Page 1 of 2 12 LastLast
Results 1 to 15 of 25
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    http://tinyurl.com/Fennell
    Posts
    21
    Thanks
    11
    Thanked 0 Times in 0 Posts

    Question RunDLL error message

    I'm not sure where to post this question. I'm running Win 8.1 and my daughter is using Win 7. This error msg appears on both of our computers. We are not in the same household. It mostly seems to happen when waking from hibernation or restarting Windows. (I tried to attach a copy by using the Manage Attachments button, but it did not respond.)

    RunDLL
    There was a problem starting
    C:\PROGRA~1COMMON~1\/System\SysMenu.dll

    The specified module could not be found.

    Any help would be appreciated.
    Caroline

  2. #2
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,751
    Thanks
    67
    Thanked 545 Times in 493 Posts
    Try downloading and running Malwarebytes Free:
    www.malwarebytes.org

    During the Malwarebytes setup, make sure you uncheck the offer for the free trial of Malwarebytes full.

    Jerry

  3. The Following User Says Thank You to jwitalka For This Useful Post:

    Caroart (2014-08-21)

  4. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    http://tinyurl.com/Fennell
    Posts
    21
    Thanks
    11
    Thanked 0 Times in 0 Posts
    Jerry, thank you for your response. I have and use free Malwarebytes regularly. I usually get several PUPs that I quarantine and ultimately delete.

    Caroline

  5. #4
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    'Usually get several PUPs'? Sounds like you should paste the MBAM logs here for us to check.

    SysMenu looks like Adware, maybe installed by YTDownloader: http://www.herdprotect.com/sysmenu.d...74a9f79b8.aspx

  6. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    http://tinyurl.com/Fennell
    Posts
    21
    Thanks
    11
    Thanked 0 Times in 0 Posts
    This log is from today and I do see reference to "Goobzo". Where would YTDownloader have come from? Maybe tagged on to another download somewhere along the way? Should I run the scan shown in the link you provided?
    Caroline

    <?xml version="1.0" encoding="UTF-16" ?>
    <mbam-log>
    <header>
    <date>2014/08/21 11:10:42 -0700</date>
    <logfile>mbam-log-2014-08-21 (11-10-41).xml</logfile>
    <isadmin>yes</isadmin>
    </header>
    <engine>
    <version>2.00.2.1012</version>
    <malware-database>v2014.08.21.07</malware-database>
    <rootkit-database>v2014.08.16.01</rootkit-database>
    <license>free</license>
    <file-protection>disabled</file-protection>
    <web-protection>disabled</web-protection>
    <self-protection>disabled</self-protection>
    </engine>
    <system>
    <osversion>Windows 8.1</osversion>
    <arch>x64</arch>
    <username>ArtorCaroline</username>
    <filesys>NTFS</filesys>
    </system>
    <summary>
    <type>threat</type>
    <result>completed</result>
    <objects>408595</objects>
    <time>962</time>
    <processes>0</processes>
    <modules>0</modules>
    <keys>0</keys>
    <values>0</values>
    <datas>0</datas>
    <folders>2</folders>
    <files>2</files>
    <sectors>0</sectors>
    </summary>
    <options>
    <memory>enabled</memory>
    <startup>enabled</startup>
    <filesystem>enabled</filesystem>
    <archives>enabled</archives>
    <rootkits>disabled</rootkits>
    <deeprootkit>disabled</deeprootkit>
    <heuristics>enabled</heuristics>
    <pup>warn</pup>
    <pum>enabled</pum>
    </options>
    <items>
    <folder><path>C:\ProgramData\SearchModule</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>06358a3f65162a0cfd8c687c768cdf21</hash></folder>
    <folder><path>C:\Program Files\Common Files\Goobzo</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>b78418b1e7947eb84f6b6e73ba4851af</hash></folder>
    <file><path>C:\ProgramData\SearchModule\smhe.js</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>06358a3f65162a0cfd8c687c768cdf21</hash></file>
    <file><path>C:\Users\ArtorCaroline\AppData\Roaming \Mozilla\Firefox\Profiles\y5soyind.default\prefs.j s</path><vendor>PUP.Optional.SearchNet.A</vendor><action>replaced</action><baddata>user_pref(&quot;keyword.URL&quot;, &quot;http://www-search.net/search.aspx?site=shdefault&amp;pid=s&amp;shr=d&amp ;q={searchTerms}&quot;</baddata><gooddata></gooddata><hash>e55636936d0e89adc09619f351b435cb</hash></file>
    </items>
    </mbam-log>

  7. #6
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    Yes, it came in as a tag a long with something, I see a number of possibilities listed.

