Solved When I log in, the address automatically goes to: search.

Dell Inspiron desktop - 4gb memory - 500...
November 14, 2014 at 20:46:36
Specs: Windows 8.1 , Intel R Core; 2 Duo CPUl 4.0 GN; 64 bits
conduit.com in either Explorer, Google Chrome and Mozilla? How do I permanently remove this
address - search.conduit.com from my desktop computer?

See More: When I log in, the address automatically goes to: search.

Report •

#1
November 14, 2014 at 21:14:54
Check programs and if found, uninstall it.
Check browser add ons and if it is there, disable it there.
Install, update, and run Malwarebytes. Then remove all it finds. Post results.
Check the home page that your browser is set to, if it is their site, navigate to your preferred site and tell your browser to 'use current page' as your home page.
Click on the down arrow at the left of the search bar and select your preferred search engine (Google, etc.).

You have to be a little bit crazy to keep you from going insane.


Report •

#2
November 14, 2014 at 22:04:19
✔ Best Answer
After Copying & Pasting the results of the Malwarebytes scan in your next post, run these.

There will be more steps needed after I see the results of these logs.

Run both of these, in this order.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#3
November 15, 2014 at 08:56:18
Thanks, Johnw. I started to download in sequence all the links your provided and I am only in the the 1st of the 2 parts link apps group. It takes really a long time waiting for all the downloads and corrections of the errors defined by the app(s). I will get there.

Question: Can I remove the "search.conduit.com" malware completely if I totally rebooted and re-installed my OS "windows 8.1" ? And, on my laptop, can I reboot and bring this
laptop to the Factory's Original Setup to remove that "search.conduit.com" infection?


Report •

Related Solutions

#4
November 15, 2014 at 09:39:28
Reboot just means to power off then on again. Most likely factory restore would fix it but it seems a big gun to bear on this issue. You are only downloading and running two programs at present, which you should be able to complete well inside 30 minutes. It would take you a lot longer to restore all your own data and programs if you went for factory restore.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#5
November 15, 2014 at 14:17:56
Will wait to see what action you take raycuadro, if you continue with my tools, the logs will reveal all.

Tools that you can't get to run, can be substituted with others. Just a matter of outsmarting the nasties.


Report •

#6
November 17, 2014 at 00:16:00
Hi Johnw, Below are the two apps that were deleted when I run the JRT.exe, but I still have the - search.conduit.com when I use my chrome browser. I don't have it on my
Mozilla browser though. Any suggestions on taking out that "search.conduit" from
my Chrome browser? Otherwise, I will just delete the Chrome and stick with my
Mozilla..
Thanks for the help, though.


Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\Ray\AppData\Roaming\sparktrust"


Report •

#7
November 17, 2014 at 00:19:37
Hi raycuadro, did you run AdwCleaner?
If so, log please.

Report •

#8
November 17, 2014 at 00:43:02
Hi Johnw, below is the result of AdwCleaner.....
Raycuadro


# AdwCleaner v4.101 - Report created 17/11/2014 at 00:34:57
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Ray - RAYC-PC
# Running from : C:\Users\Ray\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [2315 octets] - [12/11/2014 01:13:00]
AdwCleaner[R1].txt - [14295 octets] - [12/11/2014 10:14:51]
AdwCleaner[R2].txt - [14417 octets] - [12/11/2014 20:09:03]
AdwCleaner[R3].txt - [1185 octets] - [15/11/2014 13:46:00]
AdwCleaner[R4].txt - [1337 octets] - [15/11/2014 18:45:02]
AdwCleaner[R5].txt - [1367 octets] - [17/11/2014 00:29:49]
AdwCleaner[S0].txt - [2324 octets] - [12/11/2014 01:24:35]
AdwCleaner[S1].txt - [14471 octets] - [12/11/2014 10:17:15]
AdwCleaner[S2].txt - [14593 octets] - [12/11/2014 20:10:21]
AdwCleaner[S3].txt - [1249 octets] - [15/11/2014 13:48:01]
AdwCleaner[S4].txt - [1403 octets] - [15/11/2014 18:46:36]
AdwCleaner[S5].txt - [1289 octets] - [17/11/2014 00:34:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1349 octets] ##########


Report •

#9
November 17, 2014 at 00:48:46
Thanks, AdwCleaner nice & clean.

Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif


Report •

#10
November 17, 2014 at 13:39:05
johnw I did the MBAM again this a.m. after a restart and it did not get any results. The first time I did, I save the results in Quarantine and in my Clipboard but cannot now get to the Clipboard (don't know how). (Then, I clicked the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.)
http://i.imgur.com/dZgt1g2.gif

The screen said - No malicious items found after scan. Went to Settings for Detections and Protections and the rootkits but there was no place to click to start. I restarted the computer and checked if the - search.conduit.com which still showed, meaning, I have not completely followed your instructions. Sorry.


Report •

#11
November 17, 2014 at 13:50:09
In Win 8.1 you can paste things from the clipboard in the normal way. Since Vista there has been no provided means to view the clipboard contents (clipboard viewer) but there are third party freebies that will give you that facility if you want it. Pictures, for example, can of-course be pasted into your Word Processor or Paint.

The MalwareBytes rootkits selection is just a tick box. Once you've put the tick in you run the program and it will then include a check for rootkits.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#12
November 17, 2014 at 13:59:36
"after a restart and it did not get any results. The first time I did, I save the results in Quarantine and in my Clipboard"
Bypass clipboard now raycuadro & get the latest & the previous logs please.
Refer this SS ( screenshot )
http://i.imgur.com/eLcvyZD.gif

To get rid of conduit is not a 1 or 2 step process, we will get there eventually.


Report •

#13
November 17, 2014 at 15:47:36
Refer this SS ( screenshot )
http://i.imgur.com/eLcvyZD.gif

I run the app above and I got the Application Logs but I cannot copy and send it to you. What is my next step so I can transmit that Application Logs result?


Report •

#14
November 17, 2014 at 15:49:52
Derek, Thanks also for keeping tab what I am trying to do.....

Report •

#15
November 17, 2014 at 15:55:27
"but I cannot copy"
Don't know why, lets move on.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#16
November 17, 2014 at 20:10:26
Hi Johnw, Below is the Report of the Rogue Killer app by Adlice Software.
raycuadro

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Ray [Administrator]
Mode : Scan -- Date : 11/17/2014 17:05:33

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] Dashlane.exe -- C:\Users\Ray\AppData\Roaming\Dashlane\Dashlane.exe[7] -> Killed [TermProc]
[Suspicious.Path] DashlanePlugin.exe -- C:\Users\Ray\AppData\Roaming\Dashlane\DashlanePlugin.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2488777864-499929627-782514294-1001\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\Ray\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2488777864-499929627-782514294-1001\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\Ray\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7501AAES-75W7A0 +++++
--- User ---
[MBR] 0bd43e6b987b2859ec5b72e6f935a24f
[BSP] f5849a5f6673febe5c1f2f779910b8d1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 715052 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


Report •

#17
November 17, 2014 at 20:31:19
Next step.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#18
November 18, 2014 at 00:39:20
Hey Johnw,

I tried and run the Combofix apps. But, for some reason, the process took me too long and have not really done much - frustrating.

Thanks for all the time you spent stirring me to the right path but I finally said it is not worth the stress. I plan to just eliminate Chrome since it is the only infected Browser. The Monzilla and the Internet Explorer do not show the "search.conduit" pest.

Again, thanks a lot.

raycuadro


Report •

#19
November 18, 2014 at 00:44:50
Thanks Derek for the help so I can remove the "Search.conduit.com" pest.

raycuadro


Report •

#20
November 18, 2014 at 00:51:59
After uninstalling Chrome, use this to double check it's gone.

Please download SystemLook from one of the links below and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://jpshortstuff.247fixes.com/Sy...
http://jpshortstuff.247fixes.com/Sy...
http://images.malwareremoval.com/jp...
Double-click SystemLook.exe to run it.
Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following into the main textfield:

:filefind
*conduit*
:folderfind
*conduit*
:regfind
conduit

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please Copy & Paste the contents of the log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Report •

#21
November 18, 2014 at 01:39:13
when I click on "look", a screen comes out that says - SystemLook - Error. Script required.

Report •

#22
November 18, 2014 at 01:58:20
Have you right clicked on SystemLook.exe & selected > Run As Administer?

message edited by Johnw


Report •

#23
November 18, 2014 at 02:04:56
Yes.. Right Clicked and run as Administrator. Tried it again and got
the same results - Systemlook error script required.

