Solved virus - redirecting or not opening firefox or explorer

Dell / Inspiron 1150
November 14, 2013 at 19:59:50
Specs: Microsoft Windows7 home edition, 2.8 GHz / 512MB
My laptop is not functioning normally. First I had different sites pop up when I opened Google with Firefox. Now the firefox does not display any page and asks me to change proxy settings. I ran malwarebyte and the log is below -

____________________________________________________________________________

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.15.01

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Tapan Shah :: TAPANSHAH-PC [administrator]

Protection: Disabled

11/14/2013 9:25:21 PM
mbam-log-2013-11-14 (21-25-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209875
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 46
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard (PUP.Optional.Mediasoft) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3309656 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Registry Values Detected: 6
HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.18.0 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www.golsearch.com/?babsrc=HP... -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_redsnow-display-us-336x280-23043526814 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.18.0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (Trojan.BProtector) -> Bad: (c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN14581149625987162&UM=2&ctid=CT3309656) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 25
C:\Users\Tapan Shah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\TopArcadeHits (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\installdt.tmp (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\installdt.tmp\XPI (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\installdt.tmp\XPI\defaulttab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\OpenCandy\920243198DF945CCBBAD7EDF2800B4C9 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3309656 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 110
C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (Trojan.BProtector) -> Quarantined and deleted successfully.
C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.Mediasoft) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\TopArcadeHits\Toparcadehits.dll (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\OpenCandy\920243198DF945CCBBAD7EDF2800B4C9\KeyDownloaderUS_p1v3.exe (PUP.Optional.Otshot.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\OpenCandy\920243198DF945CCBBAD7EDF2800B4C9\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\OpenCandy\920243198DF945CCBBAD7EDF2800B4C9\OtshotInstaller7.exe (PUP.Optional.Otshot.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\nsi4127.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\nsj9A23.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\nsqE55.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\nstC8AE.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\nsyD59C.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\s5u6nRqx.exe.part (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\toparcadesetup.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\busCE17\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\D64AD7F2-BAB0-7891-9CBE-3D40C2C4FCDF\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\D64AD7F2-BAB0-7891-9CBE-3D40C2C4FCDF\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\D64AD7F2-BAB0-7891-9CBE-3D40C2C4FCDF\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\D64AD7F2-BAB0-7891-9CBE-3D40C2C4FCDF\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\D64AD7F2-BAB0-7891-9CBE-3D40C2C4FCDF\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\D64AD7F2-BAB0-7891-9CBE-3D40C2C4FCDF\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\D64AD7F2-BAB0-7891-9CBE-3D40C2C4FCDF\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\D64AD7F2-BAB0-7891-9CBE-3D40C2C4FCDF\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\is1615585457\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\is1615585457\setup.exe (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\is1615585457\WebConnect.exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\nsc787B.tmp\loader.dll (Rogue.InternetSecurityEssentials) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\nsc787B.tmp\pack.7z (PUP.Optional.Mediasoft) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\nsc787B.tmp\protector.dll (Trojan.BProtector) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\nsc787B.tmp\rjatydimofu.exe (PUP.Optional.Mediasoft) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Downloads\RedSn0w_Setup(1).exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Downloads\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Conduit\CT3309656\KeyBar_2.1AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\TopArcadeHits\uninstaller.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\TopArcadeHits\updater.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\J5YK3H3M\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\J5YK3H3M\KeyBar_2.1[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\J5YK3H3M\OptimizerPro[1].exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\J5YK3H3M\pack[1].7z (PUP.Optional.Mediasoft) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\JN3U2LU0\DefaultTabSetup_20130903[1].exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\JN3U2LU0\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\RZI7USJ8\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\RZI7USJ8\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\RZI7USJ8\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\RZI7USJ8\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\Local Settings\Temporary Internet Files\Content.IE5\Z52RLHTU\Setup[1].exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\TopArcadeHits\tah.config (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\TopArcadeHits\uninstaller.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\TopArcadeHits\updater.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\TopArcadeHits.job (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\install.log (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\makecert.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\installdt.tmp\DefaultTab.xpi (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\addon.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\DT.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\search_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\update.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\CT3309656.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Tapan Shah\AppData\Local\Temp\ct3309656\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3309656\configutaion.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3309656\SetupIcon.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3309656\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

___________________________________________________________________________

Can someone please help me with what the next step I need to do.

Thanks for your help in advance.


See More: virus - redirecting or not opening firefox or explorer

Report •


✔ Best Answer
November 16, 2013 at 14:18:48
To make your comp more secure, these need updating. If you don't need Java, remove both versions or at least Java(TM) 6 Update 35. You can do it from Add/Remove or use JavaRa.

To remove old and redundant versions of the Java Runtime Environment:
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://singularlabs.com/software/ja...

[url=http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1][color=red][b]Out of date service pack!![/color][/url][/b]

Java 7 Update 25
[color=red][b]Java version out of Date![/b][/color]

Adobe Reader 10.1.4 [color=red][b]Adobe Reader out of Date![/b][/color]



#1
November 14, 2013 at 20:23:49
1: Infection has enabled proxy
http://www.bleepingcomputer.com/vir...
Start > Control Panel > Internet Options > Connections > LAN settings, untick > Use a proxy server for your LAN. Click OK twice.

2: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

3: Reboot

4: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

5: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#2
November 15, 2013 at 15:40:21
All steps have been ran as directed and here are the logs -

Unhide

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 11/15/2013 07:45:53 AM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 194886 files processed.

The C:\Users\TAPANS~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoRun policy was found and deleted!
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Program finished at: 11/15/2013 08:16:07 AM
Execution time: 0 hours(s), 30 minute(s), and 14 seconds(s)

__________________________________________________________________________

AdwareCleaner

# AdwCleaner v3.012 - Report created 15/11/2013 at 17:08:34
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Tapan Shah - TAPANSHAH-PC
# Running from : C:\Users\Tapan Shah\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Program Files (x86)\KeyBar_2.1
Folder Deleted : C:\Users\Tapan Shah\AppData\Local\Conduit
Folder Deleted : C:\Users\Tapan Shah\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tapan Shah\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Tapan Shah\AppData\LocalLow\KeyBar_2.1
Folder Deleted : C:\Users\Tapan Shah\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Firefox\Profiles\wzqgorw7.default\CT3309656
Folder Deleted : C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Firefox\Profiles\wzqgorw7.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Firefox\Profiles\wzqgorw7.default\Extensions\addon@defaulttab.com
Folder Deleted : C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Firefox\Profiles\wzqgorw7.default\Extensions\{cef81415-2059-4dd5-9829-1aef3cf27f4f}
Folder Deleted : C:\Users\Tapan Shah\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
File Deleted : C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Firefox\Profiles\wzqgorw7.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\TAPANS~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Firefox\Profiles\wzqgorw7.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Firefox\Profiles\wzqgorw7.default\bprotector_prefs.js
File Deleted : C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Firefox\Profiles\wzqgorw7.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Firefox\Profiles\wzqgorw7.default\user.js
File Deleted : C:\Windows\System32\Tasks\BitGuard

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKCU\Software\58578fd8bd3dbd14
Key Deleted : HKLM\SOFTWARE\58578fd8bd3dbd14
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309656
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CEF81415-2059-4DD5-9829-1AEF3CF27F4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81E5A932-9182-43BE-AD98-0137FC7D8FFD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CEF81415-2059-4DD5-9829-1AEF3CF27F4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CEF81415-2059-4DD5-9829-1AEF3CF27F4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CEF81415-2059-4DD5-9829-1AEF3CF27F4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{81E5A932-9182-43BE-AD98-0137FC7D8FFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2184D2F3-30D0-49C1-BD2D-E8C65C78B3EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F33A9C80-09B3-4E43-8CD8-278F64CB7614}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CEF81415-2059-4DD5-9829-1AEF3CF27F4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CEF81415-2059-4DD5-9829-1AEF3CF27F4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CEF81415-2059-4DD5-9829-1AEF3CF27F4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CEF81415-2059-4DD5-9829-1AEF3CF27F4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_2.1
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\KeyBar_2.1

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Tapan Shah\AppData\Roaming\Mozilla\Firefox\Profiles\wzqgorw7.default\prefs.js ]

Line Deleted : user_pref("CT3309656.FF19Solved", "true");
Line Deleted : user_pref("CT3309656.UserID", "UN29795709513602256");
Line Deleted : user_pref("CT3309656.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3309656.fullUserID", "UN29795709513602256.IN.20130914153506");
Line Deleted : user_pref("CT3309656.installDate", "14/09/2013 15:35:15");
Line Deleted : user_pref("CT3309656.installSessionId", "{FAE99E25-A71D-440D-8996-B69749F9325B}");
Line Deleted : user_pref("CT3309656.installSp", "TRUE");
Line Deleted : user_pref("CT3309656.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3309656.keyword", "true");
Line Deleted : user_pref("CT3309656.originalHomepage", "about:home");
Line Deleted : user_pref("CT3309656.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=mcafee&p=");
Line Deleted : user_pref("CT3309656.originalSearchEngine", "Secure Search");
Line Deleted : user_pref("CT3309656.originalSearchEngineName", "Secure Search");
Line Deleted : user_pref("CT3309656.searchRevert", "false");
Line Deleted : user_pref("CT3309656.searchUserMode", "2");
Line Deleted : user_pref("CT3309656.smartbar.homepage", "true");
Line Deleted : user_pref("CT3309656.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3309656.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309656&octid=CT3309656&SearchSource=61&CUI=UN29795709513602256&UM=2&UP=SPDE584936-FD77-4FB5-836C-7FFAF1E59425");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=mcafee&p=");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 2.1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309656&CUI=UN29795709513602256&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "3aa191ae000000000000904ce582dac5");
Line Deleted : user_pref("extensions.delta.instlDay", "15969");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.611:52:55");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=5012");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3309656");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3309656&CUI=UN29795709513602256&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3309656&octid=CT3309656&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309656&SearchSource=2&CUI=UN29795709513602256&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3309656");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3309656");
Line Deleted : user_pref("smartbar.machineId", "A+VXJXB0RU9HIWZDIOTZHZACJWH6UB92EG8UQUMJBQNVBVJLLMA7MMU9RBOH4+JRYQQRFPFUFBGFWGFYNPNXLA");

-\\ Google Chrome v

[ File : C:\Users\Tapan Shah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12082 octets] - [15/11/2013 17:07:32]
AdwCleaner[S0].txt - [12004 octets] - [15/11/2013 17:08:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12065 octets] ##########

_________________________________________________________________________

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Tapan Shah on Fri 11/15/2013 at 17:24:20.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1637716177-3651449682-3305477156-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{79E850A6-0C91-44E5-A132-B4014ECFF01B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F650ED2D-DA56-41F4-B433-4900C98D9BAB}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Tapan Shah\AppData\Roaming\mozilla\firefox\profiles\wzqgorw7.default\extensions\{0113d088-8ed1-468c-b225-585a9c53b5e3}
Successfully deleted the following from C:\Users\Tapan Shah\AppData\Roaming\mozilla\firefox\profiles\wzqgorw7.default\prefs.js

user_pref("toparcadehits.settings.addon_data", "hxxp://tt.toparcadehits.com/cmn?p=YTE4MjEyNjExODg6K6YGRnib0ClTtvbv2gh%2BaV3KAOOH3BtJPW50P3Y03zz%2Bxq9YKi6oGbaCVI9AX3K874ThpwUsX
Emptied folder: C:\Users\Tapan Shah\AppData\Roaming\mozilla\firefox\profiles\wzqgorw7.default\minidumps [66 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/15/2013 at 17:36:58.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_________________________________________________________________________


Report •

#3
November 15, 2013 at 16:27:25
My post #1
1: Infection has enabled proxy

Had it?

5: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://tigzyrk.blogspot.fr/2012/11/...
If RougeKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

Related Solutions

#4
November 15, 2013 at 17:10:46
RougeKiller -

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Tapan Shah [Admin rights]
Mode : Remove -- Date : 11/15/2013 19:08:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] TopArcadeHits : C:\Users\Tapan Shah\AppData\Local\TopArcadeHits\updater.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320423AS ATA Device +++++
--- User ---
[MBR] e09e2a53ceb90404da6cf7f599f6302b
[BSP] 0bcad53fa137fc1d64f454811d781f18 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 290205 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_11152013_190841.txt >>
RKreport[0]_S_11152013_190358.txt


Report •

#5
November 15, 2013 at 17:17:49
My post #1
1: Infection has enabled proxy

Had it?


Report •

#6
November 15, 2013 at 18:01:41
Yes it had initially. Once it was unchecked based on your instruction it stayed disable.

Report •

#7
November 15, 2013 at 18:12:37
"Once it was unchecked based on your instruction it stayed disable"
Perfect.

"virus - redirecting or not opening firefox or explorer"
Is this still happening?


Report •

#8
November 15, 2013 at 18:50:20
Firefox and Explorer are opening normally. No re-directing of web page has happened yet. Seems it is working much much better than before.

Report •

#9
November 15, 2013 at 19:07:01
6: Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#10
November 15, 2013 at 19:10:30
As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, they make you aware the program is Ad-supported & down the bottom of the page, they will advise of what you have to watch out for.
Sample pages.
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshot ) of above.
http://i.imgur.com/CSBplyA.gif

Report •

#11
November 16, 2013 at 07:43:03
SecurityCheck

Results of screen317's Security Check version 0.99.77
Windows 7 x64 (UAC is enabled)
[url=http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1][color=red][b]Out of date service pack!![/color][/url][/b]
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 35
Java 7 Update 25
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.4 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (25.0.1)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
McAfee Online Backup MOBKbackup.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 1%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#12
November 16, 2013 at 14:18:48
✔ Best Answer
To make your comp more secure, these need updating. If you don't need Java, remove both versions or at least Java(TM) 6 Update 35. You can do it from Add/Remove or use JavaRa.

To remove old and redundant versions of the Java Runtime Environment:
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://singularlabs.com/software/ja...

[url=http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1][color=red][b]Out of date service pack!![/color][/url][/b]

Java 7 Update 25
[color=red][b]Java version out of Date![/b][/color]

Adobe Reader 10.1.4 [color=red][b]Adobe Reader out of Date![/b][/color]


Report •

#13
November 16, 2013 at 17:00:44
Will do. Thank you for your time and support.

Report •

#14
November 16, 2013 at 17:13:09
Ok, you should be good now.

Report •

Ask Question