    Let's try a couple of adware specific tools, AdwCleaner and JRT.

    Download JRT: http://www.bleepingcomputer.com/down...-removal-tool/ to your Desktop, we'll use it later.

    Download AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/ to your Desktop and then close all programs and browsers. Double click on AdwCleaner.exe to run it, click on Scan.

    After the scan is complete click on Clean, confirm each prompt with Ok. Your computer will be rebooted automatically.

    A text file will open after the restart, close it and move on to JRT.

    Shut down/disable all protection software now to avoid potential conflicts.

    Right click on JRT.exe and select Run as Administrator. The tool will open and start scanning your system, be patient as this can take a while to complete depending on your system's specifications.

    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    Restart or re-enable your security software now.

    Paste the contents of JRT.txt into your next message, also the JRT logfile contents from C:\AdwCleaner[S1].txt as well. Let us know how the computer is behaving, any other oddities, etc.

  8. #7
    New Lounger
    Join Date
    Dec 2009
    Location
    http://tinyurl.com/Fennell
    Posts
    21
    Thanks
    11
    Thanked 0 Times in 0 Posts
    Completed steps outlined above. I failed to save the C:\AdwCleaner[S1].txt and can't seem to locate it now.
    Thank you for your help with this. I'll let you know how it goes.
    Caroline

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 8.1 x64
    Ran by ArtorCaroline on Fri 08/22/2014 at 10:08:19.95
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{16B28D12-B939-4BAB-83C7-C4CEF2283FEC}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1D1D9D4C-72A1-49D6-B762-EF510C169B29}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6102AED8-043A-41F0-BAEB-77BCF3F1EC10}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AEE36D9A-9E5B-4059-BDC4-B38568363728}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\Users\ArtorCaroline\appdata\locallow\surfcanyo n"



    ~~~ FireFox

    Successfully deleted the following from C:\Users\ArtorCaroline\AppData\Roaming\mozilla\fir efox\profiles\y5soyind.default\prefs.js

    user_pref("socialfixer.100000343466432/typeahead_new", "for (;;{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":100000343466432,\"photo\":\"hxxps:\\/\\/fbcdn-profile-a.akamaih
    Emptied folder: C:\Users\ArtorCaroline\AppData\Roaming\mozilla\fir efox\profiles\y5soyind.default\minidumps [7 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
    Scan was completed on Fri 08/22/2014 at 10:18:05.94
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~

  9. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    Apologies Caroline, it should be in the C: AdwCleaner folder, C:\AdwCleaner\AdwCleaner[S1].txt <- but it might be [S0], mine is.

    Let's run an online AV check to see if that picks up any remnants now: http://www.eset.com/us/online-scanner/ and click the Run ESET online scanner button. Try to capture the results for us, I can't remember how they're displayed

  10. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    http://tinyurl.com/Fennell
    Posts
    21
    Thanks
    11
    Thanked 0 Times in 0 Posts
    # AdwCleaner v3.205 - Report created 01/05/2014 at 09:26:18
    # Updated 28/04/2014 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : ArtorCaroline - TOSHIBA
    # Running from : C:\Users\ArtorCaroline\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : vToolbarUpdater18.0.5