Report •

#24
November 18, 2014 at 02:14:35
That sounds like you are not Copying & Pasting the script into the textbox.

The script is:

:filefind
*conduit*
:folderfind
*conduit*
:regfind
conduit


Report •

#25
November 18, 2014 at 02:21:42
Refer SS ( Screenshot )
http://i.imgur.com/CaJ7H0p.gif

Report •

#26
November 18, 2014 at 12:33:11
SystemLook 30.07.11 by jpshortstuff
Log created at 12:17 on 18/11/2014 by Ray
Administrator - Elevation successful

========== filefind ==========

Searching for "*conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1339720 bytes [22:10 07/10/2014] [22:10 07/10/2014] 372942114D93D63B052A08BA3E30C85E

========== folderfind ==========

Searching for "*conduit*"
No folders found.

========== regfind ==========

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"09699DDB14539164D9A2C3DD3B1EF5E9"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

-= EOF =-


Report •

#27
November 18, 2014 at 12:36:13
As you can see, you still have conduit in the system.
I can dig deeper if you want.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#28
November 18, 2014 at 13:04:53
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Ray at 2014-11-18 13:01:55
Running from C:\Users\Ray\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2488777864-499929627-782514294-1001\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dashlane (HKU\S-1-5-21-2488777864-499929627-782514294-1001\...\Dashlane) (Version: 3.0.7.74002 - Dashlane SAS)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Linkey (HKU\S-1-5-21-2488777864-499929627-782514294-1001\...\Linkey) (Version: 0.0.0.599 - Aztec Media Inc) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiPony 2.0.2 (HKLM-x32\...\MiPony) (Version: 2.0.2 - )
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage) <==== ATTENTION
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.14591 - Aztec Media Inc) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

05-11-2014 04:32:14 Restore Operation
11-11-2014 17:58:05 Windows Update
15-11-2014 07:08:20 Installed AVG 2015
15-11-2014 07:08:42 Installed AVG 2015
16-11-2014 03:22:02 11.15.14 - Tried Correction of Search.conduit
18-11-2014 00:46:05 Installed CrashPlan

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DD1B19C-67EB-4935-B633-A224A68AB801} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {17AAF375-C26B-49A4-A27B-DE5B8877129F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {45B113D3-9F78-47BB-A721-A11C5FF305BA} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {5CD589A7-109D-4BC2-BDE1-E590173C258C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {9D5C1ECC-E5DB-4EC0-AFC8-0FEF4F178322} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A5149D6E-0D57-42DC-816D-C19727322EEE} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {B0CABCA1-137A-4887-9606-C0401274BBC7} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-11-10] (Reimage®) <==== ATTENTION
Task: {CC3D5315-38B0-4B51-A2B0-B6F09AB6EFC9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-10 06:56 - 2014-11-10 06:56 - 06745440 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2014-10-22 20:36 - 2014-10-22 20:37 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-10-22 19:11 - 2014-11-14 16:15 - 00219832 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\Dashlane.exe
2014-10-22 19:11 - 2014-11-14 16:15 - 00225464 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\DashlanePlugin.exe
2014-10-25 08:58 - 2014-10-25 08:58 - 00472576 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\54858f69068e1e805f42ea68d01f056e\VistaBridgeLibrary.ni.dll
2014-11-18 12:54 - 2014-11-13 03:01 - 00668688 _____ () C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-17 16:13 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-11-17 16:13 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2014-10-27 19:32 - 2014-10-21 20:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 19:32 - 2014-10-21 20:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 19:32 - 2014-10-21 20:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 19:32 - 2014-10-21 20:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-11-14 16:13 - 2014-11-14 16:13 - 00292024 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.0.7.74002.dll
2014-11-14 16:13 - 2014-11-14 16:13 - 00410296 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.0.7.74002.dll
2014-11-14 16:14 - 2014-11-14 16:14 - 00426168 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.0.7.74002.dll
2014-11-14 16:13 - 2014-11-14 16:13 - 30337720 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.0.7.74002.dll
2014-11-14 16:14 - 2014-11-14 16:14 - 00266936 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.0.7.74002.dll
2014-11-14 16:13 - 2014-11-14 16:13 - 05763256 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.0.7.74002.dll
2014-11-14 16:13 - 2014-11-14 16:13 - 06092472 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.0.7.74002.dll
2014-11-14 16:13 - 2014-11-14 16:13 - 12174008 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.0.7.74002.dll
2014-11-14 16:13 - 2014-11-14 16:13 - 02047672 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.0.7.74002.dll
2014-11-14 16:13 - 2014-11-14 16:13 - 00183992 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.0.7.74002.dll
2014-11-18 12:54 - 2014-11-13 03:01 - 00493072 _____ () C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll
2014-11-10 23:06 - 2014-11-06 16:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Ray\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"

========================= Accounts: ==========================

Administrator (S-1-5-21-2488777864-499929627-782514294-500 - Administrator - Disabled)
Guest (S-1-5-21-2488777864-499929627-782514294-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2488777864-499929627-782514294-1005 - Limited - Enabled)
Ray (S-1-5-21-2488777864-499929627-782514294-1001 - Administrator - Enabled) => C:\Users\Ray

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 00:55:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1e68
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (11/18/2014 00:36:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname RayC-PC.local already in use; will try RayC-PC-2.local instead

Error: (11/18/2014 00:36:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 RayC-PC.local. Addr 10.0.0.2

Error: (11/18/2014 00:36:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.19:5353 4 RayC-PC.local. Addr 10.0.0.19

Error: (11/18/2014 00:36:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 RayC-PC.local. AAAA FE80:0000:0000:0000:D084:98A4:0BFC:0EA5

Error: (11/18/2014 00:36:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.19:5353 4 RayC-PC.local. Addr 10.0.0.19

Error: (11/18/2014 00:36:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 RayC-PC.local. AAAA 2601:0009:1C00:0CAD:C964:C144:9A3F:8F76

Error: (11/18/2014 00:36:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.19:5353 4 RayC-PC.local. Addr 10.0.0.19

Error: (11/18/2014 00:36:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 RayC-PC.local. AAAA 2601:0009:1C00:0CAD:D084:98A4:0BFC:0EA5

Error: (11/18/2014 00:36:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.19:5353 4 RayC-PC.local. Addr 10.0.0.19


System errors:
=============
Error: (11/18/2014 00:55:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The SmdmF Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/18/2014 00:23:18 PM) (Source: DCOM) (EventID: 10010) (User: RAYC-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/18/2014 00:23:18 PM) (Source: DCOM) (EventID: 10010) (User: RAYC-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/18/2014 02:09:03 AM) (Source: DCOM) (EventID: 10010) (User: RAYC-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/18/2014 02:09:03 AM) (Source: DCOM) (EventID: 10010) (User: RAYC-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/18/2014 00:27:32 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RAYC-PC :0" could not be registered on the interface with IP address 10.0.0.2.
The computer with the IP address 10.0.0.19 did not allow the name to be claimed by
this computer.

Error: (11/18/2014 00:27:32 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RAYC-PC :0" could not be registered on the interface with IP address 10.0.0.2.
The computer with the IP address 10.0.0.19 did not allow the name to be claimed by
this computer.

Error: (11/18/2014 00:27:31 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2014 00:27:31 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RAYC-PC :20" could not be registered on the interface with IP address 10.0.0.2.
The computer with the IP address 10.0.0.19 did not allow the name to be claimed by
this computer.

Error: (11/18/2014 00:27:28 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "RAYC-PC :0" could not be registered on the interface with IP address 10.0.0.2.
The computer with the IP address 10.0.0.19 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (11/10/2014 09:12:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 332 seconds with 180 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-11-18 01:43:23.812
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-14 22:29:44.731
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-14 22:29:44.643
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-14 10:37:47.478
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-12 08:37:35.017
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-11 16:37:17.575
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-11 16:37:17.394
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-09 13:01:06.838
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-04 20:18:24.199
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-04 20:18:24.123
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 55%
Total physical RAM: 4060.98 MB
Available physical RAM: 1786.88 MB
Total Pagefile: 5660.98 MB
Available Pagefile: 3100.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.29 GB) (Free:653.84 GB) NTFS
Drive e: (KINGS 32GB) (Removable) (Total:29.05 GB) (Free:9.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 48E2F468)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.3 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


Report •

#29
November 18, 2014 at 13:32:08
http://www62.zippyshare.com/v/52609...

