_5
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\Estelle\AppData\LocalLow\Connect_DLC_5
Folder Deleted : C:\Users\root\AppData\Local\Babylon
Folder Deleted : C:\Users\root\AppData\Local\Conduit
Folder Deleted : C:\Users\root\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\root\AppData\Local\PackageAware
Folder Deleted : C:\Users\root\AppData\Local\WhiteListing
Folder Deleted : C:\Users\root\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\root\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\root\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\382vmlaq.default\Smartbar
Folder Deleted : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\382vmlaq.default\ValueApps
Folder Deleted : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\382vmlaq.default\CT3306061
Folder Deleted : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\382vmlaq.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
Folder Deleted : C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
Folder Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
[!] Folder Deleted : C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
[!] Folder Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
File Deleted : \END
File Deleted : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\382vmlaq.default\searchplugins\Conduit.xml
File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0EEC638-EB3B-4EA0-B4B4-35166A3AB03A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0EEC638-EB3B-4EA0-B4B4-35166A3AB03A}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [backgroundContainer]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtect]
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{224C557E-3354-4B19-BA8E-23EDBDE5EB21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{083DEFA4-EC16-47B5-8A42-7C1D23EA27D4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Connect_DLC_5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Estelle\AppData\Roaming\Mozilla\Firefox\Profiles\mu38tnng.default-1359578179074\prefs.js ]


[ File : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\382vmlaq.default\prefs.js ]

Line Deleted : user_pref("CT3306061.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Deleted : user_pref("CT3306061.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.FirstTime", "true");
Line Deleted : user_pref("CT3306061.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3306061.UserID", "UN14493259715376150");
Line Deleted : user_pref("CT3306061.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.countryCode", "US");
Line Deleted : user_pref("CT3306061.defaultSearch", "true");
Line Deleted : user_pref("CT3306061.embeddedsData", "[{\"appId\":\"130158552044204297\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3306061.enableAlerts", "true");
Line Deleted : user_pref("CT3306061.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3306061.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN14493259715376150.IN.20131205164002");
Line Deleted : user_pref("CT3306061.installDate", "05/12/2013 16:40:05");
Line Deleted : user_pref("CT3306061.installSessionId", "{232F6AF1-0D82-47C4-BAFC-DDB759F77BF7}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3306061.installUsage", "2014-02-10T18:09:10.5214512+03:00");
Line Deleted : user_pref("CT3306061.installUsageEarly", "2014-02-10T18:09:09.3203744+03:00");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3306061.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3306061.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3306061.keyword", "true");

Line Deleted : user_pref("CT3306061.lastVersion", "10.22.5.10");
Line Deleted : user_pref("CT3306061.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3306061.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3306061%26octid%3DCT3306061%26SearchSource%3D15%26CUI%3DUN1[...]
Line Deleted : user_pref("CT3306061.openThankYouPage", "false");
Line Deleted : user_pref("CT3306061.openUninstallPage", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "about:home");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
Line Deleted : user_pref("CT3306061.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3306061.search.searchAppId", "130158552044204297");
Line Deleted : user_pref("CT3306061.search.searchCount", "0");
Line Deleted : user_pref("CT3306061.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3306061\"}");

Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Connect DLC 5 \"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_services_Configuration_lastUpdate", "1392044952108");
Line Deleted : user_pref("CT3306061.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1392044953145");
Line Deleted : user_pref("CT3306061.serviceLayer_services_appsMetadata_lastUpdate", "1392044953106");
Line Deleted : user_pref("CT3306061.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1392044952664");
Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1392044952138");
Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1392044953291");
Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.22.5.10_lastUpdate", "1392044953193");
Line Deleted : user_pref("CT3306061.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1392044952822");
Line Deleted : user_pref("CT3306061.serviceLayer_services_searchAPI_lastUpdate", "1392044952027");
Line Deleted : user_pref("CT3306061.serviceLayer_services_serviceMap_lastUpdate", "1392044951406");
Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarContextMenu_lastUpdate", "1392044952590");
Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarSettings_lastUpdate", "1392044951562");
Line Deleted : user_pref("CT3306061.serviceLayer_services_translation_lastUpdate", "1392044953121");
Line Deleted : user_pref("CT3306061.settingsINI", true);
Line Deleted : user_pref("CT3306061.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3306061.showToolbarPermission", "false");
Line Deleted : user_pref("CT3306061.smartbar.CTID", "CT3306061");
Line Deleted : user_pref("CT3306061.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.smartbar.toolbarName", "Connect DLC 5 ");
Line Deleted : user_pref("CT3306061.startPage", "true");
Line Deleted : user_pref("CT3306061.toolbarBornServerTime", "10-2-2014");
Line Deleted : user_pref("CT3306061.toolbarCurrentServerTime", "10-2-2014");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "05-12-2013 16:40:02");
Line Deleted : user_pref("CT3306061.toolbarLoginClientTime", "Mon Feb 10 2014 07:09:13 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1392044949261,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Connect DLC 5 Customized Web Search");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
Line Deleted : user_pref("browser.search.defaultenginename", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");

Line Deleted : user_pref("browser.search.selectedEngine", "Connect DLC 5 Customized Web Search");


Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "OJH9EINNA3MVNV4GZXAP7VUF2IZIA/HO8YHDBJRZDVEX3ZOQSNKEGIAG3AHMHGLJ/F/AGQOF3LUNT1I95GICTA");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_userBornDate.storedInFile", false);

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18407 octets] - [21/03/2014 09:07:43]
AdwCleaner[s0].txt - [18212 octets] - [21/03/2014 09:14:48]

########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [18273 octets] ##########
 