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\File Type Helper
    Folder Deleted : C:\Program Files (x86)\Mobogenie
    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\WINDOWS\SysWOW64\ARFC
    Folder Deleted : C:\WINDOWS\SysWOW64\jmdp
    Folder Deleted : C:\WINDOWS\SysWOW64\WNLT
    Folder Deleted : C:\Program Files\Uninstaller
    Folder Deleted : C:\WINDOWS\System32\ljkb
    Folder Deleted : C:\Users\Art & Caroline\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Art & Caroline\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Art & Caroline\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Art & Caroline\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
    Folder Deleted : C:\Users\Art & Caroline\AppData\Local\Pokki
    Folder Deleted : C:\Users\Art & Caroline.Toshiba\AppData\Local\Pokki
    Folder Deleted : C:\Users\Art & Caroline.Toshiba\AppData\LocalLow\Fast Free Converter
    Folder Deleted : C:\Users\ArtorCaroline\.android
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\Babylon
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\Conduit
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\genienext
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\Mobogenie
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\PackageAware
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\Pokki
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\SearchProtect
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\Surf_Canyon
    Folder Deleted : C:\Users\ArtorCaroline\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\ArtorCaroline\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\ArtorCaroline\AppData\LocalLow\Fast Free Converter
    Folder Deleted : C:\Users\ArtorCaroline\AppData\LocalLow\Mysearchdi al
    Folder Deleted : C:\Users\ArtorCaroline\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\ArtorCaroline\AppData\LocalLow\SweetPacks _A1
    Folder Deleted : C:\Users\ArtorCaroline\AppData\LocalLow\Vafmusic8
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Roaming\0D0S1L2Z1P1 B0T1P1B2Z
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Roaming\DefaultTab
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Roaming\digitalsite
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Roaming\DigitalSite s
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Roaming\SearchProte ct
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Roaming\Mozilla\Fir efox\Profiles\y5soyind.default\InboxAce_1g
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Roaming\Mozilla\Fir efox\Profiles\y5soyind.default\Extensions\{635abd6 7-4fe9-1b23-4f01-e679fa7484c1}
    Folder Deleted : C:\Users\Art & Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\ jmvvk4y1.default-1377800489035\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    Folder Deleted : C:\Users\Art & Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\ jmvvk4y1.default-1377800489035\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    Folder Deleted : C:\Users\Art & Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\ jmvvk4y1.default-1377800489035\Extensions\ffxtlbr@mysearchdial.com
    Folder Deleted : C:\Users\Art & Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\ jmvvk4y1.default-1377800489035\Extensions\staged\ffxtlbr@mysearchdi al.com
    Folder Deleted : C:\Users\Art & Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\ jmvvk4y1.default-1377800489035\Extensions\speeddial@instair.net
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\Google\Chrome \User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkh lgibem
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\Google\Chrome \User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadj fpblof
    Folder Deleted : C:\Users\ArtorCaroline\AppData\Local\Google\Chrome \User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjl jpjblk
    File Deleted : C:\END
    File Deleted : C:\WINDOWS\System32\dmwu.exe
    File Deleted : C:\WINDOWS\System32\ImhxxpComm.dll
    File Deleted : C:\WINDOWS\System32\roboot64.exe
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
    File Deleted : C:\Users\ArtorCaroline\AppData\Roaming\Mozilla\Fir efox\Profiles\y5soyind.default\searchplugins\Condu it.xml
    File Deleted : C:\Users\Art & Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\ jmvvk4y1.default-1377800489035\searchplugins\Mysearchdial.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
    File Deleted : C:\Users\Art & Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\ jmvvk4y1.default-1377800489035\user.js
    File Deleted : C:\Users\ArtorCaroline\AppData\Roaming\Mozilla\Fir efox\Profiles\y5soyind.default\user.js
    File Deleted : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
    File Deleted : C:\WINDOWS\Tasks\DigitalSite.job
    File Deleted : C:\WINDOWS\System32\Tasks\DigitalSite
    File Deleted : C:\WINDOWS\System32\Tasks\LaunchApp

