Error message
- Thread starter jetsmell
- Start date
Startupinfo.exe is part if System Care by iobit, which is junkware. Go into Programs & Features and uninstall it.
Run these and post the logs.
1.
Please download AdwCleaner by Xplode onto your Desktop.
•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
2.
Please download Junkware Removal Tool to your desktop.
•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.
3.
Please download Malwarebytes' Anti-Malware and save it to your desktop.
If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.
EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE
But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.
Please post the log that Malwarebytes displays on your screen.
4.
Download OTL to your Desktop
•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.
Then post the logs from the following 4 programs.
1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
1.
Please download AdwCleaner by Xplode onto your Desktop.
•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
2.
Please download Junkware Removal Tool to your desktop.
•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.
3.
Please download Malwarebytes' Anti-Malware and save it to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware
If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.
EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE
But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.
Please post the log that Malwarebytes displays on your screen.
4.
Download OTL to your Desktop
•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.
Then post the logs from the following 4 programs.
1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
# AdwCleaner v5.026 - Logfile created 28/12/2015 at 19:31:59 I'm watching Monday night footbnall so I'll do the rest afterwards. I have no idea what this report means.
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Ultimate (x64)
# Username : Dan - FLIGHT
# Running from : C:\Users\Dan\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\rei
[-] Folder Deleted : C:\Program Files\Reimage
[-] Folder Deleted : C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\ProgramData\Winferno
[-] Folder Deleted : C:\Users\Dan\AppData\Local\eSupport.com
[-] Folder Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
[-] Folder Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Folder Deleted : C:\Users\Dan\AppData\Roaming\ParetoLogic
[-] Folder Deleted : C:\Users\Dan\AppData\Roaming\Solvusoft
[-] Folder Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\Extensions\[email protected]
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\WinThruster
***** [ Files ] *****
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\search.xml
[-] File Deleted : C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
[-] File Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\user.js
[-] File Deleted : C:\WINDOWS\Reimage.ini
[-] File Deleted : C:\WINDOWS\SysNative\roboot64.exe
[-] File Deleted : C:\WINDOWS\SysNative\SaiC0255_12.dll
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : DRIVERfighter Auto Start
[-] Task Deleted : Reimage Reminder
[-] Task Deleted : ReimageUpdater
[-] Task Deleted : WinThruster
[-] Task Deleted : WinThruster_DEFAULT
[-] Task Deleted : WinThruster_UPDATES
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\Solvusoft
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
***** [ Web browsers ] *****
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.BUTTON_STRUCTURE", "[{\"b\":221352991,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221352992,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.version.last", "34.0");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.firstKnownVersion", "6.83.5.43020");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=52AA2C62-B699-4E65-B23A-B61577EBF66E&n=781a9f31&p2=^ZO^xdm161^YYA^us&si=EL_UTUS_13");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installKeysSource", "LocalStorage");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installType", "XPI");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2015010609");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm161^YYA^us");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "EL_UTUS_13");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.pixelUrl", "hxxp://www.utilitychest.com/install_pixels.jhtml?partner=^ZO^xdm161^YYA^us&sub_id=EL_UTUS_13&coId=b77227b261aa49f5963874539[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "52AA2C62-B699-4E65-B23A-B61577EBF66E");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1420591186608");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.lastKnownVersion", "6.83.5.43020");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.partnerPixelFired", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.successUrl", "hxxp://www.utilitychest.com/installComplete.jhtml");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.toolbarCollapsed", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "45201");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.BUTTON_STRUCTURE", "[{\"b\":224207096,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224207097,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.defaultenginename.prev", "Search");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.defaultenginename.savedPrev", "true");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.defaultenginename.tb", "Ask