Maintaining internet connection

shepsan

shepsan

Member
My OS is Windows 7 Professional.

Regardless of my using Chrome, Firefox, IE or Opera to access the internet, my internet homepage displays with the screen staying active for about 15 seconds. Then, I lose the internet and regain my boot-up Windows desktop.

If I then attempt to gain access to the internet, I do so successfully and have no problem staying connected for as long as I wish.

This type of phenomena does not occur during regular non-internet computing.

How do I correct this problem?
 
Not sure if I follow you here. You open a browser and it works for say 15 seconds and then closes and you are back at your desktop? Is that what you are saying?
 
Sounds like you may have some malware on the system then. Please do the following.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

So in your next reply, please post the logs from the following programs.


1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
 
Johnb35, thank you for your advice. I followed your instructions. This time, when I accessed this site, I remained on the internet without interruption for about five minutes. Then lost the internet and the screen reverted back to desktop.



These are the reports from the various applications you instructed that I use. Sorry that they take up so much space:


ADCLEANER REPORT

# AdwCleaner v3.018 - Report created 06/02/2014 at 01:24:05
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : M Shapiro - MSHAPIRO-PC
# Running from : C:\Users\M Shapiro\Desktop\Internet Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Glarysoft Toolbar
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Program Files (x86)\mapsgalaxy_39
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\YTD Toolbar
Folder Deleted : C:\Program Files (x86)\Plus-HD-1.3
Folder Deleted : C:\Program Files (x86)\KeyBar_1.12
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\M Shapiro\AppData\Local\apn
Folder Deleted : C:\Users\M Shapiro\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Conduit
Folder Deleted : C:\Users\M Shapiro\AppData\Local\iac
Folder Deleted : C:\Users\M Shapiro\AppData\Local\PackageAware
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Savings Sidekick
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Searchprotect
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Smartbar
Folder Deleted : C:\Users\M Shapiro\AppData\Local\VideoDownloadConverter_4z
Folder Deleted : C:\Users\M Shapiro\AppData\Local\visi_coupon
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\iac
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\VideoDownloadConverter_4z
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\Plus-HD-1.3
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\KeyBar_1.12
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\MixiDJ_V8
Folder Deleted : C:\Users\M Shapiro\AppData\LocalLow\Vafmusic7
Folder Deleted : C:\Users\M Shapiro\AppData\Roaming\Babylon
Folder Deleted : C:\Users\M Shapiro\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\M Shapiro\AppData\Roaming\Systweak
Folder Deleted : C:\Users\M Shapiro\AppData\Roaming\Mozilla\Firefox\Profiles\g3g7pdv4.default\Smartbar
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\edakhebdfmenljamaknlnnallmchcdei
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Folder Deleted : C:\Users\M Shapiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\M Shapiro\AppData\Roaming\Mozilla\Firefox\Profiles\g3g7pdv4.default\invalidprefs.js
File Deleted : C:\Users\M Shapiro\AppData\Roaming\Mozilla\Firefox\Profiles\g3g7pdv4.default\searchplugins\ask-search.xml
File Deleted : C:\Users\M Shapiro\AppData\Roaming\Mozilla\Firefox\Profiles\g3g7pdv4.default\searchplugins\Conduit.xml
File Deleted : C:\Users\M Shapiro\AppData\Roaming\Mozilla\Firefox\Profiles\g3g7pdv4.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\M Shapiro\AppData\Roaming\Mozilla\Firefox\Profiles\g3g7pdv4.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\M Shapiro\AppData\Roaming\Mozilla\Firefox\Profiles\g3g7pdv4.default\user.js
File Deleted : C:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job
File Deleted : C:\windows\System32\Tasks\Plus-HD-1.3-chromeinstaller
File Deleted : C:\windows\Tasks\Plus-HD-1.3-codedownloader.job
File Deleted : C:\windows\System32\Tasks\Plus-HD-1.3-codedownloader
File Deleted : C:\windows\Tasks\Plus-HD-1.3-enabler.job
File Deleted : C:\windows\System32\Tasks\Plus-HD-1.3-enabler
File Deleted : C:\windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
File Deleted : C:\windows\System32\Tasks\Plus-HD-1.3-firefoxinstaller
File Deleted : C:\windows\Tasks\Plus-HD-1.3-updater.job
File Deleted : C:\windows\System32\Tasks\Plus-HD-1.3-updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [39ffxtbr@MapsGalaxy_39.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Deleted : HKCU\Software\Google\Chrome\Extensions\edakhebdfmenljamaknlnnallmchcdei
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edakhebdfmenljamaknlnnallmchcdei
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Deleted : HKCU\Software\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photoscape_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photoscape_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4C3A8B6-7724-45D1-A629-17B69118EBCD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37A7EDB7-AFDA-4373-9865-02BF8160E677}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9CFAF5B-E812-45AF-9484-E58823910E57}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A51D53C-6F3C-426E-B789-2A21526E6546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85318F7B-ACB8-4719-A35C-14BF9F7EFBD7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D9CFAF5B-E812-45AF-9484-E58823910E57}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE2DCA0C-2F6E-4855-AB20-253B70DF517F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7287DAB-C9AB-4ADF-BA3D-233472784DBE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C55C5C5-FA4F-45FB-85E0-D92F194295E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A7C74EB-4126-42E0-A047-AFD64A7B8F26}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D62507B-249A-405A-A7A8-9A82E0864FC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{308120E1-23B3-43DB-9735-D41D70D6A25E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{364EA597-E728-4CE4-BB4A-ED846EF47970}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E4C3A8B6-7724-45D1-A629-17B69118EBCD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E4C3A8B6-7724-45D1-A629-17B69118EBCD}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37A7EDB7-AFDA-4373-9865-02BF8160E677}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Sidekick
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-1.3
Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_1.12
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V8
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic7
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\MapsGalaxy_39
Key Deleted : HKLM\Software\PerformerSoft
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Plus-HD-1.3
Key Deleted : HKLM\Software\KeyBar_1.12
Key Deleted : HKLM\Software\MixiDJ_V8
Key Deleted : HKLM\Software\Vafmusic7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.3
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\M Shapiro\AppData\Roaming\Mozilla\Firefox\Profiles\g3g7pdv4.default\prefs.js ]