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [extension@FastFreeConverter.com]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedg pfiiedeimiebkmbilgmlc
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmop ecpmkdieinmbadjfpblof
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapb gpeakohlggbpidpppgdff
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgnjomjlkae npngklfddmaodjljpjblk
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgnjomjlkae npngklfddmaodjljpjblk
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi .1
    Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_ras api32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_ras mancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6E7007A9-D556-4668-957D-A95836C91F8B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{6E7007A9-D556-4668-957D-A95836C91F8B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{6E7007A9-D556-4668-957D-A95836C91F8B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9961502D-EB87-46EE-BFAC-B2C08C9B7606}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18517E82-AC28-48A8-8C8F-400CEBE97C68}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E7FEEA3-A6DF-4BD5-A3AD-E00A1AC9294E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{200EC533-92DA-4741-9902-390039A67CC2}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Pokki
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\Vafmusic8
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContai ner
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchSco pes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\SweetPacks_A1
    Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic8
    Key Deleted : HKLM\Software\AVG SafeGuard toolbar
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DefaultTab
    Key Deleted : HKLM\Software\Fast Free Converter
    Key Deleted : HKLM\Software\mysearchdial
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : HKLM\Software\SweetPacks_A1
    Key Deleted : HKLM\Software\Vafmusic8
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall\Pokki
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall\Zip Opener Packages
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DMUninstaller
    Key Deleted : [x64] HKLM\SOFTWARE\wnlt
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64 Loader.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17037

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Art & Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\ jmvvk4y1.default-1377800489035\prefs.js ]

    Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuyEzz0DtBtByEyC zz0Dzy0BtDtAyD0BtBtN0D0Tzu0CyBtCzztN1L2XzutBtFtBtF tCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
    Line Deleted : user_pref("socialfixer.593436756/cached_content/donate_pagelet", "{\"expires_on\":1379740729613,\"content\":\"< div style=\\\"background-color:#ffffcc;border:1px solid #cccc99;padding:5px;-moz-border-r[...]
    Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
    Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

    [ File : C:\Users\ArtorCaroline\AppData\Roaming\Mozilla\Fir efox\Profiles\y5soyind.default\prefs.js ]