Report •

#30
November 18, 2014 at 16:23:54
"Running from C:\Users\Ray\Downloads"

You did not follow instructions, probably the reason Combofix would not run properly.
No one is expected to remember instructions, are you printing or writing them down?
I got 2 copies of Additional, none of FRST.

Follow these SS & run FRST again please. Wait for Update to finish.
http://i.imgur.com/EbRxp6k.gif
http://i.imgur.com/PYPPcF0.gif
http://i.imgur.com/yUxNw0j.gif

message edited by Johnw


Report •

#31
November 18, 2014 at 19:34:28
http://www57.zippyshare.com/v/49164...

Above is the link for the FRST.. Will re run the Combofix and see if I have completely
followed instructions.


Report •

#32
November 18, 2014 at 19:36:24
"Combofix and see if I have completely followed instructions"
There are about 50 stages.

Report •

#33
November 20, 2014 at 03:02:02
"Will re run the Combofix"
Just in case there is any confusion, I am waiting to see if you have got a log.

Report •

#34
November 21, 2014 at 02:04:24
C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...

The apps above read my OS as Win 2000 and it does not work. Any suggestions.


Report •

#35
November 21, 2014 at 02:08:28
" Any suggestions"
My mistake, Combofix does not work on W8. Sorry.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
AlternateDataStreams: C:\Users\Ray\OneDrive:ms-properties
Linkey (HKU\S-1-5-21-2488777864-499929627-782514294-1001\...\Linkey) (Version: 0.0.0.599 - Aztec Media Inc) <==== ATTENTION
Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage) <==== ATTENTION
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.14591 - Aztec Media Inc) <==== ATTENTION
Task: {A5149D6E-0D57-42DC-816D-C19727322EEE} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {B0CABCA1-137A-4887-9606-C0401274BBC7} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-11-10] (Reimage®) <==== ATTENTION
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/searc...
HKLM-x32\...\Run: [] => [X]
S3 cpuz134; \??\C:\Users\Ray\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (No File)
C:\Users\Ray\AppData\Local\Temp\ose00000.exe
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP4F7C90B0-DB9F-4430-B174-2BB8ECD3ADCB&SSPV=21820TA_sp_ch
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP4F7C90B0-DB9F-4430-B174-2BB8ECD3ADCB&SSPV=21820TA_sp_ch", "hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN16867026541586318&UM=2", "hxxp://start.sweetpacks.com/?barid={A7564A0E-DAFF-11E2-BE67-0025648B1FD5}&src=10&crg=3.5000006.10042&st=23", "hxxp://start.sweetpacks.com/?barid={296F985C-ECD4-11E2-BE67-0025648B1FD5}&src=10&crg=3.5000006.10045&st=23", "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-352&t=4", "hxxp://mysearch.avg.com/?cid={EEE2DBD0-91AA-45BB-81FE-977DFDEED3E1}&mid=43295d4f320a47d39dd2d16c226ff626-9d10ca23de3a751ddf830e7849622a6f8de43d9e&lang=en&ds=ts018&pr=sa&d=2013-08-26%2020:56:33&v=15.3.0.10&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com/?cid={189F68BB-6520-4533-A707-F9BB7D8CFB0C}&mid=c61bd56964f047d39dddd16c226ff626-9d10ca23de3a751ddf830e7849622a6f8de43d9e&lang=en&ds=dn011&pr=sa&d=2013-10-11%2020:51:41&v=17.1.0.25&pid=safeguard&sg=0&sap=hp", "hxxp://www.google.com/", "hxxp://mysearch.avg.com/?cid={189F68BB-6520-4533-A707-F9BB7D8CFB0C}&mid=c61bd56964f047d39dddd16c226ff626-9d10ca23de3a751ddf830e7849622a6f8de43d9e&lang=en&ds=dl011&coid=avgtbdisdl&pr=sa&d=2013-10-15%2019:32:54&v=17.0.0.12&pid=safeguard&sg=0&sap=hp", "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN55196080832744185&UM=2", "hxxp://search.conduit.com/?ctid=CT3298573&SearchSource=48&CUI=UN76974045218078254&UM=2", "hxxp://search.conduit.com/?ctid=CT3303000&SearchSource=48&CUI=UN28403043572407211&UM=2", "hxxp://start.mysearchdial.com/?f=1&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyDtC0CzztDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=458326272&ir=", "hxxp://search.yahoo.com/?type=293224&fr=spigot-yhp-ch", "hxxp://search.conduit.com/?ctid=CT3314198&SearchSource=48&CUI=UN28998813774052965&UM=2", "hxxp://search.conduit.com/?ctid=CT3303000&SearchSource=48&CUI=UN25710326771444419&UM=2", "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20131044,20033,0,25,0", "hxxp://search.yahoo.com/?type=293224&fr=spigot-yhp-ch", "hxxp://search.conduit.com/?ctid=CT3310511&SearchSource=48&CUI=UN22983361846309434&UM=2", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36218076932958817&UM=2", "hxxp://search.yahoo.com/?type=617686&fr=spigot-yhp-ch", "hxxp://search.findwide.com/?guid={0037E7CE-4DE2-4167-9769-57591D126EFA}&serpv=22", "hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN24589446942809925&UM=2&UP=SP318E2B76-6E20-4382-841A-193A350BCCCD&SSPV=", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP5ADAE15D-3A3D-4117-90FC-C27148DA690F&SSPV=", "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3323128&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9DD5E181-B0CE-4BEF-85EC-FB1C0F2DBF46&SSPV=", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP9DD5E181-B0CE-4BEF-85EC-FB1C0F2DBF46&SSPV=", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SPF7BCD11B-7F05-40CF-B5B7-DE9F60368365&SSPV=T21020A_sp_ch", "", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP770CF4C4-D16C-4058-B1BF-C4C837BA89DB&SSPV=", "hxxp://www.amazon.com/websearch/ref=bit_bds-p23_serp_cr_us_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_e2d773a4387f4d81b20bed3e8918a64e_39_1006_20140508_US_cr_sp_32352", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-15&ent=hp&u=46A9874A993BB1434DD9E55374FBAC44", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP1B6AF6FC-80A0-4EE8-BA5C-E51021EF1EFF&SSPV=", "hxxp://www.default-search.net/?sid=492&aid=169&itype=n&ver=12565&tm=372&src=hmp", "hxxp://speedial.com/?f=1&a=spd_dnldstr_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyDtCtBzzyDtN0D0Tzu0SzzzytDtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyCtDyE0E0EtDyDtCtGtA0FzzzytGyE0EtA0DtGyCzyyD0AtGyByDtCyEyByEyB0F0FtB0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0B0ByB0AtBzztBtG0C0C0FtBtGtDzztD0DtGyCtB0ByCtGyDtC0C0FyD0EtBtD0F0DtA0A2Q&cr=1823922489&ir=", "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,%20203,%200_0,%20StartPage,%2020131044,%2020033,%200,%2025,%200", "https://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20140835,20033,0,31,0", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP4F7C90B0-DB9F-4430-B174-2BB8ECD3ADCB&SSPV=", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyD0DzzyDyBtN0D0Tzu0StCtDtCtCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StA0E0AtDzytDyEyDtGyC0ByC0DtGtAyB0ByCtGyDyByEtDtGyBtCyC0DyEyBtAtA0DtB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0D0D0CyDtDzztGzy0BtA0CtGyE0AzztAtG0AtAzytAtG0F0AyE0B0EyCzzzzzyyB0D0F2Q&cr=1215931763&ir=", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyD0DzzyDyBtN0D0Tzu0StCtDtBtCtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyCtCyBzyzzyEtCyCtG0DzzyC0EtGtAtCzyyCtG0DtA0CzytGyB0AtDyEyEtC0A0CzyyB0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0B0BtD0D0FtD0AtGtBtC0CzytGyE0BzzzytG0B0CyByDtGzy0DtD0E0DyBtA0BzyyB0D0F2Q&cr=898590603&ir=", "hxxp://www.v9.com/?type=hp&ts=1414815269&from=cor&uid=WDCXWD7501AAES-75W7A0_WD-WCATR181444914449&i=psd&t=34b4bad73"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3...
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\searchplugins\ask-web-search.xml