Line Deleted : user_pref("CT3287822.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3287822.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3287822.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.FF19Solved", "true");
Line Deleted : user_pref("CT3287822.FirstTime", "true");
Line Deleted : user_pref("CT3287822.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3287822.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287822.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN23627480342715177&UM=UM_ID&q=");
Line Deleted : user_pref("CT3287822.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Deleted : user_pref("CT3287822.UserID", "UN23627480342715177");
Line Deleted : user_pref("CT3287822.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3287822.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3287822.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3287822.autoDisableScopes", -1);
Line Deleted : user_pref("CT3287822.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287822.defaultSearch", "true");
Line Deleted : user_pref("CT3287822.enableAlerts", "always");
Line Deleted : user_pref("CT3287822.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3287822.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3287822.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3287822.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3287822.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3287822.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3287822.fixUrls", true);
Line Deleted : user_pref("CT3287822.installDate", "19/3/2013 3:58:36");
Line Deleted : user_pref("CT3287822.installId", "aaa_cid128_49");
Line Deleted : user_pref("CT3287822.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3287822.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3287822.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3287822.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3287822.keyword", "true");
Line Deleted : user_pref("CT3287822.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287822&octid=CT3287822&SearchSource=15&CUI=UN23627480342715177&SSPV=NT_FF_RD&Lay=1&UM[...]
Line Deleted : user_pref("CT3287822.lastVersion", "10.15.2.523");
Line Deleted : user_pref("CT3287822.mam_gk_CouponBuddy_appState.enc", "b24=");
Line Deleted : user_pref("CT3287822.mam_gk_PriceGong_appState.enc", "b24=");
Line Deleted : user_pref("CT3287822.mam_gk_appStateReportTime.enc", "MTM2Mzc4MjE5NzU5Mw==");
Line Deleted : user_pref("CT3287822.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3287822.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287822.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQzZmVjMDg1LWNkMzktNGQyZi05MDZhLTAyNTdkZjM2YzlhYiIsImRvbWFpbnMiOls[...]
Line Deleted : user_pref("CT3287822.mam_gk_currentVersion.enc", "MS40LjMuMg==");
Line Deleted : user_pref("CT3287822.mam_gk_eventsCache.enc", "eyI5MTQwYjIxNy02MTc2LTQ0ZjUtOTA0Mi1mMjc1NmY5YmU2YjkiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlkIjoiOTE0MGIyMTctNjE3Ni00N[...]
Line Deleted : user_pref("CT3287822.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3287822.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3287822.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3287822.mam_gk_lastLoginTime.enc", "MTM2Mzc4MjE5MzY2NA==");
Line Deleted : user_pref("CT3287822.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3287822.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287822.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3287822.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287822.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287822.mam_gk_userId.enc", "NjI3OGMyZGMtZjBiMy00MWRlLWExNDAtNmQxMjE1NTI4ZTJm");
Line Deleted : user_pref("CT3287822.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3287822.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3287822.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://MixiDJV8.OurToolbar.com/\",\"EB_TOOLBA[...]
Line Deleted : user_pref("CT3287822.openThankYouPage", "false");
Line Deleted : user_pref("CT3287822.openUninstallPage", "true");
Line Deleted : user_pref("CT3287822.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3287822.search.searchAppId", "130058556988002179");
Line Deleted : user_pref("CT3287822.search.searchCount", "0");