Link to post
Share on other sites

<?xml version="1.0" encoding="UTF-8"?>
<RCPscanlog>
  <RCPVERSION>6.21.65.2888</RCPVERSION>
  <ScanningDate>Fri. March 21, 2014. 10:03 AM</ScanningDate>
  <TotalErrorsFound>101</TotalErrorsFound>
<Scanning Section="ActiveX and COM"><Description>ActiveX and COM objects that are based on libraries no longer on your system.</Description><ErrorsInThisSection>2 Errors</ErrorsInThisSection>
<EntryDetails><Entry>IVBDataObject</Entry>
<Details>The key HKEY_CLASSES_ROOT\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib for this interface points to the missing type library {831FDD16-0C5C-11D2-A9FC-0000F8754DA1}. This subkey can be deleted for this interface.</Details></EntryDetails>
<EntryDetails><Entry>IVBDataObjectFiles</Entry>
<Details>The key HKEY_CLASSES_ROOT\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib for this interface points to the missing type library {831FDD16-0C5C-11D2-A9FC-0000F8754DA1}. This subkey can be deleted for this interface.</Details></EntryDetails>
</Scanning>
<Scanning Section="File Types"><Description>File types pointing to programs that are no longer on your system.</Description><ErrorsInThisSection>3 Errors</ErrorsInThisSection>
<EntryDetails><Entry>thunderbird</Entry>
<Details>The file type points to the missing program "C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe" "%1" in the key HKEY_CLASSES_ROOT\xpi_auto_file\shell\Read\command.</Details></EntryDetails>
<EntryDetails><Entry>Thunderbird Document</Entry>
<Details>The key HKEY_CLASSES_ROOT\ThunderbirdEML\DefaultIcon points to the missing icon C:\Program Files\Mozilla Thunderbird\thunderbird.exe,0. The reference should be deleted so that Windows does not try to find the icon.</Details></EntryDetails>
<EntryDetails><Entry>Thunderbird URL</Entry>
<Details>The key HKEY_CLASSES_ROOT\Thunderbird.Url.mailto\DefaultIcon points to the missing icon C:\Program Files\Mozilla Thunderbird\thunderbird.exe,0. The reference should be deleted so that Windows does not try to find the icon.</Details></EntryDetails>
</Scanning>
<Scanning Section="History lists"><Description>Some entries in the Windows and program history lists refer to missing files and can be deleted.</Description><ErrorsInThisSection>24 Errors</ErrorsInThisSection>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type . file (*.)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. when you wanted to open a file with the extension .. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .001SAVE file (*.001save)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001save when you wanted to open a file with the extension .001save. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .002SAVE file (*.002save)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002save when you wanted to open a file with the extension .002save. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .CH_ file (*.CH_)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CH_ when you wanted to open a file with the extension .CH_. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .CLX file (*.clx)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.clx when you wanted to open a file with the extension .clx. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .CRDOWNLOAD file (*.crdownload)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crdownload when you wanted to open a file with the extension .crdownload. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .CXF file (*.cxf)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cxf when you wanted to open a file with the extension .cxf. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .DM file (*.dm)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dm when you wanted to open a file with the extension .dm. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .DROPBOX file (*.dropbox)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dropbox when you wanted to open a file with the extension .dropbox. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .GZ file (*.gz)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gz when you wanted to open a file with the extension .gz. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .INFO file (*.info)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.info when you wanted to open a file with the extension .info. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .ITC2 file (*.itc2)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itc2 when you wanted to open a file with the extension .itc2. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .KMZ file (*.kmz)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kmz when you wanted to open a file with the extension .kmz. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .LOK file (*.LOK)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.LOK when you wanted to open a file with the extension .LOK. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .LST file (*.lst)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lst when you wanted to open a file with the extension .lst. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .MAN file (*.man)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.man when you wanted to open a file with the extension .man. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .MBXOLD file (*.mbxold)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mbxold when you wanted to open a file with the extension .mbxold. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .NNT file (*.nnt)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nnt when you wanted to open a file with the extension .nnt. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .RAM file (*.ram)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram when you wanted to open a file with the extension .ram. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .SAVE file (*.save)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.save when you wanted to open a file with the extension .save. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .SOL file (*.sol)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sol when you wanted to open a file with the extension .sol. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .SQM file (*.sqm)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sqm when you wanted to open a file with the extension .sqm. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .TIP file (*.tip)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tip when you wanted to open a file with the extension .tip. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .TOSAVE file (*.tosave)</Entry>
<Details>The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tosave when you wanted to open a file with the extension .tosave. As no data has been written in the key, it can be deleted.</Details></EntryDetails>
</Scanning>
<Scanning Section="Deep Scan"><Description>Invalid or orphaned references and pathways to system, application, and file settings.</Description><ErrorsInThisSection>23 Errors</ErrorsInThisSection>
<EntryDetails><Entry>Missing File ::SHAREDDIR:\ltchen22.dll</Entry>
<Details>The registry contains an entry for the font LotusChart under HKEY_LOCAL_MACHINE\software\Lotus\WordPro\98.0\lwptls.ini\Word Pro (EN) Servers that points to the missing file :SHAREDDIR:\ltchen22.dll.</Details></EntryDetails>
<EntryDetails><Entry>Missing File ::SHAREDDIR:\ltscsn13.dll,:SHAREDDIR:\lgln11.dll,:SHAREDDIR:\ltssn40.dll</Entry>
<Details>The registry contains an entry for the font PreloadDLLs under HKEY_LOCAL_MACHINE\software\Lotus\WordPro\98.0\lwptls.ini\Word Pro (EN) Servers\LotusChart that points to the missing file :SHAREDDIR:\ltscsn13.dll,:SHAREDDIR:\lgln11.dll,:SHAREDDIR:\ltssn40.dll.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :c:\1aace8ecbc91ae435b6d45\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} that points to the missing file c:\1aace8ecbc91ae435b6d45\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :c:\1b1ad1b45c9960d871e825c4\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118} that points to the missing file c:\1b1ad1b45c9960d871e825c4\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :c:\25b11437012329cbe1b69e8472fc\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} that points to the missing file c:\25b11437012329cbe1b69e8472fc\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\b77e6cd1d3417f08761489691daaae7a\sources\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{1374CC63-B520-4f3f-98E8-E9020BF01CFF} that points to the missing file C:\b77e6cd1d3417f08761489691daaae7a\sources\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :c:\bafa1acf37cbb9805761b6\x86\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{0CD47142-BA4F-46B0-AA92-2675864928B8} that points to the missing file c:\bafa1acf37cbb9805761b6\x86\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\c29b391f41614077f534a5\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{4903D172-DCCB-392F-93A3-34CA9D47FE3D} that points to the missing file C:\c29b391f41614077f534a5\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :c:\eb4da4cf394f3f5d66c321e1\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{388E4B09-3E71-4649-8921-F44A3A2954A7} that points to the missing file c:\eb4da4cf394f3f5d66c321e1\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\LOTUS\REGISTER\,C:\LOTUS\REGISTER\</Entry>