Web Search");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.selectedEngine.prev", "Yahoo");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.selectedEngine.savedPrev", "true");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.selectedEngine.tb", "Ask Web Search");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.homepage.prev", "hxxp://www.ighome.com/");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.homepage.savedPrev", "true");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.page.savedPrev", 1);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.page.tb", 1);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.version.last", "38.0");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.firstKnownVersion", "6.85.6.26584");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=5E29E3C9-7BFA-4014-AA4C-0173B3F3A2E4&n=781b1971&p2=^Y6^xdm003^S12706^us&si=CNmfsYWng8UCFZeJaQodnC[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.guardType", "HPR");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.user.defined", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installKeysSource", "Cookies");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installType", "XPI");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2015041905");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm003^S12706^us");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "CNmfsYWng8UCFZeJaQodnCMA-g");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.pixelUrl", "hxxp://download.fromdoctopdf.com/install_pixels.jhtml?partner=^Y6^xdm003^S12706^us&sub_id=CNmfsYWng8UCFZeJaQodnCMA-g&coId=9[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "5E29E3C9-7BFA-4014-AA4C-0173B3F3A2E4");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1433851680698");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastKnownVersion", "6.85.6.26584");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.partnerPixelFired", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.successUrl", "hxxp://download.fromdoctopdf.com/installComplete.jhtml");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.toolbar.ownSearch", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.toolbar.versionChanged", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.toolbarCollapsed", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "45201");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dregol.com
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.dregol.com/?f=7&a=drg_bimmed_15_28&cd=2XzuyEtN2Y1L1Qzu0Ezz0D0EtByB0CzyyDtC0AtB0E0E0AyDtN0D0Tzu0StCtBzzyDtN1L2XzutAtFtCtCtFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0FyDzy0C0BtC0BtGtCzzyEyEtGtCyE0A0AtGyBzztDzztG0B0B0BtByDtBzytDtAzzzztC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyD0EyBzzyEyEyDtGtCyBzyyBtGyEzz0A0DtG0B0F0C0EtGzy0BtC0EtCyB0EtDtByEtB0D2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzyCtB&cr=1608524372&ir=
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_bimmed_15_28&cd=2XzuyEtN2Y1L1Qzu0Ezz0D0EtByB0CzyyDtC0AtB0E0E0AyDtN0D0Tzu0StCtBzzyDtN1L2XzutAtFtCtCtFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0FyDzy0C0BtC0BtGtCzzyEyEtGtCyE0A0AtGyBzztDzztG0B0B0BtByDtBzytDtAzzzztC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyD0EyBzzyEyEyDtGtCyBzyyBtGyEzz0A0DtG0B0F0C0EtGzy0BtC0EtCyB0EtDtByEtB0D2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzyCtB&cr=1608524372&ir=
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [20405 bytes] ##########
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Ultimate (x64)
# Username : Dan - FLIGHT
# Running from : C:\Users\Dan\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\rei
[-] Folder Deleted : C:\Program Files\Reimage
[-] Folder Deleted : C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\ProgramData\Winferno
[-] Folder Deleted : C:\Users\Dan\AppData\Local\eSupport.com
[-] Folder Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
[-] Folder Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Folder Deleted : C:\Users\Dan\AppData\Roaming\ParetoLogic
[-] Folder Deleted : C:\Users\Dan\AppData\Roaming\Solvusoft
[-] Folder Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\Extensions\[email protected]
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\WinThruster
***** [ Files ] *****
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\search.xml
[-] File Deleted : C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
[-] File Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\user.js
[-] File Deleted : C:\WINDOWS\Reimage.ini
[-] File Deleted : C:\WINDOWS\SysNative\roboot64.exe
[-] File Deleted : C:\WINDOWS\SysNative\SaiC0255_12.dll
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : DRIVERfighter Auto Start
[-] Task Deleted : Reimage Reminder
[-] Task Deleted : ReimageUpdater
[-] Task Deleted : WinThruster
[-] Task Deleted : WinThruster_DEFAULT
[-] Task Deleted : WinThruster_UPDATES
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\Solvusoft
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
***** [ Web browsers ] *****
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.BUTTON_STRUCTURE", "[{\"b\":221352991,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221352992,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.version.last", "34.0");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.firstKnownVersion", "6.83.5.43020");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=52AA2C62-B699-4E65-B23A-B61577EBF66E&n=781a9f31&p2=^ZO^xdm161^YYA^us&si=EL_UTUS_13");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installKeysSource", "LocalStorage");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installType", "XPI");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2015010609");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm161^YYA^us");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "EL_UTUS_13");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.pixelUrl", "hxxp://www.utilitychest.com/install_pixels.jhtml?partner=^ZO^xdm161^YYA^us&sub_id=EL_UTUS_13&coId=b77227b261aa49f5963874539[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "52AA2C62-B699-4E65-B23A-B61577EBF66E");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1420591186608");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.lastKnownVersion", "6.83.5.43020");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.partnerPixelFired", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.successUrl", "hxxp://www.utilitychest.com/installComplete.jhtml");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.toolbarCollapsed", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "45201");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.BUTTON_STRUCTURE", "[{\"b\":224207096,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224207097,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.defaultenginename.prev", "Search");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.defaultenginename.savedPrev", "true");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.defaultenginename.tb", "Ask Web Search");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.selectedEngine.prev", "Yahoo");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.selectedEngine.savedPrev", "true");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.selectedEngine.tb", "Ask Web Search");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.homepage.prev", "hxxp://www.ighome.com/");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.homepage.savedPrev", "true");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.page.savedPrev", 1);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.page.tb", 1);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.version.last", "38.0");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.firstKnownVersion", "6.85.6.26584");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=5E29E3C9-7BFA-4014-AA4C-0173B3F3A2E4&n=781b1971&p2=^Y6^xdm003^S12706^us&si=CNmfsYWng8UCFZeJaQodnC[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.guardType", "HPR");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.user.defined", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installKeysSource", "Cookies");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installType", "XPI");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2015041905");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm003^S12706^us");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "CNmfsYWng8UCFZeJaQodnCMA-g");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.pixelUrl", "hxxp://download.fromdoctopdf.com/install_pixels.jhtml?partner=^Y6^xdm003^S12706^us&sub_id=CNmfsYWng8UCFZeJaQodnCMA-g&coId=9[...]
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "5E29E3C9-7BFA-4014-AA4C-0173B3F3A2E4");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1433851680698");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastKnownVersion", "6.85.6.26584");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.partnerPixelFired", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.successUrl", "hxxp://download.fromdoctopdf.com/installComplete.jhtml");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.toolbar.ownSearch", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.toolbar.versionChanged", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.toolbarCollapsed", true);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "45201");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
[-] [C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dregol.com
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.dregol.com/?f=7&a=drg_bimmed_15_28&cd=2XzuyEtN2Y1L1Qzu0Ezz0D0EtByB0CzyyDtC0AtB0E0E0AyDtN0D0Tzu0StCtBzzyDtN1L2XzutAtFtCtCtFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0FyDzy0C0BtC0BtGtCzzyEyEtGtCyE0A0AtGyBzztDzztG0B0B0BtByDtBzytDtAzzzztC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyD0EyBzzyEyEyDtGtCyBzyyBtGyEzz0A0DtG0B0F0C0EtGzy0BtC0EtCyB0EtDtByEtB0D2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzyCtB&cr=1608524372&ir=
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_bimmed_15_28&cd=2XzuyEtN2Y1L1Qzu0Ezz0D0EtByB0CzyyDtC0AtB0E0E0AyDtN0D0Tzu0StCtBzzyDtN1L2XzutAtFtCtCtFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0FyDzy0C0BtC0BtGtCzzyEyEtGtCyE0A0AtGyBzztDzztG0B0B0BtByDtBzytDtAzzzztC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyD0EyBzzyEyEyDtGtCyBzyyBtGyEzz0A0DtG0B0F0C0EtGzy0BtC0EtCyB0EtDtByEtB0D2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzyCtB&cr=1608524372&ir=