Line Deleted : user_pref("CT3287822.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3287822.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3287822.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3287822.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287822\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV8.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V8\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363782187659");
Line Deleted : user_pref("CT3287822.serviceLayer_services_appsMetadata_lastUpdate", "1363782187593");
Line Deleted : user_pref("CT3287822.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363782187600");
Line Deleted : user_pref("CT3287822.serviceLayer_services_location_lastUpdate", "1365969524509");
Line Deleted : user_pref("CT3287822.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364552319589");
Line Deleted : user_pref("CT3287822.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365969525423");
Line Deleted : user_pref("CT3287822.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363782187570");
Line Deleted : user_pref("CT3287822.serviceLayer_services_searchAPI_lastUpdate", "1363782185014");
Line Deleted : user_pref("CT3287822.serviceLayer_services_serviceMap_lastUpdate", "1365969524286");
Line Deleted : user_pref("CT3287822.serviceLayer_services_setupAPI_lastUpdate", "1363782190412");
Line Deleted : user_pref("CT3287822.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363782187412");
Line Deleted : user_pref("CT3287822.serviceLayer_services_toolbarSettings_lastUpdate", "1365969525122");
Line Deleted : user_pref("CT3287822.serviceLayer_services_translation_lastUpdate", "1365969525031");
Line Deleted : user_pref("CT3287822.settingsINI", true);
Line Deleted : user_pref("CT3287822.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3287822.showToolbarPermission", "false");
Line Deleted : user_pref("CT3287822.smartbar.CTID", "CT3287822");
Line Deleted : user_pref("CT3287822.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3287822.smartbar.homepage", true);
Line Deleted : user_pref("CT3287822.smartbar.isHidden", true);
Line Deleted : user_pref("CT3287822.smartbar.toolbarName", "MixiDJ V8 ");
Line Deleted : user_pref("CT3287822.startPage", "true");
Line Deleted : user_pref("CT3287822.toolbarBornServerTime", "20-3-2013");
Line Deleted : user_pref("CT3287822.toolbarCurrentServerTime", "14-4-2013");
Line Deleted : user_pref("CT3287822.toolbarLoginClientTime", "Mon Apr 01 2013 03:25:16 GMT-0700 (US Mountain Standard Time)");
Line Deleted : user_pref("CT3287822_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1367407315816,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3291325.FF19Solved", "true");
Line Deleted : user_pref("CT3291325.UserID", "UN20007298511156910");
Line Deleted : user_pref("CT3291325.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3291325.fullUserID", "UN20007298511156910.IN.20131016012308");
Line Deleted : user_pref("CT3291325.installDate", "16/10/2013 01:23:11");
Line Deleted : user_pref("CT3291325.installSessionId", "{4E4CB4F0-DEA4-479F-85B9-BCAFD5652F55}");
Line Deleted : user_pref("CT3291325.installSp", "TRUE");
Line Deleted : user_pref("CT3291325.installerVersion", "1.7.101.1");
Line Deleted : user_pref("CT3291325.keyword", "true");
Line Deleted : user_pref("CT3291325.originalHomepage", "Google.com");
Line Deleted : user_pref("CT3291325.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Line Deleted : user_pref("CT3291325.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3291325.originalSearchEngineName", "Yahoo");
Line Deleted : user_pref("CT3291325.searchRevert", "false");
Line Deleted : user_pref("CT3291325.searchUserMode", "2");
Line Deleted : user_pref("CT3291325.smartbar.homepage", "true");
Line Deleted : user_pref("CT3291325.versionFromInstaller", "10.20.103.6");
Line Deleted : user_pref("CT3291325.xpeMode", "0");
Line Deleted : user_pref("CT3303000.FF19Solved", "true");
Line Deleted : user_pref("CT3303000.UserID", "UN21403379351480211");
Line Deleted : user_pref("CT3303000.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3303000.fullUserID", "UN21403379351480211.IN.20131005014835");
Line Deleted : user_pref("CT3303000.installDate", "05/10/2013 01:48:37");
Line Deleted : user_pref("CT3303000.installSessionId", "{6CE5ADD5-AA6C-4C7B-AD99-5CA686BDDAAD}");
Line Deleted : user_pref("CT3303000.installSp", "TRUE");
Line Deleted : user_pref("CT3303000.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3303000.keyword", "true");
Line Deleted : user_pref("CT3303000.originalHomepage", "hxxp://www.search.ask.com/?l=dis&o=APN10719&gct=hp&apn_ptnrs=^AT0&apn_dtid=^pfm036^YY^US&p2=^AT0^pfm036^YY^US&tpid=MP3RV6&apn_dbr=iexplore.exe_6_10.0.9200.1657[...]
Line Deleted : user_pref("CT3303000.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Line Deleted : user_pref("CT3303000.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3303000.originalSearchEngineName", "Yahoo");
Line Deleted : user_pref("CT3303000.searchRevert", "false");
Line Deleted : user_pref("CT3303000.searchUserMode", "2");
Line Deleted : user_pref("CT3303000.smartbar.homepage", "true");
Line Deleted : user_pref("CT3303000.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3303000.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287822&octid=CT3287822&SearchSource=61&CUI=UN23627480342715177&UM=UM_ID&UP=SP170A141B-0971-4D19-BB30-69799DC4FF35");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V8 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN23627480342715177&UM=UM_ID&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287822");
Line Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.12 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&CUI=UN20007298511156910&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.APN_TB.first-previous-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN23627480342715177&UM=&q=");
Line Deleted : user_pref("extensions.MP3RV6.hpr", "\"hxxp://www.search.ask.com/?l=dis&o=APN10719&gct=hp&apn_ptnrs=^AT0&apn_dtid=^pfm036^YY^US&p2=^AT0^pfm036^YY^US&tpid=MP3RV6&apn_dbr=iexplore.exe_6_10.0.9200.16576\"[...]
Line Deleted : user_pref("extensions.MP3RV6.hpr_cr", "\"hxxp://www.search.ask.com/?l=dis&o=APN10719cr&gct=hp&apn_ptnrs=^AT0&apn_dtid=^pfm036^YY^US&p2=^AT0^pfm036^YY^US&tpid=MP3RV6&apn_dbr=iexplore.exe_6_10.0.9200.16[...]
Line Deleted : user_pref("extensions.MP3RV6.hpr_ff", "\"hxxp://www.search.ask.com/?l=dis&o=APN10719&gct=hp&apn_ptnrs=^AT0&apn_dtid=^pfm036^YY^US&p2=^AT0^pfm036^YY^US&tpid=MP3RV6&apn_dbr=iexplore.exe_6_10.0.9200.1657[...]
Line Deleted : user_pref("extensions.MP3RV6.hpr_ie", "\"hxxp://www.search.ask.com/?l=dis&o=APN10719&gct=hp&apn_ptnrs=^AT0&apn_dtid=^pfm036^YY^US&p2=^AT0^pfm036^YY^US&tpid=MP3RV6&apn_dbr=iexplore.exe_6_10.0.9200.1657[...]
Line Deleted : user_pref("extensions.MP3RV6.previous-keyword-url", "\"hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN23627480342715177&UM=&q=\"");
Line Deleted : user_pref("extensions.crossrider.bic", "142f6128c5df8c72248dbab2d3194fc0");
Line Deleted : user_pref("extensions.enabledAddons", "ascsurfingprotection%40iobit.com:1.0,toolbar_MP3RV6%40apn.ask.com:30.9,webrootsecure%40webroot.com:1.0.0.26,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22653421);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "KeyBar 1.12 Customized Web Search");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN20007298511156910&UM=2&q=");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "KeyBar 1.12 Customized Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=F9AB47C6-3F51-4A37-933C-800804B67303&n=780b5b5d&p2=^HJ^xdm017^YY^us&si=pconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2014010205");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm017^YY^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "F9AB47C6-3F51-4A37-933C-800804B67303");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1390429996369");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "85374");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "[email protected]");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3291325");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287822&octid=CT3287822&SearchSource=61&CUI=UN23627480342715177&UM=UM_ID&UP=SP170A141B-0971-4D19-BB30-69799DC4FF35,hxxp://s[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN23627480342715177&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291325");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3291325");
Line Deleted : user_pref("smartbar.machineId", "ASYWNPLIV+CXKYESDUKKYKLMTJNJABZZYUZHFW9HMEXRNCNN68DHXHA4ODD1JB+WZNWF8AERZ6AMVGWONZGZOW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=");
Line Deleted : user_pref("smartbar.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("smartbar.pciMachineID", "PCI\\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\\4&B75C242&0&00E6");
Line Deleted : user_pref("smartbar.plainMachineId", "90:2B:34:13:E7:93BFEBFBFF000306A9");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\M Shapiro\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [42354 octets] - [06/02/2014 01:21:20]
AdwCleaner[S0].txt - [41441 octets] - [06/02/2014 01:24:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [41502 octets] ##########



JUNKWARE REMOVAL TOOL REPORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by M Shapiro on Thu 02/06/2014 at 1:32:49.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Successfully stopped: [Service] hsswd
Successfully deleted: [Service] hsswd



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1796EC91-D094-4A5F-B681-E16015D1CEAC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A083C35D-61A9-4625-BBB6-FB54E71B8527}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B70E008C-967B-4104-BC7B-6F7C77DBC38D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{29AB2E15-573D-4846-AA18-F1C0E4F8112C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{087a7792-10bb-455d-bd55-427d589addf5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D36BFFF8-A3AE-4032-A179-F29083C68BA7}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{6978f29a-3493-40b2-8cdc-9c13a02f85a4}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d7949a66-d936-4028-9552-14f7dc50f38d}"



~~~ Files

Successfully deleted: [File] "C:\Users\M Shapiro\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\Users\M Shapiro\appdata\local\{BE193CA0-DA93-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\M Shapiro\AppData\Roaming\hotspot shield"
Successfully deleted: [Folder] "C:\Users\M Shapiro\AppData\Roaming\isafe"
Successfully deleted: [Folder] "C:\Users\M Shapiro\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\M Shapiro\appdata\local\slick savings"
Successfully deleted: [Folder] "C:\Users\M Shapiro\appdata\locallow\dailyfitnesscenter_53"
Successfully deleted: [Folder] "C:\Users\M Shapiro\appdata\locallow\ytd"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\secure speed dial"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\M Shapiro\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\M Shapiro\appdata\local\{0410B232-F430-48D1-B386-DBA8A2989510}
Successfully deleted: [Empty Folder] C:\Users\M Shapiro\appdata\local\{4BEF1AE9-1D98-4769-9408-6F918614E57A}
Successfully deleted: [Empty Folder] C:\Users\M Shapiro\appdata\local\{9DAC0CA9-F44F-45B4-9885-89EF40EAAB3A}
Successfully deleted: [Empty Folder] C:\Users\M Shapiro\appdata\local\{B29F8F36-8E3B-4A24-B438-D821AAC9CADA}
Successfully deleted: [Empty Folder] C:\Users\M Shapiro\appdata\local\{B3E4AE26-0A73-4A35-8D89-3222BB73544E}
Successfully deleted: [Empty Folder] C:\Users\M Shapiro\appdata\local\{D4163003-4A72-4F09-A8B2-3E16A5F0A718}
Successfully deleted: [Empty Folder] C:\Users\M Shapiro\appdata\local\{EDC3E909-4C3E-413A-B3FB-DD695886F4FD}
Successfully deleted: [Empty Folder] C:\Users\M Shapiro\appdata\local\{F863DBB2-82C4-42F8-A7A4-4540C3E0A98F}
Successfully deleted: [Folder] C:\Users\M Shapiro\appdata\local\{BE193CA0-DA93-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\4zffxtbr@videodownloadconverter_4z.com
Emptied folder: C:\Users\M Shapiro\AppData\Roaming\mozilla\firefox\profiles\g3g7pdv4.default\minidumps [88 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\M Shapiro\appdata\local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Folder] C:\Users\M Shapiro\appdata\local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Folder] C:\Users\M Shapiro\appdata\local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Successfully deleted: [Folder] C:\Users\M Shapiro\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Successfully deleted: [Folder] C:\Users\M Shapiro\appdata\local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/06/2014 at 1:37:32.66
End of JRT log

MALWARE

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
M Shapiro :: MSHAPIRO-PC [administrator]

2/6/2014 1:58:18 AM
mbam-log-2014-02-06 (01-58-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213892
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f232128-6f42-4f37-8efe-2e6020b2d478} (PUP.Optional.SpringSmart.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\M Shapiro\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\M Shapiro\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 11
C:\ProgramData\YouTube Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\ProgramData\ZalmanInstaller_52331\otshotcomponent49.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\M Shapiro\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\TRANSLATE (PUP.Optional.SmartBar) -> Quarantined and deleted successfully.
C:\Users\M Shapiro\Documents\pal_install_noask_r109702.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\M Shapiro\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\590d4.msi (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\5ad95e.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\93582.msi (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\M Shapiro\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\M Shapiro\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)
 
Last edited:
Since you have a lot of malware lets scan deeper.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

tdssstartscan_zps32a151cd.jpg


TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

2663-2-eng.png


To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

2663_3_en.png


Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

2.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:

The Tdsskiller log
The combofix log
 
You must log in or register to reply here.
Back
Top