<Details>The registry contains an entry for the font  under HKEY_LOCAL_MACHINE\software\Classes\Pipeline\Remind\lot40106 that points to the missing file C:\LOTUS\REGISTER\,C:\LOTUS\REGISTER\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\IrfanView\i_view32.exe,0</Entry>
<Details>The registry contains an entry for the font  under HKEY_LOCAL_MACHINE\software\Classes\IrfanView.jls\DefaultIcon that points to the missing file C:\Program Files\IrfanView\i_view32.exe,0.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\IrfanView\i_view32.exe,0</Entry>
<Details>The registry contains an entry for the font  under HKEY_LOCAL_MACHINE\software\Classes\IrfanView.flv\DefaultIcon that points to the missing file C:\Program Files\IrfanView\i_view32.exe,0.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Qualcomm\plugins\PureVoice.exe, 1</Entry>
<Details>The registry contains an entry for the font  under HKEY_LOCAL_MACHINE\software\Classes\PureVoice\DefaultIcon that points to the missing file C:\Program Files\Qualcomm\plugins\PureVoice.exe, 1.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\ProgramData\Conduit\IE\CT3306061\SetupIcon.ico</Entry>
<Details>The registry contains an entry for the font DisplayIcon under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\IECT3306061 that points to the missing file C:\ProgramData\Conduit\IE\CT3306061\SetupIcon.ico.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe</Entry>
<Details>The registry contains an entry for the font UninstallString under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} that points to the missing file C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\AppData\Local\Temp\IXP394.TMP\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{79155F2B-9895-49D7-8612-D92580E0DE5B} that points to the missing file C:\Users\Estelle\AppData\Local\Temp\IXP394.TMP\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\root\AppData\Local\Adobe\Updater6\Install\ExpressRequests\reader9rdr-en_US\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2447-0000-900000000003} that points to the missing file C:\Users\root\AppData\Local\Adobe\Updater6\Install\ExpressRequests\reader9rdr-en_US\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\root\AppData\Local\Temp\is-VD2BA.tmp\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326} that points to the missing file C:\Users\root\AppData\Local\Temp\is-VD2BA.tmp\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\root\AppData\Local\Temp\IXP000.TMP\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c} that points to the missing file C:\Users\root\AppData\Local\Temp\IXP000.TMP\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\root\AppData\Local\Temp\IXP000.TMP\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} that points to the missing file C:\Users\root\AppData\Local\Temp\IXP000.TMP\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\root\AppData\Local\Temp\{E729E251-7A20-4FA7-94A6-8EF205832E7F}\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{67445E65-3D93-428F-83A5-446F7D02689A} that points to the missing file C:\Users\root\AppData\Local\Temp\{E729E251-7A20-4FA7-94A6-8EF205832E7F}\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Windows\TEMP\IXP000.TMP\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} that points to the missing file C:\Windows\TEMP\IXP000.TMP\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Windows\TEMP\IXP000.TMP\</Entry>
<Details>The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} that points to the missing file C:\Windows\TEMP\IXP000.TMP\.</Details></EntryDetails>
</Scanning>
<Scanning Section="Current User"><Description>Current User settings for installed programs may differ from System settings, be invalid, or orphaned.</Description><ErrorsInThisSection>49 Errors</ErrorsInThisSection>
<EntryDetails><Entry>Missing File :%SYSTEMDRIVE%\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe</Entry>
<Details>The registry contains an entry for the font VAppPath under HKEY_CURRENT_USER\Software\Microsoft\Virtual PC\VPCVApps\Windows XP Mode\2e8bc80b.Windows.XP.Mode that points to the missing file %SYSTEMDRIVE%\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :%SYSTEMDRIVE%\WINDOWS\system32\fxsclnt.exe</Entry>
<Details>The registry contains an entry for the font VAppPath under HKEY_CURRENT_USER\Software\Microsoft\Virtual PC\VPCVApps\Windows XP Mode\8e325055.Windows.XP.Mode that points to the missing file %SYSTEMDRIVE%\WINDOWS\system32\fxsclnt.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :%SYSTEMDRIVE%\WINDOWS\system32\fxssend.exe</Entry>
<Details>The registry contains an entry for the font VAppPath under HKEY_CURRENT_USER\Software\Microsoft\Virtual PC\VPCVApps\Windows XP Mode\7dfbe1e0.Windows.XP.Mode that points to the missing file %SYSTEMDRIVE%\WINDOWS\system32\fxssend.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\1</Entry>
<Details>The registry contains an entry for the font c under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU that points to the missing file C:\1.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :c:\dm.capture\</Entry>
<Details>The registry contains an entry for the font WriteCaptureDir under HKEY_CURRENT_USER\Software\Microsoft\MPEG2Demultiplexer that points to the missing file c:\dm.capture\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\Photoshop Album Starter Edition.exe</Entry>
<Details>The registry contains an entry for the font 11 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder that points to the missing file C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\Photoshop Album Starter Edition.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe</Entry>
<Details>The registry contains an entry for the font 12 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder that points to the missing file C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe</Entry>
<Details>The registry contains an entry for the font AltApplicationModulePath under HKEY_CURRENT_USER\Software\Tracker Software\PDFViewer.IBrowser\General that points to the missing file C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe</Entry>
<Details>The registry contains an entry for the font AltApplicationModulePath under HKEY_CURRENT_USER\Software\Tracker Software\PDFViewer\General that points to the missing file C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe</Entry>
<Details>The registry contains an entry for the font AppPath under HKEY_CURRENT_USER\Software\Microsoft\Virtual PC\VPCVApps\Windows XP Mode\2e8bc80b.Windows.XP.Mode that points to the missing file C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe</Entry>
<Details>The registry contains an entry for the font 4 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder that points to the missing file C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Ask.com\</Entry>
<Details>The registry contains an entry for the font InstallDir under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4035242801-2354223624-1984559072-1000\Software\AskToolbar\Macro that points to the missing file C:\Program Files\Ask.com\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\IrfanView\i_view32.exe</Entry>
<Details>The registry contains an entry for the font 7 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder that points to the missing file C:\Program Files\IrfanView\i_view32.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\LibreOffice 3.4\program\soffice.bin</Entry>
<Details>The registry contains an entry for the font 13 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder that points to the missing file C:\Program Files\LibreOffice 3.4\program\soffice.bin.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Mozilla Thunderbird\thunderbird.exe</Entry>
<Details>The registry contains an entry for the font 9 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder that points to the missing file C:\Program Files\Mozilla Thunderbird\thunderbird.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Mozilla Thunderbird\thunderbird.exe,0</Entry>
<Details>The registry contains an entry for the font  under HKEY_CURRENT_USER\Software\Classes\ThunderbirdEML\DefaultIcon that points to the missing file C:\Program Files\Mozilla Thunderbird\thunderbird.exe,0.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Mozilla Thunderbird\thunderbird.exe,0</Entry>