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#36
November 21, 2014 at 14:47:24
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014
Ran by Ray at 2014-11-21 14:37:13 Run:1
Running from C:\Users\Ray\Desktop
Loaded Profile: Ray (Available profiles: Ray)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

closeprocesses:
emptytemp:
AlternateDataStreams: C:\Users\Ray\OneDrive:ms-properties
Linkey (HKU\S-1-5-21-2488777864-499929627-782514294-1001\...\Linkey) (Version: 0.0.0.599 - Aztec Media Inc) <==== ATTENTION
Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage) <==== ATTENTION
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.14591 - Aztec Media Inc) <==== ATTENTION
Task: {A5149D6E-0D57-42DC-816D-C19727322EEE} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {B0CABCA1-137A-4887-9606-C0401274BBC7} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-11-10] (Reimage®) <==== ATTENTION
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/searc...
HKLM-x32\...\Run: [] => [X]
S3 cpuz134; \??\C:\Users\Ray\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (No File)
C:\Users\Ray\AppData\Local\Temp\ose00000.exe
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP4F7C90B0-DB9F-4430-B174-2BB8ECD3ADCB&SSPV=21820TA_sp_ch
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP4F7C90B0-DB9F-4430-B174-2BB8ECD3ADCB&SSPV=21820TA_sp_ch", "hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN16867026541586318&UM=2", "hxxp://start.sweetpacks.com/?barid={A7564A0E-DAFF-11E2-BE67-0025648B1FD5}&src=10&crg=3.5000006.10042&st=23", "hxxp://start.sweetpacks.com/?barid={296F985C-ECD4-11E2-BE67-0025648B1FD5}&src=10&crg=3.5000006.10045&st=23", "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-352&t=4", "hxxp://mysearch.avg.com/?cid={EEE2DBD0-91AA-45BB-81FE-977DFDEED3E1}&mid=43295d4f320a47d39dd2d16c226ff626-9d10ca23de3a751ddf830e7849622a6f8de43d9e&lang=en&ds=ts018&pr=sa&d=2013-08-26%2020:56:33&v=15.3.0.10&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com/?cid={189F68BB-6520-4533-A707-F9BB7D8CFB0C}&mid=c61bd56964f047d39dddd16c226ff626-9d10ca23de3a751ddf830e7849622a6f8de43d9e&lang=en&ds=dn011&pr=sa&d=2013-10-11%2020:51:41&v=17.1.0.25&pid=safeguard&sg=0&sap=hp", "hxxp://www.google.com/", "hxxp://mysearch.avg.com/?cid={189F68BB-6520-4533-A707-F9BB7D8CFB0C}&mid=c61bd56964f047d39dddd16c226ff626-9d10ca23de3a751ddf830e7849622a6f8de43d9e&lang=en&ds=dl011&coid=avgtbdisdl&pr=sa&d=2013-10-15%2019:32:54&v=17.0.0.12&pid=safeguard&sg=0&sap=hp", "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN55196080832744185&UM=2", "hxxp://search.conduit.com/?ctid=CT3298573&SearchSource=48&CUI=UN76974045218078254&UM=2", "hxxp://search.conduit.com/?ctid=CT3303000&SearchSource=48&CUI=UN28403043572407211&UM=2", "hxxp://start.mysearchdial.com/?f=1&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyDtC0CzztDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=458326272&ir=", "hxxp://search.yahoo.com/?type=293224&fr=spigot-yhp-ch", "hxxp://search.conduit.com/?ctid=CT3314198&SearchSource=48&CUI=UN28998813774052965&UM=2", "hxxp://search.conduit.com/?ctid=CT3303000&SearchSource=48&CUI=UN25710326771444419&UM=2", "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20131044,20033,0,25,0", "hxxp://search.yahoo.com/?type=293224&fr=spigot-yhp-ch", "hxxp://search.conduit.com/?ctid=CT3310511&SearchSource=48&CUI=UN22983361846309434&UM=2", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36218076932958817&UM=2", "hxxp://search.yahoo.com/?type=617686&fr=spigot-yhp-ch", "hxxp://search.findwide.com/?guid={0037E7CE-4DE2-4167-9769-57591D126EFA}&serpv=22", "hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN24589446942809925&UM=2&UP=SP318E2B76-6E20-4382-841A-193A350BCCCD&SSPV=", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP5ADAE15D-3A3D-4117-90FC-C27148DA690F&SSPV=", "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3323128&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9DD5E181-B0CE-4BEF-85EC-FB1C0F2DBF46&SSPV=", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP9DD5E181-B0CE-4BEF-85EC-FB1C0F2DBF46&SSPV=", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SPF7BCD11B-7F05-40CF-B5B7-DE9F60368365&SSPV=T21020A_sp_ch", "", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP770CF4C4-D16C-4058-B1BF-C4C837BA89DB&SSPV=", "hxxp://www.amazon.com/websearch/ref=bit_bds-p23_serp_cr_us_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_e2d773a4387f4d81b20bed3e8918a64e_39_1006_20140508_US_cr_sp_32352", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-15&ent=hp&u=46A9874A993BB1434DD9E55374FBAC44", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP1B6AF6FC-80A0-4EE8-BA5C-E51021EF1EFF&SSPV=", "hxxp://www.default-search.net/?sid=492&aid=169&itype=n&ver=12565&tm=372&src=hmp", "hxxp://speedial.com/?f=1&a=spd_dnldstr_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyDtCtBzzyDtN0D0Tzu0SzzzytDtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyCtDyE0E0EtDyDtCtGtA0FzzzytGyE0EtA0DtGyCzyyD0AtGyByDtCyEyByEyB0F0FtB0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0B0ByB0AtBzztBtG0C0C0FtBtGtDzztD0DtGyCtB0ByCtGyDtC0C0FyD0EtBtD0F0DtA0A2Q&cr=1823922489&ir=", "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,%20203,%200_0,%20StartPage,%2020131044,%2020033,%200,%2025,%200", "https://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20140835,20033,0,31,0", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP4F7C90B0-DB9F-4430-B174-2BB8ECD3ADCB&SSPV=", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyD0DzzyDyBtN0D0Tzu0StCtDtCtCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StA0E0AtDzytDyEyDtGyC0ByC0DtGtAyB0ByCtGyDyByEtDtGyBtCyC0DyEyBtAtA0DtB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0D0D0CyDtDzztGzy0BtA0CtGyE0AzztAtG0AtAzytAtG0F0AyE0B0EyCzzzzzyyB0D0F2Q&cr=1215931763&ir=", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyD0DzzyDyBtN0D0Tzu0StCtDtBtCtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyCtCyBzyzzyEtCyCtG0DzzyC0EtGtAtCzyyCtG0DtA0CzytGyB0AtDyEyEtC0A0CzyyB0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0B0BtD0D0FtD0AtGtBtC0CzytGyE0BzzzytG0B0CyByDtGzy0DtD0E0DyBtA0BzyyB0D0F2Q&cr=898590603&ir=", "hxxp://www.v9.com/?type=hp&ts=1414815269&from=cor&uid=WDCXWD7501AAES-75W7A0_WD-WCATR181444914449&i=psd&t=34b4bad73"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3...
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\searchplugins\ask-web-search.xml

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


*****************

Processes closed successfully.
"C:\Users\Ray\OneDrive" => ":ms-properties" ADS not found.
Linkey (HKU\S-1-5-21-2488777864-499929627-782514294-1001\...\Linkey) (Version: 0.0.0.599 - Aztec Media Inc) <==== ATTENTION => Error: No automatic fix found for this entry.
Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage) <==== ATTENTION => Error: No automatic fix found for this entry.
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.14591 - Aztec Media Inc) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5149D6E-0D57-42DC-816D-C19727322EEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5149D6E-0D57-42DC-816D-C19727322EEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0CABCA1-137A-4887-9606-C0401274BBC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CABCA1-137A-4887-9606-C0401274BBC7}" => Key deleted successfully.
C:\Windows\System32\Tasks\ReimageUpdater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
cpuz134 => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe not found.
C:\Users\Ray\AppData\Local\Temp\ose00000.exe => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3... => Error: No automatic fix found for this entry.
C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\searchplugins\ask-web-search.xml => Moved successfully.
Run FRST/FRST64 and press the Fix button just once and wait. => Error: No automatic fix found for this entry.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. => Error: No automatic fix found for this entry.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply. => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 1.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====


Report •

#37
November 21, 2014 at 16:14:12
Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )

Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.
If you misplace your log, here are ways to find.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
http://i.imgur.com/ZZ1trsv.gif
http://i.imgur.com/LL0K3qs.gif
Or,
(Export log to save as txt)
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
http://i.imgur.com/LNl3Sgw.gif
http://i.imgur.com/xGJgawB.gif