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [20405 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by Dan (Administrator) on Tue 12/29/2015 at 0:10:15.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 18
Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Dan\AppData\Roaming\compuclever (Folder)
Successfully deleted: C:\Users\Dan\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Dan\AppData\Roaming\itibiti (Folder)
Successfully deleted: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\extensions\[email protected]\chrome\content\newuser.js (File)
Successfully deleted: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\extensions\[email protected] (Folder)
Successfully deleted: C:\Users\Dan\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Dan) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SmartDefrag4_Startup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrator (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Dan (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Dan.job (Task)
Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERBOOSTER.EXE-9033297F.pf (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENE0D5.tmp (File)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/29/2015 at 0:11:37.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by Dan (Administrator) on Tue 12/29/2015 at 0:10:15.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 18
Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Dan\AppData\Roaming\compuclever (Folder)
Successfully deleted: C:\Users\Dan\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Dan\AppData\Roaming\itibiti (Folder)
Successfully deleted: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\extensions\[email protected]\chrome\content\newuser.js (File)
Successfully deleted: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\wlpf4izd.default\extensions\[email protected] (Folder)
Successfully deleted: C:\Users\Dan\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Dan) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SmartDefrag4_Startup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrator (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Dan (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Dan.job (Task)
Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERBOOSTER.EXE-9033297F.pf (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENE0D5.tmp (File)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/29/2015 at 0:11:37.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My screen is saying Windows failed to start. Recent hardware or software change might be the cause.
To fix the problem;
Insert your Windows installation disc then restart.
Choose language.
Click repair.
status Oxcoooooof
A required device is not connected or cant be accessed. I have Windows 10 and was trying to rid a viris. PupOpitional Dragol. I was told by a Malwarebytes technican to run a tool and I obviosly messed up. Where do I get this disc. Will the above operation get rid of the virus. I can't get anything on the computer not even safe mode.
To fix the problem;
Insert your Windows installation disc then restart.
Choose language.
Click repair.
status Oxcoooooof
A required device is not connected or cant be accessed. I have Windows 10 and was trying to rid a viris. PupOpitional Dragol. I was told by a Malwarebytes technican to run a tool and I obviosly messed up. Where do I get this disc. Will the above operation get rid of the virus. I can't get anything on the computer not even safe mode.
You will have to download and create the windows 10 install dvd and then boot to it and have it repair your install. Use the media creation tool to download the iso and then write the iso to a dvd. Just don't copy the file to a dvd as it won't work.
http://go.microsoft.com/fwlink/?LinkId=691209
http://go.microsoft.com/fwlink/?LinkId=691209
I tried the Windows 7 route and had no success. So my question is ; Can you supply a link for the Windows 10 download. I don't want Windows 10 on this computer. From what I see so far, there's no option . If I perform this operation correctly , what are the odds of it working? I'm concerned that the drive is permanently damaged. Thanks
I feel that I burned a good Windows 10 disc. Once installed in the infected computer, it did not ask to push any button, but I was able to choose options by pressing f8. I chose 'repair computer'. Nothing. What's the next step? If I have to do a recovery, then so be it. I just want my computer back. Thank's
If its been longer then 30 days, you can't go back to windows 7 per the windows 10 upgrade terms. If using the windows 10 install dvd and choosing to repair the OS didn't fix anything then you are most likely gonna have to wipe everything and install fresh.
There are a lot of issues for people that have earlier operating systems and upgrade to 10. The easiest way to install windows 10 is use the media creation tool to download the install cd and use your current OS's activation key to activate 10.
There are a lot of issues for people that have earlier operating systems and upgrade to 10. The easiest way to install windows 10 is use the media creation tool to download the install cd and use your current OS's activation key to activate 10.
What did you try doing with the disk? You can't repair windows 10 with a windows 7 disk.