<Details>The registry contains an entry for the font  under HKEY_CURRENT_USER\Software\Classes\Thunderbird.Url.mailto\DefaultIcon that points to the missing file C:\Program Files\Mozilla Thunderbird\thunderbird.exe,0.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :c:\program files\new eudora\imap</Entry>
<Details>The registry contains an entry for the font Path#6 under HKEY_CURRENT_USER\Software\Qualcomm\Eudora\LaunchManager that points to the missing file c:\program files\new eudora\imap.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\users\1</Entry>
<Details>The registry contains an entry for the font g under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU that points to the missing file C:\users\1.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\users\Estelle\appdata\\1</Entry>
<Details>The registry contains an entry for the font f under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU that points to the missing file C:\users\Estelle\appdata\\1.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\AppData\Local\Temp\MAR0501_Digital_Booklet-1.pdf</Entry>
<Details>The registry contains an entry for the font FileName under HKEY_CURRENT_USER\Software\Tracker Software\PDFViewer\Documents\LastOpened\0029 that points to the missing file C:\Users\Estelle\AppData\Local\Temp\MAR0501_Digital_Booklet-1.pdf.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\AppData\Local\Temp\MAR0501_Digital_Booklet-2.pdf</Entry>
<Details>The registry contains an entry for the font FileName under HKEY_CURRENT_USER\Software\Tracker Software\PDFViewer\Documents\LastOpened\0028 that points to the missing file C:\Users\Estelle\AppData\Local\Temp\MAR0501_Digital_Booklet-2.pdf.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\AppData\LocalLow\AskToolbar\</Entry>
<Details>The registry contains an entry for the font DataDir under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4035242801-2354223624-1984559072-1000\Software\AskToolbar\Prefs that points to the missing file C:\Users\Estelle\AppData\LocalLow\AskToolbar\.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\AppData\Roaming\1</Entry>
<Details>The registry contains an entry for the font h under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU that points to the missing file C:\Users\Estelle\AppData\Roaming\1.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\AppData\Roaming\Microsoft\Proof\CUSTOM.DIC</Entry>
<Details>The registry contains an entry for the font WordCustomDictionary under HKEY_CURRENT_USER\Software\ABBYY\FineReader\11.00\Shell\Options\Text that points to the missing file C:\Users\Estelle\AppData\Roaming\Microsoft\Proof\CUSTOM.DIC.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\AppData\Roaming\Mozilla\Firefox\Profiles\u8p4342j.default\1</Entry>
<Details>The registry contains an entry for the font e under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU that points to the missing file C:\Users\Estelle\AppData\Roaming\Mozilla\Firefox\Profiles\u8p4342j.default\1.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :c:\users\estelle\appdata\roaming\qualcomm\eudora\imap</Entry>
<Details>The registry contains an entry for the font Path#3 under HKEY_CURRENT_USER\Software\Qualcomm\Eudora\LaunchManager that points to the missing file c:\users\estelle\appdata\roaming\qualcomm\eudora\imap.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Cache\SeagateDashboardDev.txt</Entry>
<Details>The registry contains an entry for the font DevLogFileName under HKEY_CURRENT_USER\Software\Seagate\Seagate DashBoard\Seagate DashBoard 2.0\Preferences\Log that points to the missing file C:\Users\Estelle\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Cache\SeagateDashboardDev.txt.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\NBDataBase.db</Entry>
<Details>The registry contains an entry for the font DataBasePath under HKEY_CURRENT_USER\Software\Seagate\Seagate DashBoard\Seagate DashBoard 2.0\Preferences\Cache that points to the missing file C:\Users\Estelle\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\NBDataBase.db.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\Documents\M&A1</Entry>
<Details>The registry contains an entry for the font Path0 under HKEY_CURRENT_USER\Software\ABBYY\FineReader\11.00\Shell\MainFrame\RecentFileList that points to the missing file C:\Users\Estelle\Documents\M&A1.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\Documents\Poetry  For Saul.pdf</Entry>
<Details>The registry contains an entry for the font FileName under HKEY_CURRENT_USER\Software\Tracker Software\PDFViewer\Documents\LastOpened\0020 that points to the missing file C:\Users\Estelle\Documents\Poetry  For Saul.pdf.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\Documents\Vi_eMail_List (1).pdf</Entry>
<Details>The registry contains an entry for the font FileName under HKEY_CURRENT_USER\Software\Tracker Software\PDFViewer\Documents\LastOpened\0016 that points to the missing file C:\Users\Estelle\Documents\Vi_eMail_List (1).pdf.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\Pictures\2010_12_01\IMG_0564_4.JPG</Entry>
<Details>The registry contains an entry for the font 98 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Users\Estelle\Pictures\2010_12_01\IMG_0564_4.JPG.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Estelle\Pictures\2010_12_01\IMG_0564_5.JPG</Entry>
<Details>The registry contains an entry for the font 99 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Users\Estelle\Pictures\2010_12_01\IMG_0564_5.JPG.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg</Entry>
<Details>The registry contains an entry for the font 105 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Public\Pictures\Sample Pictures\Desert.jpg</Entry>
<Details>The registry contains an entry for the font 106 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg</Entry>
<Details>The registry contains an entry for the font 107 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg</Entry>
<Details>The registry contains an entry for the font 108 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Public\Pictures\Sample Pictures\Koala.jpg</Entry>
<Details>The registry contains an entry for the font 109 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg</Entry>
<Details>The registry contains an entry for the font 110 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg</Entry>
<Details>The registry contains an entry for the font 111 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg</Entry>
<Details>The registry contains an entry for the font 112 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\root\AppData\Local\Mozilla Firefox</Entry>
<Details>The registry contains an entry for the font Install Directory under HKEY_CURRENT_USER\Software\Mozilla\Mozilla Firefox\18.0.2 (en-US)\Main that points to the missing file C:\Users\root\AppData\Local\Mozilla Firefox.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\root\AppData\Local\Mozilla Firefox\components</Entry>
<Details>The registry contains an entry for the font Components under HKEY_CURRENT_USER\Software\Mozilla\Mozilla Firefox 18.0.2\extensions that points to the missing file C:\Users\root\AppData\Local\Mozilla Firefox\components.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\root\AppData\Local\Mozilla Firefox\firefox.exe</Entry>
<Details>The registry contains an entry for the font PathToExe under HKEY_CURRENT_USER\Software\Mozilla\Mozilla Firefox 18.0.2\bin that points to the missing file C:\Users\root\AppData\Local\Mozilla Firefox\firefox.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\root\AppData\Local\Mozilla Firefox\firefox.exe</Entry>
<Details>The registry contains an entry for the font PathToExe under HKEY_CURRENT_USER\Software\Mozilla\Mozilla Firefox\18.0.2 (en-US)\Main that points to the missing file C:\Users\root\AppData\Local\Mozilla Firefox\firefox.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\Users\root\AppData\Local\Mozilla Firefox\plugins</Entry>
<Details>The registry contains an entry for the font Plugins under HKEY_CURRENT_USER\Software\Mozilla\Mozilla Firefox 18.0.2\extensions that points to the missing file C:\Users\root\AppData\Local\Mozilla Firefox\plugins.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\WINDOWS\system32\fxsclnt.exe</Entry>
<Details>The registry contains an entry for the font AppPath under HKEY_CURRENT_USER\Software\Microsoft\Virtual PC\VPCVApps\Windows XP Mode\8e325055.Windows.XP.Mode that points to the missing file C:\WINDOWS\system32\fxsclnt.exe.</Details></EntryDetails>
<EntryDetails><Entry>Missing File :C:\WINDOWS\system32\fxssend.exe</Entry>
<Details>The registry contains an entry for the font AppPath under HKEY_CURRENT_USER\Software\Microsoft\Virtual PC\VPCVApps\Windows XP Mode\7dfbe1e0.Windows.XP.Mode that points to the missing file C:\WINDOWS\system32\fxssend.exe.</Details></EntryDetails>
</Scanning>
</RCPscanlog>