Report •

#38
November 21, 2014 at 19:57:09
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/21/2014
Scan Time: 7:22:21 PM
Logfile: Scan Log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.22.02
Rootkit Database: v2014.11.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ray

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325795
Time Elapsed: 9 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, 1508, Delete-on-Reboot, [db9050ee91ebd66009dbcce4c33e48b8]
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, 1692, Delete-on-Reboot, [db9050ee91ebd66009dbcce4c33e48b8]
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe, 3768, Delete-on-Reboot, [6ffc3fff6616013530b4e6ca50b18a76]

Modules: 2
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],

Registry Keys: 40
PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SmdmFService, Delete-on-Reboot, [db9050ee91ebd66009dbcce4c33e48b8],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Linkey.Linkey, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2488777864-499929627-782514294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2488777864-499929627-782514294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{726E90BE-DC22-4965-B215-E0784DC26F47}, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{726E90BE-DC22-4965-B215-E0784DC26F47}, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}\INPROCSERVER32, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, Quarantined, [c7a4cb73a0dc4bebfb66a020867cab55],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, Quarantined, [c7a4cb73a0dc4bebfb66a020867cab55],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2488777864-499929627-782514294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, Quarantined, [46250c3219639a9ce6fcd0b5be43837d],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, Quarantined, [23487bc31e5ecb6b92d9412ad42f1ae6],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, Delete-on-Reboot, [1e4d25198cf022144ef7074310f3e11f],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fpmeembnagmagppkgghhfjfdfajdfcah, Quarantined, [16557cc2afcd40f655151d4e3ac93dc3],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY, Quarantined, [fd6ef44a95e70b2b274480ebab58d729],
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-2488777864-499929627-782514294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmdmF, Quarantined, [0a611f1fdd9ff343be86d575e61dd52b],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2488777864-499929627-782514294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [78f30836fc80999d58a66116e41f926e],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2488777864-499929627-782514294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [81eaa5993f3dfb3b9d961c72e0246c94],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2488777864-499929627-782514294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LINKEY, Quarantined, [b6b562dc285452e40a83fbb4e321c13f],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SettingsManagerIEHelper.DNSGuard, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-2488777864-499929627-782514294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Settings Manager, Quarantined, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A9119622, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],

Registry Values: 6
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/... Quarantined, [23487bc31e5ecb6b92d9412ad42f1ae6]
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/... Quarantined, [fd6ef44a95e70b2b274480ebab58d729]
PUP.Optional.SettingsManager, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x86, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Quarantined, [e487c47a047820165570bf8ec43f639d]
PUP.Optional.SettingsManager, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x64, C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll, Quarantined, [abc03fff13698caa665ff35ad42f52ae]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2488777864-499929627-782514294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0E1G1J1H, Quarantined, [81eaa5993f3dfb3b9d961c72e0246c94]
PUP.Optional.Linkey.A, HKU\S-1-5-21-2488777864-499929627-782514294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LINKEY|browsers, chrome,ff,ie, Quarantined, [b6b562dc285452e40a83fbb4e321c13f]

Registry Data: 1
PUP.Optional.Linkey, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\Users\Ray\AppData\Local\Linkey\IEEXTE~1\ietlb.dll , Good: (), Bad: (C:\Users\Ray\AppData\Local\Linkey\IEEXTE~1\ietlb.dll),Replaced,[204bb886b2caaf87a2d2aa9b9e654db3]

Folders: 16
PUP.Optional.Linkey, C:\Users\Ray\AppData\Local\Linkey, Delete-on-Reboot, [204bb886b2caaf87a2d2aa9b9e654db3],
PUP.Optional.Linkey, C:\Users\Ray\AppData\Local\Linkey\ChromeExtension, Quarantined, [204bb886b2caaf87a2d2aa9b9e654db3],
PUP.Optional.Linkey, C:\Users\Ray\AppData\Local\Linkey\IEExtension, Delete-on-Reboot, [204bb886b2caaf87a2d2aa9b9e654db3],
PUP.Optional.Datamngr.A, C:\Users\Ray\AppData\LocalLow\DataMngr, Quarantined, [a8c376c8b0cc300601700808758e23dd],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\content, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\content\js, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\skin, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf, Delete-on-Reboot, [ea8162dc7804de587af5b27953b0936d],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.MindSpark.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\PremierDownloadManager_ag, Quarantined, [43287ac4a3d9f5413337ae899d668d73],

Files: 62
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, Delete-on-Reboot, [db9050ee91ebd66009dbcce4c33e48b8],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe, Delete-on-Reboot, [6ffc3fff6616013530b4e6ca50b18a76],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Local\Linkey\IEExtension\iedll64.dll, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Local\Linkey\IEExtension\iedll.dll, Quarantined, [1f4c06380d6fa591b52d2065cf32df21],
PUP.Optional.Bestop, C:\Users\Ray\Downloads\DownloadManagerSetup.exe, Quarantined, [e487af8ff28aca6c5e6463e1b253ed13],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Local\Linkey\LinkeyDeals.exe, Quarantined, [2d3eba841a62be780afad2b458a957a9],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Local\Linkey\Uninstall.exe, Quarantined, [46250c3219639a9ce6fcd0b5be43837d],
PUP.Optional.Linkey, C:\Users\Ray\AppData\Local\Linkey\Helper.dll, Quarantined, [204bb886b2caaf87a2d2aa9b9e654db3],
PUP.Optional.Linkey, C:\Users\Ray\AppData\Local\Linkey\log.log, Quarantined, [204bb886b2caaf87a2d2aa9b9e654db3],
PUP.Optional.Linkey, C:\Users\Ray\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx, Quarantined, [204bb886b2caaf87a2d2aa9b9e654db3],
PUP.Optional.Linkey, C:\Users\Ray\AppData\Local\Linkey\IEExtension\ietlb.dll, Delete-on-Reboot, [204bb886b2caaf87a2d2aa9b9e654db3],
PUP.Optional.Linkey, C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Browse and Search the Internet.lnk, Quarantined, [c7a499a568145ed8ab362228e81b39c7],
PUP.Optional.Datamngr.A, C:\Users\Ray\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, Quarantined, [a8c376c8b0cc300601700808758e23dd],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\chrome.manifest, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\install.rdf, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\content\button.css, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\content\overlay.xul, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\content\js\common.js, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\content\js\LinkeyManager.js, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\skin\bright_green_19_19.png, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\skin\default_19_19.png, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\skin\hard_green_19_19.png, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\skin\icon.png, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\skin\icon64.png, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\skin\orange_19_19.png, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\skin\red_19_19.png, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.Linkey.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\extensions\extension@linkeyproject.com\skin\yellow_19_19.png, Quarantined, [ee7dd767de9e93a3f0dd49c79d6601ff],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\favicon.ico, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Helper.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Internet Explorer Settings.exe, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmf.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfbho.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfbho.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr_u.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfmgrc2.cfg, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\tbicon.exe, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Uninstall.exe, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\Internet Explorer Settings.exe, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmf.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfldr.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfldr_u.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll, Delete-on-Reboot, [462543fb7dff1f1721177aac788bda26],
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\coordinator.cfg, Quarantined, [ea8162dc7804de587af5b27953b0936d],
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\general.cfg, Quarantined, [ea8162dc7804de587af5b27953b0936d],
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\S-1-5-21-2488777864-499929627-782514294-1001.cfg, Quarantined, [ea8162dc7804de587af5b27953b0936d],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\chrome.manifest, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\install.rdf, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF33.dll, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\DnsBHO.js, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\Error404BHO.js, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\MainBHO.js, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NativeHelper.js, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NewTabBHO.js, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.js, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RelatedSearch.js, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RequestPreserver.js, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SearchBHO.js, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.SettingsManager.A, C:\Users\Ray\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SettingManager.js, Quarantined, [ce9d85b9423a7fb7a7c94edde91a867a],
PUP.Optional.MindSpark.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\PremierDownloadManager_ag\74E1A453-BBEE-4165-B2BB-1AA96B277FA4.sqlite, Quarantined, [43287ac4a3d9f5413337ae899d668d73],

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#39
November 21, 2014 at 20:16:36
You have installed the Premium version, if you don't want to buy it, do this to avoid the purchase nag screens.
Open Malwarebytes, on the Dashboard, click on ‘End Free Trial’ link which, then will be instantly converted to the free version.