    Line Deleted : user_pref("CT3303001.FF19Solved", "true");
    Line Deleted : user_pref("CT3303001.UserID", "UN29948425071582832");
    Line Deleted : user_pref("CT3303001.browser.search.defaultthis.en gineName", "true");
    Line Deleted : user_pref("CT3303001.fullUserID", "UN29948425071582832.IN.20131019225631");
    Line Deleted : user_pref("CT3303001.installDate", "19/10/2013 22:56:35");
    Line Deleted : user_pref("CT3303001.installSessionId", "{0C36CE5C-6F61-4D17-9B35-5E2B66405D07}");
    Line Deleted : user_pref("CT3303001.installSp", "TRUE");
    Line Deleted : user_pref("CT3303001.installerVersion", "1.7.1.4");
    Line Deleted : user_pref("CT3303001.keyword", "true");
    Line Deleted : user_pref("CT3303001.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3314198&CUI=UN25560811923168624&UM=2&Searc hSource=13");
    Line Deleted : user_pref("CT3303001.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI= UN25560811923168624&UM=2&q=");
    Line Deleted : user_pref("CT3303001.originalSearchEngine", "SweetPacks A1 Customized Web Search");
    Line Deleted : user_pref("CT3303001.originalSearchEngineName", "SweetPacks A1 Customized Web Search");
    Line Deleted : user_pref("CT3303001.searchProtector.notifyChanges ", "{\"dataType\":\"string\",\"data\":\"false\"}" );
    Line Deleted : user_pref("CT3303001.searchRevert", "false");
    Line Deleted : user_pref("CT3303001.searchUserMode", "2");
    Line Deleted : user_pref("CT3303001.smartbar.homepage", "true");
    Line Deleted : user_pref("CT3303001.versionFromInstaller", "10.20.1.8");
    Line Deleted : user_pref("CT3303001.xpeMode", "0");
    Line Deleted : user_pref("CT3314198.FF19Solved", "true");
    Line Deleted : user_pref("CT3314198.UserID", "UN25560811923168624");
    Line Deleted : user_pref("CT3314198.browser.search.defaultthis.en gineName", "true");
    Line Deleted : user_pref("CT3314198.fullUserID", "UN25560811923168624.IN.20131019225325");
    Line Deleted : user_pref("CT3314198.installDate", "19/10/2013 22:53:29");
    Line Deleted : user_pref("CT3314198.installSessionId", "{8182E1F1-BDEF-45FB-BB68-ED0C509E761E}");
    Line Deleted : user_pref("CT3314198.installSp", "TRUE");
    Line Deleted : user_pref("CT3314198.installerVersion", "1.7.1.7");
    Line Deleted : user_pref("CT3314198.keyword", "true");
    Line Deleted : user_pref("CT3314198.originalHomepage", "hxxps://www.facebook.com/|hxxp://my.msn.com/|hxxps://blu180.mail.live.com/default.aspx?id=64855&rru=inbox");
    Line Deleted : user_pref("CT3314198.originalSearchAddressUrl", "");
    Line Deleted : user_pref("CT3314198.originalSearchEngine", "AVG Secure Search");
    Line Deleted : user_pref("CT3314198.originalSearchEngineName", "AVG Secure Search");
    Line Deleted : user_pref("CT3314198.searchProtector.notifyChanges ", "{\"dataType\":\"string\",\"data\":\"false\"}" );
    Line Deleted : user_pref("CT3314198.searchRevert", "false");
    Line Deleted : user_pref("CT3314198.searchUserMode", "2");
    Line Deleted : user_pref("CT3314198.smartbar.homepage", "true");
    Line Deleted : user_pref("CT3314198.versionFromInstaller", "10.20.3.20");
    Line Deleted : user_pref("CT3314198.xpeMode", "0");
    Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3303001&CUI=UN29948425071582832&UM=2&Searc hSource=13");
    Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI= UN25560811923168624&UM=2&q=");
    Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3317191&octid=EB_ORIGINAL_CTID&SearchSourc e=69&CUI=&SSPV=AAtest29A_sp_ff&Lay=1&UM=2&UP=SP192 D4B11-A7AD-4976-A387-1488C7276B08");
    Line Deleted : user_pref("browser.search.defaultthis.engineName", "Vafmusic8 Customized Web Search");
    Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303001&CUI=UN2994842507158 2832&UM=2&SearchSource=3&q={searchTerms}");
    Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
    Line Deleted : user_pref("extensions.crossrider.bic", "141d1b93aeaf93bb5bf3039f3eeb076d");
    Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd1202");
    Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
    Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyEzz0DtBtByEyCzz0Dzy0BtDtAyD0BtBt N0D0Tzu0CyBtCzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1 CzutCyD1B1P1R");
    Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
    Line Deleted : user_pref("extensions.mysearchdial.cr", "1256236952");
    Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
    Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
    Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
    Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,189513 0307,603719297,4288797614,3754950497,426401714,304 6281807,752626116,1657571787,3224935090,2597085128 ,18285[...]
    Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
    Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "0442BA7FD93967360753EA4F0A2A4EFC");
    Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
    Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuyEzz0DtBtByEyC zz0Dzy0BtDtAyD0BtBtN0D0Tzu0CyBtCzztN1L2XzutBtFtBtF tCyEtFtCtAyBzytN1L1CzutC[...]
    Line Deleted : user_pref("extensions.mysearchdial.id", "48D22468D9B035B2");
    Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16058");
    Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
    Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzuyEzz0DtBtByEyCz z0Dzy0BtDtAyD0BtBtN0D0Tzu0CyCyDyBtN1L2XzutBtFtBtFy EtFyBtAtCtN1L1Czu1B1F1I1L1[...]
    Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.09:59:51");
    Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuyEzz0DtBtByEyC zz0Dzy0BtDtAyD0BtBtN0D0Tzu0CyBtCzztN1L2XzutBtFtBtF tCyEtFtCtAyBzytN1L1Czu[...]
    Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoa d\":\"\",\"showMsg\":\"false\",\"showSilent\":\"tr ue\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
    Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
    Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
    Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuyEzz0DtBtByEyC zz0Dzy0BtDtAyD0BtBtN0D0Tzu0CyBtCzztN1L2XzutBtFtBtF tCyEtFtCtAyBzytN1L1C[...]
    Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
    Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
    Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
    Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
    Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.09:59:51");
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.BUTTON_STRUCTURE", "[{\"b\":220747445,\"c\":\"mindspark.magnify\",\"p\" :\"L.0\"},{\"b\":220747446,\"c\":\"mindspark.enter searchterms\",\"p\":\"L.0.0[...]
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.firstKnownVersion", "5.75.3.5482");
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=780b5b04&p2=^YO^xpi000^S07867^");
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.initialized", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.installation.contextKey", "");
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.installation.installDate", "2014010116");
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.installation.partnerId", "^YO^xpi000^S07867^");
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.installation.partnerSubId", "");
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.installation.success", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.isCompliantUninstallImplementation", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.lastKnownVersion", "5.75.3.5482");
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.options.defaultSearch", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.options.homePageEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.options.keywordEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.options.tabEnabled", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.partnerPixelFired", false);
    Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers _.toolbarCollapsed", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstal led", "inboxace@mindspark.com");
    Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3303001");
    Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3314198&CUI=UN25560811923168624&UM=2&Searc hSource=13,hxxp://search.conduit.com/?ctid=CT3303001&CUI=UN29948425071582832&UM=2[...]
    Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI= UN25560811923168624&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
    Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3303001");
    Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3303001");
    Line Deleted : user_pref("smartbar.machineId", "WNIO7ZC4FFQB/7P/M43SYZJWPKHMO5NDXRW28WXQH2H6E74R7SGP6K2QUGTXZKEJIF FZTR6IKRMIWYLDHS2K5G");
    Line Deleted : user_pref("socialfixer.593436756/cached_content/donate_pagelet", "{\"expires_on\":1395541364171,\"content\":\"< div style=\\\"background-color:#ffffcc;border:1px solid #cccc99;padding:5px;-moz-border-r[...]