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

FRC first.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Estelle (ATTENTION: The logged in user is not administrator) on ESTELLE-PC on 21-03-2014 15:26:26
Running from C:\Users\Estelle\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Dmailer S.A.) C:\Users\Estelle\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [449608 2011-08-31] (Malwarebytes Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\Run: [DBAgent] - C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-02-10] (Seagate Technology LLC)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [360448 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [262656 2010-11-20] (Microsoft Corporation)
HKLM\...\Runonce: [spUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-4035242801-2354223624-1984559072-1000\...\Run: [sanDiskSecureAccess_Manager.exe] - C:\Users\Estelle\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [31095432 2010-11-10] (Dmailer S.A.)
HKU\S-1-5-21-4035242801-2354223624-1984559072-1000\...\Run: [uploader] - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
HKU\S-1-5-21-4035242801-2354223624-1984559072-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4035242801-2354223624-1984559072-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-4035242801-2354223624-1984559072-1000\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C747BEE6D59CD01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Estelle\AppData\Roaming\Mozilla\Firefox\Profiles\mu38tnng.default-1359578179074
FF Homepage: https://www.google.com/calendar/render?pli=1&gsessionid=gctbkeQI9Mm_mAqAlMzBsQ
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Estelle\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Estelle\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

Chrome:
=======

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-30]
CHR Extension: (Send this page by email) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcamgnkjooghefjjfgfhnepedkodbgec [2012-07-21]
CHR Extension: (YouTube) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google Search) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Email this page (by Google)) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2012-07-21]
CHR Extension: (Share link via email) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2012-07-21]
CHR Extension: (Yet Another Google Bookmarks Extension) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnejaepfmacfdmhkplckpfdcjgbeode [2012-07-21]
CHR Extension: (Post Me) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjlnfbhplkdjihpdhgelilkkbfmloab [2012-07-21]
CHR Extension: (Google Wallet) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2012-07-22]
CHR Extension: (Gmail) - C:\Users\Estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Estelle\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-30]

