Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-01-2014 Ran by A at 2014-01-22 08:47:38 Run:1 Running from C:\Users\A\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start (Boxore OU) C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe HKLM-x32\...\Run: [Boxore Client] - C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe [961312 2013-08-16] (Boxore OU) CHR Plugin: (Application Manager) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File S2 Software_update; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-01-09] (The Software Group) S3 Software_update_m; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-01-09] (The Software Group) 2014-01-09 22:27 - 2014-01-09 22:27 - 00000000 ____D C:\Users\A\AppData\Roaming\OpenCandy 2014-01-09 22:16 - 2014-01-10 22:16 - 00000000 ____D C:\ProgramData\BoxUpdChk 2014-01-09 22:16 - 2014-01-09 22:16 - 00000000 ____D C:\Program Files (x86)\Boxore 2014-01-09 22:09 - 2014-01-21 08:14 - 00000908 _____ C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job 2014-01-09 22:09 - 2014-01-21 08:09 - 00000904 _____ C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job 2014-01-09 22:09 - 2014-01-09 22:09 - 00003904 _____ C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA 2014-01-09 22:09 - 2014-01-09 22:09 - 00003652 _____ C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore 2014-01-09 22:09 - 2014-01-09 22:09 - 00000000 ____D C:\Users\A\AppData\Local\Software 2014-01-09 22:09 - 2014-01-09 22:09 - 00000000 ____D C:\Program Files (x86)\Software Boxore Client (x32 Version: 4.6.0.0 - Boxore OU) <==== ATTENTION Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&SSPV= SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&q={searchTerms}&SSPV= BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) : HKLM-x32 - Ask - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAsk.dll (Ask.com) FF NewTab: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B FF Homepage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&SSPV= FF SearchPlugin: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\searchplugins\conduit-search.xml FF Extension: Ask Toolbar - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\Extensions\toolbar@ask.com [2014-01-09] 2014-01-09 22:27 - 2014-01-09 22:28 - 00000000 ____D C:\Users\A\AppData\Local\SearchProtect 2014-01-09 22:27 - 2014-01-09 22:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2014-01-09 22:20 - 2014-01-09 22:20 - 00003802 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar 2014-01-09 22:20 - 2014-01-09 22:20 - 00000000 ____D C:\Program Files (x86)\Ask.com ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877 FF NewTab: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B FF DefaultSearchEngine: Conduit Search FF SelectedSearchEngine: Conduit Search FF Homepage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5569590F-2ABD-4FDA-BC38-05E74041BA3B&SSPV= CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=12176626F0992CE4A1824651CD27575A End ***************** [2684] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe => Process closed successfully. [2716] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe => Process closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Boxore Client => Value deleted successfully. C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll not found. Software_update => Service deleted successfully. Software_update_m => Service deleted successfully. C:\Users\A\AppData\Roaming\OpenCandy => Moved successfully. C:\ProgramData\BoxUpdChk => Moved successfully. C:\Program Files (x86)\Boxore => Moved successfully. C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job => Moved successfully. C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA => Moved successfully. C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore => Moved successfully. C:\Users\A\AppData\Local\Software => Moved successfully. C:\Program Files (x86)\Software => Moved successfully. Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job not found. Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job not found. "C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully. "C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully. HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully. Firefox newtab deleted successfully. Firefox homepage deleted successfully. C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\searchplugins\conduit-search.xml => Moved successfully. C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\w8c0oylh.default-1389045371166\Extensions\toolbar@ask.com => Moved successfully. C:\Users\A\AppData\Local\SearchProtect => Moved successfully. C:\Program Files (x86)\SearchProtect => Moved successfully. C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully. C:\Program Files (x86)\Ask.com => Moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. Firefox newtab deleted successfully. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. Firefox homepage deleted successfully. CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=12176626F0992CE4A1824651CD27575A ==> The Chrome "Settings" can be used to fix the entry. ==== End of Fixlog ====