Run Farbar again please, follow this SS & upload the 2 new logs.
http://i.imgur.com/i3fg3Pf.gif


Report •

#40
November 21, 2014 at 23:25:41
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/21/2014
Scan Time: 11:09:53 PM
Logfile: 11.10 log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.22.03
Rootkit Database: v2014.11.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ray

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325876
Time Elapsed: 10 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TornTv Downloader, Quarantined, [a9c2320c6f0d0f270527d2688c7731cf],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#41
November 22, 2014 at 01:27:19
Reread my post #39

Report •

#42
November 22, 2014 at 11:14:34
http://www53.zippyshare.com/v/82489...

Report •

#43
November 22, 2014 at 11:16:04
http://www60.zippyshare.com/v/62209...

Report •

#44
November 22, 2014 at 14:28:49
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt

closeprocesses:
AppInit_DLLs: C:\Users\Ray\AppData\Local\Linkey\IEEXTE~1\ietlb64.dll => C:\Users\Ray\AppData\Local\Linkey\IEEXTE~1\ietlb64.dll File Not Found
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (No File)


Report •

#45
November 22, 2014 at 14:33:18
Just in case you are doing more program installs ( other than what I am getting you to do ) here is how you are getting into trouble & what you can do about it.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#46
November 22, 2014 at 20:11:02
http://www.softpedia.com/get/System...
http://unchecky.com/

I installed the two apps above. Unchecky.com should prevent other apps to not be installed instead of unchecking the box, right?

Also, whats my next step? I don't know how to read Frst.txt and the Additional.text results
but do they tell me that my Chrome is finally out?


Report •

#47
November 22, 2014 at 20:24:36
"I installed the two apps above. Unchecky.com should prevent other apps to not be installed instead of unchecking the box, right?"
Yes, but like I said, nothing is perfect, the badies are always ahead of the goodies.

I am waiting for the fixlog as per post #35, but using the new script below.

closeprocesses:
AppInit_DLLs: C:\Users\Ray\AppData\Local\Linkey\IEEXTE~1\ietlb64.dll => C:\Users\Ray\AppData\Local\Linkey\IEEXTE~1\ietlb64.dll File Not Found
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (No File)


Report •

#48
November 22, 2014 at 21:21:11
Copied the new script #47 and drag it to Desktop as fixlog.txt. Also, run Farber Recovery Scan tool and saved FRST.txt and Additional.Txt in Desktop.

With the 3 files in Desktop, I run fixlog text but nothing happened. What did I missed?.

message edited by raycuadro


Report •

#49
November 23, 2014 at 01:07:15
No idea what you are doing wrong, do it the same as you on the first script in post #36, except use the new script.

Report •

#50
November 23, 2014 at 11:44:10
In the Desktop I have the FRST.txt and the Additional. txt. Also have the Farber Recovery App and your fixlist.txt program. When I click on the Farber Recovery App, it said no Fixlist.txt found.

Any suggestions? Is it time to "QUIT" now?

message edited by raycuadro


Report •

#51
November 23, 2014 at 15:10:39
" Is it time to "QUIT" now?"

We are nearly finished, shall now move on to a different tool.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#52
November 25, 2014 at 16:21:50
:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe a variant of Win32/ReImageRepair.B potentially unwanted application deleted - quarantined
C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\IE\WHEPKBD3\ReimagePackage1801x64e[1].exe a variant of Win32/ReImageRepair.C potentially unwanted application deleted - quarantined
C:\Users\Ray\AppData\Local\Temp\ReimagePackage.exe a variant of Win32/ReImageRepair.C potentially unwanted application deleted - quarantined
C:\Users\Ray\Downloads\ReimageRepair(1).exe a variant of Win32/ReImageRepair.B potentially unwanted application deleted - quarantined
C:\Users\Ray\Downloads\ReimageRepair.exe a variant of Win32/ReImageRepair.B potentially unwanted application deleted - quarantined

Attached is the Eset Scan.log above. Had a tough time getting this scanlog thats why I
was just able to send it. Have to work on the others that you mentioned I have to do
in #51


Report •

#53
November 25, 2014 at 16:37:43
"Attached is the Eset Scan.log above"
Very good.

" Have to work on the others that you mentioned I have to do in #51"
There is no more in #51, all that was to do with getting ESET to work.

Update & run Malwarebytes again please. Post the log.


Report •

#54
November 25, 2014 at 19:09:23
http://www78.zippyshare.com/v/43970...


http://www45.zippyshare.com/v/86444...

message edited by raycuadro


Report •

#55
November 25, 2014 at 19:18:58
"http://www78.zippyshare.com/v/43970..."
That is the Addition log, not the Malwarebytes log.

Report •

#56
November 25, 2014 at 21:03:50
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 11/25/2014 7:56:00 PM, SYSTEM, RAYC-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.11.22.1,
Update, 11/25/2014 7:56:14 PM, SYSTEM, RAYC-PC, Manual, Malware Database, 2014.9.19.5, 2014.11.26.1,
Update, 11/25/2014 7:58:32 PM, SYSTEM, RAYC-PC, Manual, Malware Database, 2014.11.26.1, 2014.11.26.2,
Scan, 11/25/2014 8:12:03 PM, SYSTEM, RAYC-PC, Manual, Start:11/25/2014 7:58:32 PM, Duration:9 min 55 sec, Threat Scan, Completed, 0 Malware Detections, 22 Non-Malware Detections,

(end)


Report •

#57
November 25, 2014 at 21:04:45
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/25/2014
Scan Time: 8:38:03 PM
Logfile: Scanlog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.26.02
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ray

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334110
Time Elapsed: 9 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Vosteran.A, C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\ay5mawln.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://Vosteran.com/?f=1&a=vst_ggbg_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyDyCzz0DtAtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCtD0C0BtCzztCtGzz0B0A0CtGzz0Ezz0FtG0B0BtCtDtGtDyE0AyBtB0A0A0FtA0Dzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0D0DyDzzyByC0DtGtD0BtD0EtGyEyDyCyCtGzy0EtBzztG0AyE0EtByC0CtBzz0C0A0C0F2Q&cr=435746650&ir=");), Replaced,[70659f9f1369c373908a27698283817f]

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#58
November 25, 2014 at 21:05:33
Run DelFix
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these ones are checked:
Remove disinfection tools
Purge system restore
Reset system settings
Click Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

Report •

#59
November 25, 2014 at 22:05:55
# DelFix v10.8 - Logfile created 25/11/2014 at 21:58:18
# Updated 29/07/2014 by Xplode
# Username : Ray - RAYC-PC
# Operating System : Windows 8.1 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Ray\Downloads\esetsmartinstaller_enu(1).exe
Deleted : C:\Users\Ray\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Ray\Downloads\FRST.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #9 [11.15.14 - Tried Correction of Search.conduit | 11/16/2014 03:22:02]
Deleted : RP #10 [Installed CrashPlan | 11/18/2014 00:46:05]
Deleted : RP #11 [Uniblue DriverScanner installation | 11/24/2014 03:42:19]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

I guess this is the end of the tutoring. Never imagined I will see any of those
"weired" apps to clean up the "infection".


After all the instructions you gave me, am I "out" from that "search.conduit.com"?
Thanks a lot again.


Report •

#60
November 25, 2014 at 22:14:10
Run TFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Download it onto your Desktop If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

/////////////////////////////////////////////////////////////////////////////////

Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#61
November 25, 2014 at 22:30:52
Results of screen317's Security Check version 0.99.90
x64 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
ESET NOD32 Antivirus 8.0
Windows Defender
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Winferno Registry Power Cleaner
Adobe Flash Player 15.0.0.239
Mozilla Firefox (33.1)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: %
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#62
November 25, 2014 at 22:32:28
You now appear to be clean.
How is it running, any issues?

Report •

#63
November 25, 2014 at 22:39:25
Did I tell you that I uninstall Chrome? But, I kinda like Chome. Can I re install that browser with get away from being re infected again? Does it make sense to reinstall? You

Can I ask you a dumb question? How did you say I appear to be clean now after all
the agony of running all the Malwares?


Report •

#64
November 25, 2014 at 22:55:03
" Can I re install that browser with get away from being re infected again?"
Yes, but reread all the info I have given you, those infections were installed by a USER.

Winferno Registry Power Cleaner
Keep in mind, what I said about Softpedia, this program for instance is offered mainly by CNET & Softonic.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic )
http://www.groovypost.com/unplugged...

" How did you say I appear to be clean now after all the agony of running all the Malwares?"
I have been doing this for quite a while & have run all those programs, because once you are infected, it is too late for an AV to help, we have to use special programs to dismantle the nasties bit by bit, continually getting 2nd opinions from the different programs.


Report •

#65
November 25, 2014 at 23:11:44
Again, thanks for all the tips how to avoid all those bundled downloads.and all the patience you afforded.

Report •

#66
November 25, 2014 at 23:13:41
That's Ok, I enjoy the challenge.

Report •

#67
November 26, 2014 at 07:23:31
Good to hear - nicely done.

I feel I should now eat my words at #4. True for the two programs at that stage but it obviously took a lot more afterwards to crack it.

Always pop back and let us know the outcome - thanks


Report •

#68
November 29, 2014 at 20:28:33
ReInstalled Chrome and noted that the "search.conduit.com" is conpletely gone. How about that?
But, I reinstalled Chrome in my Laptop, run SystemLook and found out that "search.conduit" is there. Will trace the steps and run the apps that I did to get rid of the
infection in my Desk top and will see if I can get rid of it.

Report •

#69
November 29, 2014 at 20:34:47
" Will trace the steps and run the apps that I did to get rid of the
infection in my Desk top and will see if I can get rid of it"
Yep, that should do it Ray, post logs if you want to & then upload the Farbar logs.

Report •

#70
November 29, 2014 at 22:50:50
http://www28.zippyshare.com/v/48719...

http://www11.zippyshare.com/v/78821...

http://www28.zippyshare.com/v/25293...

# AdwCleaner v4.102 - Report created 29/11/2014 at 23:00:29
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Ray - RAYC-PC
# Running from : C:\Users\Ray\Desktop\APPS - REMOVE - SEARCH.CONDUIT\adwcleaner_4.102(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [18545 octets] - [15/11/2014 14:00:04]
AdwCleaner[R1].txt - [15272 octets] - [28/11/2014 10:29:24]
AdwCleaner[R2].txt - [1014 octets] - [28/11/2014 10:44:56]
AdwCleaner[R3].txt - [15700 octets] - [29/11/2014 20:29:35]
AdwCleaner[R4].txt - [1214 octets] - [29/11/2014 22:58:40]
AdwCleaner[S0].txt - [18750 octets] - [15/11/2014 14:03:43]
AdwCleaner[S1].txt - [15452 octets] - [28/11/2014 10:35:59]
AdwCleaner[S2].txt - [15884 octets] - [29/11/2014 20:32:05]
AdwCleaner[S3].txt - [1136 octets] - [29/11/2014 23:00:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1196 octets] ##########

message edited by raycuadro


Report •

#71
November 29, 2014 at 23:10:03
"and run the apps that I did to get rid of the infection in my Desk top"
Have you?
If not, run them in this order & then 2 new Farbar logs please.

1: AdwCleaner
2: Junkware Removal Tool
3: RogueKiller
4: ESET
5: Malwarebytes

message edited by Johnw


Report •

#72
November 29, 2014 at 23:27:17
==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: AVG AntiVirus 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

///////////////////////////////////////////////////////

You have two AV's fighting each other, uninstall one.

AVG Download Center
http://www.avg.com/au-en/utilities

McAfee Removal Tool
http://service.mcafee.com/FAQDocume...


Report •

#73
November 30, 2014 at 14:12:18
# AdwCleaner v4.102 - Report created 30/11/2014 at 13:43:41
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Ray - RAYC-PC
# Running from : C:\Users\Ray\Desktop\APPS - REMOVE - SEARCH.CONDUIT\adwcleaner_4.102(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [18545 octets] - [15/11/2014 14:00:04]
AdwCleaner[R1].txt - [15272 octets] - [28/11/2014 10:29:24]
AdwCleaner[R2].txt - [1014 octets] - [28/11/2014 10:44:56]
AdwCleaner[R3].txt - [15700 octets] - [29/11/2014 20:29:35]
AdwCleaner[R4].txt - [1214 octets] - [29/11/2014 22:58:40]
AdwCleaner[R5].txt - [1334 octets] - [30/11/2014 13:41:47]
AdwCleaner[S0].txt - [18750 octets] - [15/11/2014 14:03:43]
AdwCleaner[S1].txt - [15452 octets] - [28/11/2014 10:35:59]
AdwCleaner[S2].txt - [15884 octets] - [29/11/2014 20:32:05]
AdwCleaner[S3].txt - [1276 octets] - [29/11/2014 23:00:29]
AdwCleaner[S4].txt - [1256 octets] - [30/11/2014 13:43:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1316 octets] ##########

message edited by raycuadro


Report •

#74
November 30, 2014 at 15:42:21
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/30/2014
Scan Time: 2:56:17 PM
Logfile: Eset.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.30.09
Rootkit Database: v2014.11.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ray

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367566
Time Elapsed: 34 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.InstalLCore, C:\Users\Ray\AppData\Local\Temp\is765589038\52614A36_stp.EXE, Quarantined, [4aa4ed5486f6f83e27c246f0a0652cd4],
PUP.Optional.SafeInstall.A, C:\Users\Ray\Desktop\APPS - REMOVE - SEARCH.CONDUIT\7Zip.exe, Quarantined, [3ab462dfea92a19549d71355d32e3bc5],

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#75
November 30, 2014 at 16:12:33
http://www7.zippyshare.com/v/390409...

I run all the suggested apps in sequence as advised. It seems I still
have the infection as shown in the SystemLook. Am I right? What other
apps should I run? thanks.


Report •

#76
November 30, 2014 at 16:20:40
Run Farbar Ray, I will then work out what to do, we will get you clean eventually.

Report •

#77
November 30, 2014 at 19:27:52
http://www78.zippyshare.com/v/52002...


http://www14.zippyshare.com/v/55272...

message edited by raycuadro


Report •

#78
November 30, 2014 at 19:32:40
Lets remove Windows.old Ray & then I shall work on the logs.

1: How to remove the Windows.old folder
http://windows.microsoft.com/en-AU/...
Windows.old Folder - Delete in Windows 8
http://www.eightforums.com/tutorial...
How to remove the Windows.old folder ( Applies to Windows 8.1, Windows RT 8.1

2: Run Farbar again please, follow this SS & upload the 2 new logs.
http://i.imgur.com/i3fg3Pf.gif

message edited by Johnw


Report •

#79
November 30, 2014 at 20:59:51
http://www75.zippyshare.com/v/25083...

http://www41.zippyshare.com/v/40925...

Removed Windows.old folder before running Farbar.

message edited by raycuadro


Report •

#80
November 30, 2014 at 21:20:26
Ok Ray, you will probably want go to bed, this will take me quite a while, catch you when I'm finished & you are online.

Report •

#81
November 30, 2014 at 21:27:39
ok, will check tomorrow. thanks, John.

Report •

#82
November 30, 2014 at 21:34:13
hey - i run systemlook below. tried to interpret this result but not sure
if it is telling me the "search.conduit" is gone? I will install Chrome'
next and will see if that infection shows in the address.....


http://www31.zippyshare.com/v/69615...

NOPE. Google Chrome still shows the "search.conduit", so I misread
the SystemLook. Will wait for your next step...

message edited by raycuadro


Report •

#83
November 30, 2014 at 21:39:08
Yep that part is gone, it was in windows.old.
Still have dregs left, which I shall work on.

Report •

#84
November 30, 2014 at 23:46:16
Are you happy with this, in other words has your ISP set this.

==================== Internet (Whitelisted) ====================
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

If not.
Start > Control Panel > Internet Options > Connections > LAN settings, untick > Use a proxy server for your LAN. Click OK twice.

message edited by Johnw


Report •

#85
December 1, 2014 at 00:35:53

completed the process below. - -

Start > Control Panel > Internet Options > Connections > LAN settings, untick > Use a proxy server for your LAN. Click OK twice.


Report •

#86
December 1, 2014 at 00:37:17
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
AlternateDataStreams: C:\Users\Ray\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Ray\Desktop\2014 Makati Tax.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ray\Desktop\2014 Makati Tax.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Ray\Documents\Condo Tax Comp - 2014.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ray\Documents\Condo Tax Comp - 2014.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_0favicon274298539
AlternateDataStreams: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_1favicon-1484237488
AlternateDataStreams: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_2favicon233515818
AlternateDataStreams: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_3favicon-1519011051
AlternateDataStreams: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_4favicon860087195
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION
Task: {564EFF86-5E7F-46BE-9535-9F08A616F04F} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-11-12] () <==== ATTENTION
Task: {D82E6F8C-5F99-406C-B7C5-4108F5608502} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-11-10] (Reimage®) <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKLM -> {1A7ABC6B-3055-4D56-AA0F-B662E15D4478} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKLM-x32 -> {1A7ABC6B-3055-4D56-AA0F-B662E15D4478} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKU\S-1-5-21-1170315756-3078722723-157546945-1001 -> DefaultScope {FBC02C79-63A1-4563-9796-9483789D4358} URL =
SearchScopes: HKU\S-1-5-21-1170315756-3078722723-157546945-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKU\S-1-5-21-1170315756-3078722723-157546945-1001 -> {1A7ABC6B-3055-4D56-AA0F-B662E15D4478} URL = http://www.amazon.com/s/ref=azs_osd...
SearchScopes: HKU\S-1-5-21-1170315756-3078722723-157546945-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1170315756-3078722723-157546945-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://search.yahoo.com/search?fr=...
SearchScopes: HKU\S-1-5-21-1170315756-3078722723-157546945-1001 -> {FD506B43-2174-417E-86C4-7AF2FD252E6F} URL = http://search.xfinity.com/?cat=web&...
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
C:\Users\Ray\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
C:\Users\Ray\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
C:\Users\Ray\AppData\Local\Temp\Quarantine.exe
C:\Users\Ray\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Ray\AppData\Local\Temp\sqlite3.dll
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP4F7C90B0-DB9F-4430-B174-2BB8ECD3ADCB&SSPV=21820TA_sp_ch
CHR RestoreOnStartup: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ggfc_14_48_ff&cd=2XzuyEtN2Y1L1QzutBzzzztDtBtA0F0C0BzytBtDyBtA0A0CtN0D0Tzu0StCtDyDzztN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0ByD0DtCtC0F0EtGtC0CtBtCtGtDtCtD0BtGyC0E0AtAtGtDyC0CyDyE0B0D0CyEyB0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0ByC0E0D0DzyyEtGtA0D0BtDtGyEtB0FtBtG0AyD0AyDtGtDtAtD0DtBzyzyyCzz0Azzzy2Q&cr=913694190&ir="
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP4F7C90B0-DB9F-4430-B174-2BB8ECD3ADCB&SSPV=21820TA_sp_ch", "hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN16867026541586318&UM=2", "hxxp://start.sweetpacks.com/?barid={A7564A0E-DAFF-11E2-BE67-0025648B1FD5}&src=10&crg=3.5000006.10042&st=23", "hxxp://start.sweetpacks.com/?barid={296F985C-ECD4-11E2-BE67-0025648B1FD5}&src=10&crg=3.5000006.10045&st=23", "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-352&t=4", "hxxp://mysearch.avg.com/?cid={EEE2DBD0-91AA-45BB-81FE-977DFDEED3E1}&mid=43295d4f320a47d39dd2d16c226ff626-9d10ca23de3a751ddf830e7849622a6f8de43d9e&lang=en&ds=ts018&pr=sa&d=2013-08-26%2020:56:33&v=15.3.0.10&pid=safeguard&sg=0&sap=hp", "hxxp://mysearch.avg.com/?cid={189F68BB-6520-4533-A707-F9BB7D8CFB0C}&mid=c61bd56964f047d39dddd16c226ff626-9d10ca23de3a751ddf830e7849622a6f8de43d9e&lang=en&ds=dn011&pr=sa&d=2013-10-11%2020:51:41&v=17.1.0.25&pid=safeguard&sg=0&sap=hp", "hxxp://www.google.com/", "hxxp://mysearch.avg.com/?cid={189F68BB-6520-4533-A707-F9BB7D8CFB0C}&mid=c61bd56964f047d39dddd16c226ff626-9d10ca23de3a751ddf830e7849622a6f8de43d9e&lang=en&ds=dl011&coid=avgtbdisdl&pr=sa&d=2013-10-15%2019:32:54&v=17.0.0.12&pid=safeguard&sg=0&sap=hp", "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN55196080832744185&UM=2", "hxxp://search.conduit.com/?ctid=CT3298573&SearchSource=48&CUI=UN76974045218078254&UM=2", "hxxp://search.conduit.com/?ctid=CT3303000&SearchSource=48&CUI=UN28403043572407211&UM=2", "hxxp://start.mysearchdial.com/?f=1&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyDtC0CzztDtN0D0Tzu0CyCyCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=458326272&ir=", "hxxp://search.yahoo.com/?type=293224&fr=spigot-yhp-ch", "hxxp://search.conduit.com/?ctid=CT3314198&SearchSource=48&CUI=UN28998813774052965&UM=2", "hxxp://search.conduit.com/?ctid=CT3303000&SearchSource=48&CUI=UN25710326771444419&UM=2", "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20131044,20033,0,25,0", "hxxp://search.yahoo.com/?type=293224&fr=spigot-yhp-ch", "hxxp://search.conduit.com/?ctid=CT3310511&SearchSource=48&CUI=UN22983361846309434&UM=2", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36218076932958817&UM=2", "hxxp://search.yahoo.com/?type=617686&fr=spigot-yhp-ch", "hxxp://search.findwide.com/?guid={0037E7CE-4DE2-4167-9769-57591D126EFA}&serpv=22", "hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN24589446942809925&UM=2&UP=SP318E2B76-6E20-4382-841A-193A350BCCCD&SSPV=", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP5ADAE15D-3A3D-4117-90FC-C27148DA690F&SSPV=", "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3323128&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9DD5E181-B0CE-4BEF-85EC-FB1C0F2DBF46&SSPV=", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP9DD5E181-B0CE-4BEF-85EC-FB1C0F2DBF46&SSPV=", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SPF7BCD11B-7F05-40CF-B5B7-DE9F60368365&SSPV=T21020A_sp_ch", "", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP770CF4C4-D16C-4058-B1BF-C4C837BA89DB&SSPV=", "hxxp://www.amazon.com/websearch/ref=bit_bds-p23_serp_cr_us_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_e2d773a4387f4d81b20bed3e8918a64e_39_1006_20140508_US_cr_sp_32352", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-15&ent=hp&u=46A9874A993BB1434DD9E55374FBAC44", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP1B6AF6FC-80A0-4EE8-BA5C-E51021EF1EFF&SSPV=", "hxxp://www.default-search.net/?sid=492&aid=169&itype=n&ver=12565&tm=372&src=hmp", "hxxp://speedial.com/?f=1&a=spd_dnldstr_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyDtCtBzzyDtN0D0Tzu0SzzzytDtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyCtDyE0E0EtDyDtCtGtA0FzzzytGyE0EtA0DtGyCzyyD0AtGyByDtCyEyByEyB0F0FtB0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0B0ByB0AtBzztBtG0C0C0FtBtGtDzztD0DtGyCtB0ByCtGyDtC0C0FyD0EtBtD0F0DtA0A2Q&cr=1823922489&ir=", "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,%20203,%200_0,%20StartPage,%2020131044,%2020033,%200,%2025,%200", "https://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20140835,20033,0,31,0", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN36419437882469290&UM=2&UP=SP4F7C90B0-DB9F-4430-B174-2BB8ECD3ADCB&SSPV=", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyD0DzzyDyBtN0D0Tzu0StCtDtCtCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StA0E0AtDzytDyEyDtGyC0ByC0DtGtAyB0ByCtGyDyByEtDtGyBtCyC0DyEyBtAtA0DtB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0D0D0CyDtDzztGzy0BtA0CtGyE0AzztAtG0AtAzytAtG0F0AyE0B0EyCzzzzzyyB0D0F2Q&cr=1215931763&ir=", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEzz0BtC0F0DyD0DzzyDyBtN0D0Tzu0StCtDtBtCtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyCtCyBzyzzyEtCyCtG0DzzyC0EtGtAtCzyyCtG0DtA0CzytGyB0AtDyEyEtC0A0CzyyB0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0B0BtD0D0FtD0AtGtBtC0CzytGyE0BzzzytG0B0CyByDtGzy0DtD0E0DyBtA0BzyyB0D0F2Q&cr=898590603&ir=", "hxxp://www.v9.com/?type=hp&ts=1414815269&from=cor&uid=WDCXWD7501AAES-75W7A0_WD-WCATR181444914449&i=psd&t=34b4bad73"
CHR DefaultSearchKeyword: Default -> trovi.search


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#87
Report •

#88
December 7, 2014 at 02:37:51
"Posted results of #86 like above 6 days ago"
Not on this page, only December 7.

Report •

Ask Question