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-10-12] (ABBYY)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [110592 2009-04-17] (Broadcom Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R2 BASFND; C:\Program Files\Broadcom\MgmtAgent\BASFND.sys [10480 2009-07-07] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2747424 2009-09-04] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22216 2011-08-31] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 15:26 - 2014-03-21 15:26 - 00016376 _____ () C:\Users\Estelle\Downloads\FRST.txt
2014-03-21 15:26 - 2014-03-21 15:26 - 00000000 ____D () C:\FRST
2014-03-21 15:25 - 2014-03-21 15:25 - 01145856 _____ (Farbar) C:\Users\Estelle\Downloads\FRST (1).exe
2014-03-21 15:24 - 2014-03-21 15:24 - 01145856 _____ (Farbar) C:\Users\Estelle\Downloads\FRST.exe
2014-03-21 09:55 - 2014-03-21 09:55 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\Systweak
2014-03-21 09:41 - 2014-03-21 09:55 - 00000270 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-03-21 09:41 - 2014-03-21 09:55 - 00000262 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-03-21 09:41 - 2014-03-21 09:41 - 00001014 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-03-21 09:41 - 2014-03-21 09:41 - 00000000 ____D () C:\Users\root\AppData\Roaming\systweak
2014-03-21 09:41 - 2014-03-21 09:41 - 00000000 ____D () C:\Program Files\RegClean Pro
2014-03-21 09:41 - 2014-03-19 12:12 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
2014-03-21 09:07 - 2014-03-21 09:15 - 00000000 ____D () C:\AdwCleaner
2014-03-21 09:05 - 2014-03-21 09:06 - 00830624 _____ ( ) C:\Users\Estelle\Downloads\DownloadManagerSetup.exe
2014-03-21 09:04 - 2014-03-21 09:04 - 01950720 _____ () C:\Users\Estelle\Downloads\AdwCleaner.exe
2014-03-20 22:16 - 2014-03-20 22:16 - 00002736 _____ () C:\Users\Estelle\Desktop\attach (2).zip
2014-03-20 12:23 - 2014-03-20 12:24 - 00013301 _____ () C:\Users\Estelle\Documents\Lothringer.odt
2014-03-20 09:14 - 2014-03-20 09:14 - 00002618 _____ () C:\Users\Estelle\Desktop\attach.zip
2014-03-19 20:36 - 2014-03-20 22:15 - 00005982 _____ () C:\Users\root\Desktop\attach.txt
2014-03-19 20:36 - 2014-03-19 20:36 - 00015434 _____ () C:\Users\root\Desktop\dds.txt
2014-03-19 10:43 - 2014-03-19 10:43 - 00022451 _____ () C:\Users\Estelle\Documents\RKkiller.odt
2014-03-19 10:20 - 2014-03-19 10:21 - 00004418 _____ () C:\Users\root\Documents\RKreport[0]_S_03192014_100433.txt
2014-03-19 10:04 - 2014-03-19 10:16 - 00004418 _____ () C:\Users\root\Desktop\RKreport[0]_S_03192014_100433.txt
2014-03-19 09:48 - 2014-03-19 09:48 - 00004385 _____ () C:\Users\root\Desktop\RKreport[0]_S_03192014_094839.txt
2014-03-19 09:46 - 2014-03-21 08:57 - 00000000 ____D () C:\Users\root\Desktop\RK_Quarantine
2014-03-18 09:24 - 2014-03-18 09:25 - 05198336 _____ () C:\Users\Estelle\Downloads\eco-tutorial.pps
2014-03-17 13:31 - 2014-03-17 13:31 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-03-12 22:14 - 2014-03-12 22:14 - 00008900 _____ () C:\Users\Estelle\Documents\poem rickets.odt
2014-03-12 22:13 - 2014-03-12 22:13 - 00017433 _____ () C:\Users\Estelle\Documents\santafefor terry.odt
2014-03-12 07:28 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 07:28 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 07:28 - 2014-02-28 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 07:28 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 07:28 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 07:28 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 07:28 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 07:28 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 07:28 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 07:28 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 07:28 - 2014-02-28 20:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 07:28 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 07:28 - 2014-02-28 20:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 07:28 - 2014-02-28 20:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 07:28 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 07:28 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 07:28 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 07:28 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 07:28 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 07:28 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 07:28 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 07:28 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 07:28 - 2014-02-06 18:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 07:28 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 07:28 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 07:28 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 07:28 - 2014-01-27 19:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 12:52 - 2014-03-13 17:28 - 00018220 _____ () C:\Users\Estelle\Documents\letter  pauldry.odt
2014-03-10 22:14 - 2014-03-10 22:14 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\Nero
2014-03-10 22:13 - 2014-03-10 22:13 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\Seagate
2014-03-10 22:11 - 2014-03-10 22:11 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2014-03-10 22:11 - 2014-03-10 22:11 - 00000000 ____D () C:\ProgramData\Nero
2014-03-10 22:11 - 2014-03-10 22:11 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-03-10 22:10 - 2014-03-10 22:10 - 00000000 ____D () C:\Program Files\Seagate
2014-03-10 22:07 - 2014-03-10 22:07 - 00000000 ____D () C:\Users\root\AppData\Roaming\Seagate
2014-03-10 22:07 - 2014-03-10 22:07 - 00000000 ____D () C:\ProgramData\Seagate
2014-03-10 22:03 - 2014-03-10 22:03 - 00000000 ____D () C:\Users\root\AppData\Roaming\Leadertech
2014-03-09 19:10 - 2014-03-09 19:10 - 00025730 _____ () C:\Users\Estelle\Documents\Fiction Horace.odt
2014-03-06 12:53 - 2014-03-06 16:00 - 00012542 _____ () C:\Users\Estelle\Documents\Taxes2013.odt
2014-03-05 18:05 - 2014-03-07 11:18 - 00014613 _____ () C:\Users\Estelle\Documents\Poetry wedding(old).odt
2014-02-26 22:28 - 2014-02-26 22:29 - 00000000 ____D () C:\Users\Estelle\AppData\Local\{B0FAB200-E79F-453E-9808-B8C7814160FA}
2014-02-25 11:51 - 2014-03-20 09:42 - 00021209 _____ () C:\Users\Estelle\Documents\Poetry Kipling.odt
2014-02-21 16:26 - 2014-02-21 16:26 - 00000040 _____ () C:\Users\Estelle\Downloads\agonistes.ram
2014-02-21 16:26 - 2014-02-21 16:26 - 00000040 _____ () C:\Users\Estelle\Downloads\agonistes (1).ram
2014-02-20 20:59 - 2014-02-20 20:59 - 00018707 _____ () C:\Users\Estelle\Documents\letter Omron.odt