    -\\ Google Chrome v34.0.1847.131

    [ File : C:\Users\Art & Caroline\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuyEzz0DtBtByEyC zz0Dzy0BtDtAyD0BtBtN0D0Tzu0CyBtCzztN1L2XzutBtFtBtF tCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1256236952&ir=
    Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
    Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
    Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
    Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
    Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
    Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
    Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
    Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
    Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
    Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

    [ File : C:\Users\ArtorCaroline\AppData\Local\Google\Chrome \User Data\Default\preferences ]

    Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3317191&octid=EB_ORIGINAL_CTID&SearchSourc e=55&CUI=&UM=2&UP=SP192D4B11-A7AD-4976-A387-1488C7276B08&SSPV=AAtest29A_sp_ch
    Deleted [Startup_urls] : hxxp://my.msn.com/default.aspx?mypg=2|hxxp://mysearch.avg.com?cid={165F11CC-1020-4D4A-8B0D-9C997C9BCDF9}&mid=20f8c1486e3b47d39dc3d9d74735129f-f938071c9ff8acd5ea74babf3ce89528cb06855a&lang=en&d s=co011&coid=avgtbdisco&pr=sa&d=2013-11-04 19:25:15&v=18.0.5.292&pid=safeguard&sg=0&sap=hp|hx xp://search.conduit.com/?ctid=CT3317191&octid=EB_ORIGINAL_CTID&SearchSourc e=55&CUI=&UM=2&UP=SP192D4B11-A7AD-4976-A387-1488C7276B08&SSPV=AAtest29A_sp_ch
    Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
    Deleted [Extension] : fgnjomjlkaenpngklfddmaodjljpjblk
    Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

    *************************
    OK, found it- Will run ESET scanner next.


    AdwCleaner[R0].txt - [28614 octets] - [01/05/2014 09:25:25]
    AdwCleaner[S0].txt - [28095 octets] - [01/05/2014 09:26:18]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28156 octets] ##########

  11. #10
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,868
    Thanks
    30
    Thanked 252 Times in 246 Posts
    Looks like you've been saving them up

    In ESET click on Advanced and check all of the options except the last one then disable your AV program immediately before you hit the Scan button - not forgetting to re-enable it after ESET has completed.