==================== One Month Modified Files and Folders =======

2014-03-21 15:26 - 2014-03-21 15:26 - 00016376 _____ () C:\Users\Estelle\Downloads\FRST.txt
2014-03-21 15:26 - 2014-03-21 15:26 - 00000000 ____D () C:\FRST
2014-03-21 15:25 - 2014-03-21 15:25 - 01145856 _____ (Farbar) C:\Users\Estelle\Downloads\FRST (1).exe
2014-03-21 15:24 - 2014-03-21 15:24 - 01145856 _____ (Farbar) C:\Users\Estelle\Downloads\FRST.exe
2014-03-21 15:16 - 2009-07-13 21:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 15:16 - 2009-07-13 21:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 15:12 - 2010-08-01 21:04 - 01916795 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 15:11 - 2010-08-04 20:43 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-21 15:09 - 2010-08-04 20:43 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-21 15:08 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 15:08 - 2009-07-13 21:39 - 00154752 _____ () C:\Windows\setupact.log
2014-03-21 12:12 - 2013-08-18 20:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-21 12:10 - 2010-08-03 10:16 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-21 11:30 - 2013-12-22 18:13 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4035242801-2354223624-1984559072-1000UA.job
2014-03-21 09:55 - 2014-03-21 09:55 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\Systweak
2014-03-21 09:55 - 2014-03-21 09:41 - 00000270 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-03-21 09:55 - 2014-03-21 09:41 - 00000262 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-03-21 09:45 - 2010-08-01 22:45 - 00000000 ____D () C:\Users\root\AppData\Local\Mozilla
2014-03-21 09:41 - 2014-03-21 09:41 - 00001014 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-03-21 09:41 - 2014-03-21 09:41 - 00000000 ____D () C:\Users\root\AppData\Roaming\systweak
2014-03-21 09:41 - 2014-03-21 09:41 - 00000000 ____D () C:\Program Files\RegClean Pro
2014-03-21 09:15 - 2014-03-21 09:07 - 00000000 ____D () C:\AdwCleaner
2014-03-21 09:06 - 2014-03-21 09:05 - 00830624 _____ ( ) C:\Users\Estelle\Downloads\DownloadManagerSetup.exe
2014-03-21 09:04 - 2014-03-21 09:04 - 01950720 _____ () C:\Users\Estelle\Downloads\AdwCleaner.exe
2014-03-21 08:58 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-21 08:57 - 2014-03-19 09:46 - 00000000 ____D () C:\Users\root\Desktop\RK_Quarantine
2014-03-21 08:57 - 2010-08-29 23:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-21 08:57 - 2010-08-09 22:04 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-21 08:57 - 2010-08-01 22:20 - 00000000 ____D () C:\Users\root
2014-03-21 08:57 - 2010-08-01 21:11 - 00000000 ____D () C:\Users\Estelle
2014-03-21 08:57 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2014-03-21 08:57 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-20 22:16 - 2014-03-20 22:16 - 00002736 _____ () C:\Users\Estelle\Desktop\attach (2).zip
2014-03-20 22:15 - 2014-03-19 20:36 - 00005982 _____ () C:\Users\root\Desktop\attach.txt
2014-03-20 12:24 - 2014-03-20 12:23 - 00013301 _____ () C:\Users\Estelle\Documents\Lothringer.odt
2014-03-20 09:42 - 2014-02-25 11:51 - 00021209 _____ () C:\Users\Estelle\Documents\Poetry Kipling.odt
2014-03-20 09:14 - 2014-03-20 09:14 - 00002618 _____ () C:\Users\Estelle\Desktop\attach.zip
2014-03-19 20:36 - 2014-03-19 20:36 - 00015434 _____ () C:\Users\root\Desktop\dds.txt
2014-03-19 12:12 - 2014-03-21 09:41 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
2014-03-19 10:43 - 2014-03-19 10:43 - 00022451 _____ () C:\Users\Estelle\Documents\RKkiller.odt
2014-03-19 10:21 - 2014-03-19 10:20 - 00004418 _____ () C:\Users\root\Documents\RKreport[0]_S_03192014_100433.txt
2014-03-19 10:16 - 2014-03-19 10:04 - 00004418 _____ () C:\Users\root\Desktop\RKreport[0]_S_03192014_100433.txt
2014-03-19 09:48 - 2014-03-19 09:48 - 00004385 _____ () C:\Users\root\Desktop\RKreport[0]_S_03192014_094839.txt
2014-03-18 14:56 - 2010-09-24 15:35 - 00032817 ____H () C:\Users\Estelle\Documents\2.odt
2014-03-18 10:09 - 2010-08-18 09:31 - 00000000 ___HD () C:\Users\Estelle\AppData\Local\CutePDF Writer
2014-03-18 10:08 - 2014-01-31 19:11 - 00041111 _____ () C:\Users\Estelle\Documents\Juvenalall.odt
2014-03-18 09:48 - 2014-01-29 22:01 - 00022415 _____ () C:\Users\Estelle\Documents\Juvenal1.odt
2014-03-18 09:25 - 2014-03-18 09:24 - 05198336 _____ () C:\Users\Estelle\Downloads\eco-tutorial.pps
2014-03-17 19:58 - 2010-10-07 21:30 - 00000000 ____D () C:\Program Files\new eudora
2014-03-17 19:30 - 2013-12-22 18:13 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4035242801-2354223624-1984559072-1000Core.job
2014-03-17 13:31 - 2014-03-17 13:31 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-03-17 13:31 - 2013-12-22 18:13 - 00001222 _____ () C:\Users\Estelle\Desktop\Chromecast.lnk
2014-03-17 12:17 - 2011-10-12 21:25 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\SanDisk
2014-03-15 07:14 - 2011-07-25 15:04 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 08:04 - 2010-08-01 21:12 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 17:28 - 2014-03-11 12:52 - 00018220 _____ () C:\Users\Estelle\Documents\letter  pauldry.odt
2014-03-13 03:19 - 2009-07-13 21:33 - 00337648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 22:14 - 2014-03-12 22:14 - 00008900 _____ () C:\Users\Estelle\Documents\poem rickets.odt
2014-03-12 22:13 - 2014-03-12 22:13 - 00017433 _____ () C:\Users\Estelle\Documents\santafefor terry.odt
2014-03-10 22:14 - 2014-03-10 22:14 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\Nero
2014-03-10 22:13 - 2014-03-10 22:13 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\Seagate
2014-03-10 22:11 - 2014-03-10 22:11 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2014-03-10 22:11 - 2014-03-10 22:11 - 00000000 ____D () C:\ProgramData\Nero
2014-03-10 22:11 - 2014-03-10 22:11 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-03-10 22:10 - 2014-03-10 22:10 - 00000000 ____D () C:\Program Files\Seagate
2014-03-10 22:07 - 2014-03-10 22:07 - 00000000 ____D () C:\Users\root\AppData\Roaming\Seagate
2014-03-10 22:07 - 2014-03-10 22:07 - 00000000 ____D () C:\ProgramData\Seagate
2014-03-10 22:03 - 2014-03-10 22:03 - 00000000 ____D () C:\Users\root\AppData\Roaming\Leadertech
2014-03-10 11:18 - 2012-05-17 23:04 - 00011021 _____ () C:\Users\Estelle\Documents\where's.odt
2014-03-09 19:10 - 2014-03-09 19:10 - 00025730 _____ () C:\Users\Estelle\Documents\Fiction Horace.odt
2014-03-08 22:19 - 2010-08-04 20:31 - 00000000 ___RD () C:\Users\Estelle\Virtual Machines
2014-03-07 11:18 - 2014-03-05 18:05 - 00014613 _____ () C:\Users\Estelle\Documents\Poetry wedding(old).odt
2014-03-06 16:00 - 2014-03-06 12:53 - 00012542 _____ () C:\Users\Estelle\Documents\Taxes2013.odt
2014-03-05 08:05 - 2009-07-13 21:53 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-04 13:22 - 2014-01-29 21:56 - 00025764 _____ () C:\Users\Estelle\Documents\Juvenal3.odt
2014-02-28 21:30 - 2014-03-12 07:28 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 21:11 - 2014-03-12 07:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 21:10 - 2014-03-12 07:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 20:52 - 2014-03-12 07:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 20:51 - 2014-03-12 07:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-12 07:28 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 20:43 - 2014-03-12 07:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 20:43 - 2014-03-12 07:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 20:40 - 2014-03-12 07:28 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 20:38 - 2014-03-12 07:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 20:38 - 2014-03-12 07:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 20:37 - 2014-03-12 07:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 20:31 - 2014-03-12 07:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 20:25 - 2014-03-12 07:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 20:16 - 2014-03-12 07:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:14 - 2014-03-12 07:28 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:03 - 2014-03-12 07:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:00 - 2014-03-12 07:28 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 19:57 - 2014-03-12 07:28 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 19:32 - 2014-03-12 07:28 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 19:27 - 2014-03-12 07:28 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:25 - 2014-03-12 07:28 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 14:34 - 2010-10-23 21:32 - 00000000 ___HD () C:\Users\Estelle\AppData\Roaming\Apple Computer
2014-02-27 20:45 - 2012-01-11 23:16 - 00000000 ___RD () C:\Users\Estelle\Dropbox
2014-02-27 20:45 - 2012-01-11 22:35 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\Dropbox
2014-02-26 22:43 - 2012-12-09 20:19 - 01381888 ___SH () C:\Users\Estelle\Downloads\Thumbs.db
2014-02-26 22:29 - 2014-02-26 22:28 - 00000000 ____D () C:\Users\Estelle\AppData\Local\{B0FAB200-E79F-453E-9808-B8C7814160FA}
2014-02-26 22:29 - 2012-05-27 19:35 - 00000000 ____D () C:\Users\Estelle\AppData\Local\Windows Live
2014-02-26 21:59 - 2012-01-11 23:16 - 00001029 _____ () C:\Users\Estelle\Desktop\Dropbox.lnk
2014-02-26 21:59 - 2012-01-11 22:42 - 00000000 ____D () C:\Users\Estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-24 09:22 - 2010-10-01 08:07 - 01546752 ___SH () C:\Users\Estelle\Documents\Thumbs.db
2014-02-23 12:00 - 2013-06-10 10:42 - 00018701 _____ () C:\Users\Estelle\Documents\Submissionslibre.odt
2014-02-21 17:33 - 2014-01-15 08:54 - 00015565 _____ () C:\Users\Estelle\Documents\poetry  brainless.odt
2014-02-21 16:26 - 2014-02-21 16:26 - 00000040 _____ () C:\Users\Estelle\Downloads\agonistes.ram
2014-02-21 16:26 - 2014-02-21 16:26 - 00000040 _____ () C:\Users\Estelle\Downloads\agonistes (1).ram
2014-02-20 20:59 - 2014-02-20 20:59 - 00018707 _____ () C:\Users\Estelle\Documents\letter Omron.odt
2014-02-20 09:04 - 2014-01-08 11:06 - 00017375 _____ () C:\Users\Estelle\Documents\poetry onion.odt
2014-02-19 15:11 - 2014-02-17 11:12 - 00013368 _____ () C:\Users\Estelle\Documents\Poetry re Vi reading.odt
2014-02-19 09:13 - 2014-02-12 12:47 - 00011631 _____ () C:\Users\Estelle\Documents\LetterAJA.odt

Files to move or delete:
====================
C:\Users\Estelle\hjsplit.exe
C:\Users\Estelle\RAG3ED.EXE


Some content of TEMP:
====================
C:\Users\root\AppData\Local\Temp\3149nua.exe
C:\Users\root\AppData\Local\Temp\air2E77.exe
C:\Users\root\AppData\Local\Temp\air3AB8.exe
C:\Users\root\AppData\Local\Temp\air66A9.exe
C:\Users\root\AppData\Local\Temp\AskSLib.dll
C:\Users\root\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih(2).exe
C:\Users\root\AppData\Local\Temp\nsb4B3D.exe
C:\Users\root\AppData\Local\Temp\nsg2A23.exe
C:\Users\root\AppData\Local\Temp\nsgC337.exe
C:\Users\root\AppData\Local\Temp\nsl99F1.exe
C:\Users\root\AppData\Local\Temp\nslB62C.exe
C:\Users\root\AppData\Local\Temp\nsqC98.exe
C:\Users\root\AppData\Local\Temp\nsrC1E3.exe
C:\Users\root\AppData\Local\Temp\Quarantine.exe
C:\Users\root\AppData\Local\Temp\setup.exe
C:\Users\root\AppData\Local\Temp\solinstall.exe
C:\Users\root\AppData\Local\Temp\SPStub.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Where is FRST.exe?

Where ever FRST.exe is, that's where you have to have Fixlist.txt.

Right click on Fixlist.txt and choose Copy, navigate to where ever FRST.exe is and right click and choose Paste.

Now they are both in the same place, run FRST.exe and click FIX once.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Estelle at 2014-03-22 07:36:24 Run:1
Running from C:\Users\Estelle\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [262656 2010-11-20] (Microsoft Corporation)
HKLM\...\Runonce: [spUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
GroupPolicyUsers\S-1-5-21-4035242801-2354223624-1984559072-1000\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
AlternateDataStreams: C:\Users\Estelle\hallscan.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Estelle\hallscan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Estelle\opera news.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Estelle\opera news.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Estelle\opera news2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Estelle\opera news2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Estelle\Downloads\Fwd_ un angel.eml:OECustomProperty
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => ?
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => ?
C:\Users\root\AppData\Local\Temp\3149nua.exe
C:\Users\root\AppData\Local\Temp\air2E77.exe
C:\Users\root\AppData\Local\Temp\air3AB8.exe
C:\Users\root\AppData\Local\Temp\air66A9.exe
C:\Users\root\AppData\Local\Temp\AskSLib.dll
C:\Users\root\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih(2).exe
C:\Users\root\AppData\Local\Temp\nsb4B3D.exe
C:\Users\root\AppData\Local\Temp\nsg2A23.exe
C:\Users\root\AppData\Local\Temp\nsgC337.exe
C:\Users\root\AppData\Local\Temp\nsl99F1.exe
C:\Users\root\AppData\Local\Temp\nslB62C.exe
C:\Users\root\AppData\Local\Temp\nsqC98.exe
C:\Users\root\AppData\Local\Temp\nsrC1E3.exe
C:\Users\root\AppData\Local\Temp\Quarantine.exe
C:\Users\root\AppData\Local\Temp\setup.exe
C:\Users\root\AppData\Local\Temp\solinstall.exe
C:\Users\root\AppData\Local\Temp\SPStub.exe

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallCleanUp => Unable to delete value
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Unable to delete value

"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4035242801-2354223624-1984559072-1000\User" directory move:

Could not move "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4035242801-2354223624-1984559072-1000\User\Registry.pol" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4035242801-2354223624-1984559072-1000\User" directory. => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll not found.
C:\Users\Estelle\hallscan.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Estelle\hallscan.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Estelle\opera news.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Estelle\opera news.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Estelle\opera news2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Estelle\opera news2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Estelle\Downloads\Fwd_ un angel.eml => ":OECustomProperty" ADS removed successfully.
Could not move "C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\RegClean Pro_DEFAULT.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\RegClean Pro_UPDATES.job" => Scheduled to move on reboot.
C:\Users\root\AppData\Local\Temp\3149nua.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\air2E77.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\air3AB8.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\air66A9.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\root\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih(2).exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\nsb4B3D.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\nsg2A23.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\nsgC337.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\nsl99F1.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\nslB62C.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\nsqC98.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\nsrC1E3.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\solinstall.exe => Moved successfully.
C:\Users\root\AppData\Local\Temp\SPStub.exe => Moved successfully.
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.