    This scan will take some time so be patient.

  12. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    http://tinyurl.com/Fennell
    Posts
    21
    Thanks
    11
    Thanked 0 Times in 0 Posts
    ESET found and cleaned 35 infected files. Should I delete the quarantined files or leave them alone?

    C:\$Recycle.Bin\S-1-5-21-4288498488-3066969166-634296000-1001\$R6QO6YB.exe a variant of Win32/InstallCore.QH potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3303001\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3314198\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Helper\FileTypeHelper_assoc.exe.vir MSIL/FileTypeHelper.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\Local\Conduit\BackgroundContainer\BackgroundC ontainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\Local\Conduit\BackgroundContainer\TBUpdaterLo gic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\Local\Conduit\BackgroundContainer\TBUpdaterLo gic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjl jpjblk\10.29.0.520_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjl jpjblk\10.29.0.520_0\nativeMessaging\TBMessagingHo st.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjl jpjblk\10.29.0.520_0\plugins\ChromeApiPlugin.dll.v ir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\SweetPacks_A1\hk64tbSwee.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\SweetPacks_A1\hktbSwee.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\SweetPacks_A1\ldrtbSwee.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\SweetPacks_A1\tbSwee.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\SweetPacks_A1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\Vafmusic8\hk64tbVaf0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\Vafmusic8\hk64tbVafm.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\Vafmusic8\hktbVaf0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\Vafmusic8\hktbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\Vafmusic8\ldrtbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\Vafmusic8\ldrtbVafm.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\Vafmusic8\tbVaf0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\Vafmusic8\tbVaf1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\Vafmusic8\tbVafm.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\LocalLow\Vafmusic8\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Image Editor Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\Roaming\0H1F2WtF1L1G1R\vDownloader Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\ArtorCaroline\App Data\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\ARFC\w rtc.exe.vir a variant of Win32/Toolbar.Perion.G potentially unwanted application deleted - quarantined
    C:\Users\ArtorCaroline\AppData\Local\NSManager\man ager.exe Win32/Itsalike.A potentially unwanted application deleted - quarantined
    C:\Users\ArtorCaroline\AppData\Local\Temp\ICReinst all_.exe a variant of Win32/InstallCore.QH potentially unwanted application deleted - quarantined

  13. #12
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    They all look like spy/ad/crap-ware to me, Caroline, those I'm not so sure of are running from very dodgy locations - nuke them all

    Did you follow Sudo15's advice from #10? If not, set it up that way and run it again to be sure.

  14. The Following User Says Thank You to satrow For This Useful Post:

    Caroart (2014-08-25)

  15. #13
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,868
    Thanks
    30
    Thanked 252 Times in 246 Posts
    Apart from a couple of items it looks as though it's cleaned out AdwCleaner's quarantine folder and what AdwCleaner has already removed from the computer - but another run to confirm won't harm and the next one should come up clean.

  16. #14
    New Lounger
    Join Date
    Dec 2009
    Location
    http://tinyurl.com/Fennell
    Posts
    21
    Thanks
    11
    Thanked 0 Times in 0 Posts
    Ran again following advice #10.

    C:\Users\All Users\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
    C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
    C:\Users\ArtorCaroline\AppData\Local\CRE\fgnjomjlk aenpngklfddmaodjljpjblk.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
    C:\Users\ArtorCaroline\Carbonite Restored OLD User Settings\2014-05-12 06-51-21PM\AppData\Local\CRE\fgnjomjlkaenpngklfddmaodjlj pjblk.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined

  17. #15
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,868
    Thanks
    30
    Thanked 252 Times in 246 Posts
    Reboot and run it again to see if it comes up clean this time - it's already supposed to have taken out Conduit as well as AdwCleaner reporting it had removed it.

    Ensure you check ESET's auto remove box and that should remove its quarantine files as well.
    Last edited by Sudo15; 2014-08-24 at 05:18.

  18. The Following User Says Thank You to Sudo15 For This Useful Post:

    Caroart (2014-08-25)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •