Im infected please help. I will be running the progs. and posting the logs

I apologize if this is a duplicate post. I was having an issue posting the information.

My laptop is infected with trojans and PUP’s. I will be running the programs detailed in the “logs to assist in cleaning malware”. I will resume the other programs and post their logs later. I am having internet connection problems as well. Please help. Thanks

The ADW Cleaner Log is too large to fit in one post. I will re-post the continuance - 2nd part

[1st Log]

AdwCleaner v2.300 - Logfile created 04/28/2013 at 18:49:46

Updated 28/04/2013 by Xplode

Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

User : Renee Marie - RENEEMARIE-HP

Boot Mode : Normal

Running from : C:\Users\Renee Marie\Downloads\adwcleaner.exe

Option [Delete]

***** [Services] *****

Stopped & Deleted : IB Updater

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\user.js
File Deleted : C:\Users\Renee Marie\AppData\Roaming\Mozilla\Firefox\Profiles\zkftomwm.default\searchplugins\MyStart Search.xml
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\Users\Renee Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Renee Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : C:\Users\Renee Marie\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Renee Marie\AppData\Roaming\Mozilla\Firefox\Profiles\zkftomwm.default\extensions\crossriderapp5058@crossrider.com
Folder Deleted : C:\Users\Renee Marie\AppData\Roaming\Mozilla\Firefox\Profiles\zkftomwm.default\extensions\ffxtlbr@incredibar.com
Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

[ADW continued] part 2

***** [Internet Browsers] *****

-\ Internet Explorer v10.0.9200.16537

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb185?a=6R8KY19FrK&i=26 → hxxp://www.google.com

-\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Renee Marie\AppData\Roaming\Mozilla\Firefox\Profiles\zkftomwm.default\prefs.js

C:\Users\Renee Marie\AppData\Roaming\Mozilla\Firefox\Profiles\zkftomwm.default\user.js … Deleted !

Deleted : user_pref(“browser.newtab.url”, “hxxp://mystart.incredibar.com/mb185?a=6R8KY19FrK&i=26”);
Deleted : user_pref(“browser.search.defaultenginename”, “MyStart Search”);
Deleted : user_pref(“browser.search.selectedEngine”, “MyStart Search”);
Deleted : user_pref(“browser.startup.homepage”, “hxxp://mystart.incredibar.com/mb185?a=6R8KY19FrK&i=26”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.InstallationThankYouPage”, true);
Deleted : user_pref(“extensions.crossriderapp5058.5058.InstallationTime”, 1352676174);
Deleted : user_pref(“extensions.crossriderapp5058.5058.InstallationUserSettings.searchUserConifrmation”, false[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.InstallationUserSettings.setHomepage”, false);
Deleted : user_pref(“extensions.crossriderapp5058.5058.InstallationUserSettings.setNewTab”, false);
Deleted : user_pref(“extensions.crossriderapp5058.5058.InstallationUserSettings.setSearch”, false);
Deleted : user_pref(“extensions.crossriderapp5058.5058.active”, true);
Deleted : user_pref(“extensions.crossriderapp5058.5058.addressbar”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.addressbarenhanced”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.backgroundjs”, “\n\n//\n”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.backgroundver”, 38);
Deleted : user_pref(“extensions.crossriderapp5058.5058.can_run_bg_code”, true);
Deleted : user_pref(“extensions.crossriderapp5058.5058.certdomaininstaller”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.changeprevious”, false);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie.InstallationTime.expiration”, "Fri Feb 01 2030 0[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie.InstallationTime.value”, “1352676174”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie.InstallerParams.expiration”, "Fri Feb 01 2030 00[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_aoi.expiration”, "Fri Feb 01 2030 00:00:00 […]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_aoi.value”, “1352676174”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_arbitrary_code.expiration”, "Fri Apr 26 201[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_arbitrary_code.value”, "%22%21appAPI.db.get[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_blocklist.expiration”, "Fri Apr 26 2013 20:[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_blocklist.value”, "%22nonexistantdomain.com[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_cf_ab_cap1.expiration”, "Fri Feb 01 2030 00[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_cf_ab_cap1.value”, "%22lbcmmpmjjaockhkcoflj[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_cf_bu1.expiration”, "Fri Feb 01 2030 00:00:[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_cf_bu1.value”, “1360598345”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_country_code.expiration”, "Fri May 03 2013 […]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_country_code.value”, “%22US%22”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_crr.expiration”, "Fri Feb 01 2030 00:00:00 […]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_crr.value”, “1365524097”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_currenttime.expiration”, "Fri Feb 01 2030 0[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_currenttime.value”, “%221366222568%22”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.expiration”, "Fri Feb 01 […]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.value”, “%221%22”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_installer_params.expiration”, "Fri Feb 01 2[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_installer_params.value”, "%7B%22source_id%2[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.expiration”, "Fri Feb 01 2030[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.value”, “%2214019%22”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.expiration”, "Fri Feb 01 2030 0[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.value”, “1352676304436”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_product_id.expiration”, "Fri Feb 01 2030 00[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_product_id.value”, “%221222%22”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_zoneid.expiration”, "Fri Feb 01 2030 00:00:[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie._GPL_zoneid.value”, “%22105368%22”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie.dbtest.expiration”, "Fri Feb 01 2030 00:00:00 GM[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie.dbtest.value”, “1352676268395”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie.lastrequest.expiration”, "Fri Feb 01 2030 00:00:[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.cookie.lastrequest.value”, "%7B%22path%22%3A%22/lindsey[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.description”, “Shopping Sidekick”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.domain”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.enablesearch”, false);
Deleted : user_pref(“extensions.crossriderapp5058.5058.fbremoteurl”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.group”, 0);
Deleted : user_pref(“extensions.crossriderapp5058.5058.homepage”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.iframe”, false);
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.InstallerIdentifiers.expiration”, "Fri Feb 0[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.InstallerIdentifiers.value”, "%7B%22installe[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_appVer.expiration”, "Fri Feb 01 20[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_appVer.value”, “85”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.expiration”, "Fri Feb […]
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.value”, “0”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_meta.expiration”, "Fri Feb 01 2030[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_meta.value”, “%7B%7D”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.expiration”, "Sat Apr 27[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.value”, “true”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_queue.expiration”, "Fri Feb 01 203[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_queue.value”, "%7B

[part 3]

%7D");
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_remote_resources.expiration”, "Fri[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.Resources_remote_resources.value”, "%7B%22re[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.SoftwareDetected.expiration”, "Fri Feb 01 20[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.internaldb.SoftwareDetected.value”, "%7B%22AnySoftware%[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.js”, "\n\nif("undefined"!=typeof _GPL_PLUGIN){var _GP[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.manifesturl”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.name”, “Shopping Sidekick”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.newtab”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.opensearch”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_1.code”, "appAPI._cr_config={appID:funct[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_1.name”, “base”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_1.ver”, 4);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_1000014.code”, "Array.prototype.indexOf|[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_1000014.name”, “GPL Plugin (Loader)”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_1000014.ver”, 15);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_1000015.code”, "var a=appAPI.db.getList([…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_1000015.name”, “GPL Background (BG)”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_1000015.ver”, 35);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_13.code”, "(function(a){a.selectedText=f[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_13.name”, “CrossriderAppUtils”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_13.ver”, 2);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_14.code”, "if(typeof(appAPI)==="undefin[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_14.name”, “CrossriderUtils”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_14.ver”, 2);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_16.code”, "if((typeof isBackground==="u[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_16.name”, “FFAppAPIWrapper”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_16.ver”, 6);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_17.code”, "if(typeof window!=="undefine[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_17.name”, “jQuery”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_17.ver”, 3);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_21.code”, "var CrossriderDebugManager=(f[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_21.name”, “debug”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_21.ver”, 3);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_22.code”, "(function(a){appAPI.queueMana[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_22.name”, “resources”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_22.ver”, 3);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_28.code”, "var CrossriderInitializerPlug[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_28.name”, “initializer”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_28.ver”, 2);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_4.code”, "/*! jQuery v1.7.1 jquery.com |[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_4.name”, “jquery_1_7_1”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_4.ver”, 3);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_47.code”, "(function(){appAPI.ready=func[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_47.name”, “resources_background”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_47.ver”, 2);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_64.code”, "(function(){var h="__CR_EMPT[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_64.name”, “appApiMessage”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_64.ver”, 1);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_72.code”, "if(appAPI._should_activate_v[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_72.name”, “appApiValidation”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_72.ver”, 2);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_78.code”, "(function(a){if(typeof a==="[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_78.name”, “CrossriderInfo”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_78.ver”, 2);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_98.code”, "(function(){var b="cr
"+app[…]

[part 4] [ADW]

Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_98.name”, “omniCommands”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins.plugin_98.ver”, 1);
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins_lists.plugins_0”, "4,14,78,16,64,47,72,98,10000[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins_lists.plugins_1”, “17,14,78,13,16,64,4,1,21,22,[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.plugins_lists.plugins_5”, “4,14,78,13,16,64,47,72”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.pluginsurl”, “hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/app[…]
Deleted : user_pref(“extensions.crossriderapp5058.5058.pluginsversion”, 60);
Deleted : user_pref(“extensions.crossriderapp5058.5058.publisher”, “Innovative Apps”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.searchstatus”, 0);
Deleted : user_pref(“extensions.crossriderapp5058.5058.setnewtab”, false);
Deleted : user_pref(“extensions.crossriderapp5058.5058.settingsurl”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.thankyou”, “”);
Deleted : user_pref(“extensions.crossriderapp5058.5058.updateinterval”, 360);
Deleted : user_pref(“extensions.crossriderapp5058.5058.ver”, 85);
Deleted : user_pref(“extensions.crossriderapp5058.apps”, “5058”);
Deleted : user_pref(“extensions.crossriderapp5058.bic”, “13af1c9bcd7fdd586fe73696ff23a518”);
Deleted : user_pref(“extensions.crossriderapp5058.cid”, 5058);
Deleted : user_pref(“extensions.crossriderapp5058.firstrun”, false);
Deleted : user_pref(“extensions.crossriderapp5058.hadappinstalled”, true);
Deleted : user_pref(“extensions.crossriderapp5058.installationdate”, 1352676261);
Deleted : user_pref(“extensions.crossriderapp5058.lastcheck”, 22783784);
Deleted : user_pref(“extensions.crossriderapp5058.lastcheckitem”, 22783784);
Deleted : user_pref(“extensions.crossriderapp5058.modetype”, “production”);
Deleted : user_pref(“extensions.crossriderapp5058.reportInstall”, true);
Deleted : user_pref(“extensions.crossriderapp5058.statsDailyCounter”, 1);
Deleted : user_pref(“extensions.enabledAddons”, “%7BFE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052%7D:2.0.0.574,wrc%40av[…]
Deleted : user_pref(“extensions.incredibar.RadioMyStations”, “[{"id":"1010","name":"Space Radio Scanner[…]
Deleted : user_pref(“extensions.incredibar.actvtyRptTime”, “1355760010861”);
Deleted : user_pref(“extensions.incredibar.admin”, false);
Deleted : user_pref(“extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c”, “%7B%22items%22%3A%5B%7B%22i[…]
Deleted : user_pref(“extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c_wid”, “2521; expires=Mon, 17 D[…]
Deleted : user_pref(“extensions.incredibar.aflt”, “orgnl”);
Deleted : user_pref(“extensions.incredibar.afterInstallRpt”, “sent”);
Deleted : user_pref(“extensions.incredibar.cntry”, “US”);
Deleted : user_pref(“extensions.incredibar.dfltLng”, “EN”);
Deleted : user_pref(“extensions.incredibar.dfltSrch”, false);
Deleted : user_pref(“extensions.incredibar.dfltlng”, “EN”);
Deleted : user_pref(“extensions.incredibar.dfltsrch”, “false”);
Deleted : user_pref(“extensions.incredibar.did”, “10678”);
Deleted : user_pref(“extensions.incredibar.envrmnt”, “production”);
Deleted : user_pref(“extensions.incredibar.excTlbr”, false);
Deleted : user_pref(“extensions.incredibar.hdrMd5”, “4635ED172137AC6D4F2C47E07850D28D”);
Deleted : user_pref(“extensions.incredibar.hmpg”, false);
Deleted : user_pref(“extensions.incredibar.hrdid”, “145fb27a0000000000002c768adb8848”);
Deleted : user_pref(“extensions.incredibar.id”, “145fb27a0000000000002c768adb8848”);
Deleted : user_pref(“extensions.incredibar.installerproductid”, “26”);
Deleted : user_pref(“extensions.incredibar.instlDay”, “15655”);
Deleted : user_pref(“extensions.incredibar.instlRef”, “”);
Deleted : user_pref(“extensions.incredibar.instlday”, “15655”);
Deleted : user_pref(“extensions.incredibar.instlref”, “”);
Deleted : user_pref(“extensions.incredibar.isDcmntCmplt”, false);
Deleted : user_pref(“extensions.incredibar.isdcmntcmplt”, “false”);
Deleted : user_pref(“extensions.incredibar.keywordurl”, “”);
Deleted : user_pref(“extensions.incredibar.lastVrsnTs”, “1.5.11.1417:21:57”);
Deleted : user_pref(“extensions.incredibar.mntrvrsn”, “1.2.0”);
Deleted : user_pref(“extensions.incredibar.newTab”, false);
Deleted : user_pref(“extensions.incredibar.newtab”, “false”);
Deleted : user_pref(“extensions.incredibar.newtaburl”, “”);
Deleted : user_pref(“extensions.incredibar.noFFXTlbr”, false);
Deleted : user_pref(“extensions.incredibar.ppd”, “111”);
Deleted : user_pref(“extensions.incredibar.prdct”, “incredibar”);
Deleted : user_pref(“extensions.incredibar.productid”, “26”);
Deleted : user_pref(“extensions.incredibar.prtnrId”, “Incredibar”);
Deleted : user_pref(“extensions.incredibar.prtnrid”, “Incredibar”);
Deleted : user_pref(“extensions.incredibar.sg”, “none”);
Deleted : user_pref(“extensions.incredibar.smplGrp”, “none”);
Deleted : user_pref(“extensions.incredibar.smplgrp”, “none”);
Deleted : user_pref(“extensions.incredibar.srch”, “”);
Deleted : user_pref(“extensions.incredibar.srchprvdr”, “”);
Deleted : user_pref(“extensions.incredibar.tlbrId”, “base”);
Deleted : user_pref(“extensions.incredibar.tlbrSrchUrl”, “hxxp://mystart.Incredibar.com/?a=6R8KY19FrK&loc=IB_T[…]
Deleted : user_pref(“extensions.incredibar.tlbrid”, “base”);
Deleted : user_pref(“extensions.incredibar.tlbrsrchurl”, “hxxp://mystart.Incredibar.com/?a=6R8KY19FrK&loc=IB_T[…]
Deleted : user_pref(“extensions.incredibar.upn2”, “6R8KY19FrK”);
Deleted : user_pref(“extensions.incredibar.upn2n”, “92825385586317860”);
Deleted : user_pref(“extensions.incredibar.vrsn”, “1.5.11.14”);
Deleted : user_pref(“extensions.incredibar.vrsnTs”, “1.5.11.1417:21:57”);
Deleted : user_pref(“extensions.incredibar.vrsni”, “1.5.11.14”);
Deleted : user_pref(“extensions.incredibar.vrsnts”, “1.5.11.1417:21:57”);
Deleted : user_pref(“extensions.incredibar_i.aflt”, “orgnl”);
Deleted : user_pref(“extensions.incredibar_i.dfltLng”, “”);
Deleted : user_pref(“extensions.incredibar_i.did”, “10678”);
Deleted : user_pref(“extensions.incredibar_i.excTlbr”, false);
Deleted : user_pref(“extensions.incredibar_i.id”, “145fb27a0000000000002c768adb8848”);
Deleted : user_pref(“extensions.incredibar_i.installerproductid”, “26”);
Deleted : user_pref(“extensions.incredibar_i.instlDay”, “15655”);
Deleted : user_pref(“extensions.incredibar_i.instlRef”, “”);
Deleted : user_pref(“extensions.incredibar_i.ms_url_id”, “”);
Deleted : user_pref(“extensions.incredibar_i.newTab”, false);
Deleted : user_pref(“extensions.incredibar_i.ppd”, “111”);
Deleted : user_pref(“extensions.incredibar_i.prdct”, “incredibar”);
Deleted : user_pref(“extensions.incredibar_i.productid”, “26”);
Deleted : user_pref(“extensions.incredibar_i.prtnrId”, “Incredibar”);
Deleted : user_pref(“extensions.incredibar_i.smplGrp”, “none”);
Deleted : user_pref(“extensions.incredibar_i.tlbrId”, “base”);
Deleted : user_pref(“extensions.incredibar_i.tlbrSrchUrl”, “hxxp://mystart.Incredibar.com/?a=6R8KY19FrK&loc=IB[…]
Deleted : user_pref(“extensions.incredibar_i.upn2”, “6R8KY19FrK”);
Deleted : user_pref(“extensions.incredibar_i.upn2n”, “92825385586317860”);
Deleted : user_pref(“extensions.incredibar_i.vrsn”, “1.5.11.14”);
Deleted : user_pref(“extensions.incredibar_i.vrsnTs”, “1.5.11.1417:21:57”);
Deleted : user_pref(“extensions.incredibar_i.vrsni”, “1.5.11.14”);
Deleted : user_pref(“keyword.URL”, “hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6R8KY19FrK&&i=26&search=”[…]
Deleted : user_pref(”{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList”, “form=CONTLB|babsrc=too[…]
Deleted : user_pref(”{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_product_domain”, “Incredibar”);
Deleted : user_pref(”{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer”, “hxxp://us.yhs4.search.y[…]
Deleted : user_pref(”{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer”, “hxxp://us.yhs4.sear[…]
Deleted : user_pref(”{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList”, “{"search.babylon.com[…]
Deleted : user_pref(”{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList”, “form=CONTLB|babsrc=too[…]
Deleted : user_pref(”{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList”, "{"search.babylon.com[…]

-\ Google Chrome v26.0.1410.64

File : C:\Users\Renee Marie\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.28] : icon_url = “hxxp://mystart.incredibar.com/mb185/favicon.ico”,
Deleted [l.31] : keyword = “mystart.incredibar.com/mb185”,
Deleted [l.35] : search_url = "hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&search={searchTerms}&a=6R8KY19Fr[…]
Deleted [l.2467] : urls_to_restore_on_startup = [ “hxxp://mystart.incredibar.com/mb185?a=6R8KY19FrK&i=26” ]


AdwCleaner[S1].txt - [28676 octets] - [28/04/2013 18:49:46]

########## EOF - C:\AdwCleaner[S1].txt - [28737 octets] ##########

[MBAM log]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.26.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16540
Renee Marie :: RENEEMARIE-HP [administrator]

Protection: Disabled

4/27/2013 10:46:01 AM
mbam-log-2013-04-27 (10-46-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213988
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID{11111111-1111-1111-1111-110011501158} (PUP.215Apps) → Quarantined and deleted successfully.
HKCR\TypeLib{44444444-4444-4444-4444-440044504458} (PUP.215Apps) → Quarantined and deleted successfully.
HKCR\Interface{55555555-5555-5555-5555-550055505558} (PUP.215Apps) → Quarantined and deleted successfully.
HKCR\CrossriderApp0005058.BHO.1 (PUP.215Apps) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{11111111-1111-1111-1111-110011501158} (PUP.215Apps) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{11111111-1111-1111-1111-110011501158} (PUP.215Apps) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{11111111-1111-1111-1111-110011501158} (PUP.215Apps) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{11111111-1111-1111-1111-110011501158} (PUP.215Apps) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{11111111-1111-1111-1111-110011501158} (PUP.215Apps) → Quarantined and deleted successfully.
HKCR\CLSID{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
HKCR\CrossriderApp0005058.Sandbox.1 (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
HKCR\CrossriderApp0005058.Sandbox (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nllafhekklanfkimibokomlmidmcmaoi (PUP.CrossRider.SSK) → Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstalledBrowserExtensions\215 Apps|5058 (PUP.CrossFire.SA) → Data: Shopping Sidekick → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick|Publisher (PUP.CrossRider.SSK) → Data: 215 Apps → Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\Shopping Sidekick (PUP.CrossRider.SSK) → Quarantined and deleted successfully.

Files Detected: 10
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.215Apps) → Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick\Shopping SidekickInstaller.log (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick\ButtonUtil.dll (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick-bg.exe (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.exe (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ico (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ini (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick\Uninstall.exe (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
C:\Users\Renee Marie\Local Settings\Application Data\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) → Quarantined and deleted successfully.
C:\Users\Renee Marie\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) → Quarantined and deleted successfully.

(end)

hi harry.peterson82,

Much easier to run all programs and attach the resulting logs, rather than copy/paste operation: (See attached below)

Still waiting for aswMBR.exe and OTL scan logs to be attached.

At least AdwCleaner and Malwarebytes got rid of a lot of stuff.

Monitoring

Here are the Extras and OTL Logs. I did not click" Cleanup". i assume i will be instructed to do so later…

*** Also, under the “Extra Registry” section in OTL, “Use safe list” was selected by default and i left that alone when running the scan. Hope that was correct.

I did not click" Cleanup". i assume i will be instructed to do so later..
yes.... OBS: and the cleanup button will remove OTL....and we dont want to do that yet ;)
*** Also, under the "Extra Registry" section in OTL, "Use safe list" was selected by default and i left that alone when running the scan. Hope that was correct.
is is just a illustration picture....whats important is to follow the written instructions

essexboy will be back tomorrow

doing ASWmbr scan

ASW log

FSS Log. This is my last scan.

I will wait for instructions and may resume tomorrow with the cleaning.

Thanks

There may be some delay due to differing time zones, it is almost 2am in the UK so essexboy will be in bed, but he should be on-line later today.

Today is also my last day of AIS protection. I bought another year of service but did not receive a license key/file in the confirmation email… How do i obtain this?

If it hasn’t arrived yet - Try the Resend avast License http://www.avast.com/resend-license-paid.php, you will need to enter the email that you used when purchasing the license, e.g. the one that the original email with the link was sent. Hopefully that will be the most recent one you purchased, alternatively you can contact sales (at) avast (dot) com and let them know you haven’t received your license with the purchase receipt/confirmation email.

Hi the main problem now appears to be some Norton drivers remaining, I will remove those and then ask you to run the removal tool

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
DRV - [2011/05/18 20:00:00 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\EX64.SYS -- (NAVEX15)
DRV - [2011/05/18 20:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\ENG64.SYS -- (NAVENG)
DRV - [2011/05/13 11:51:58 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSviA64.sys -- (IDSVia64)
DRV - [2011/05/13 11:50:48 | 001,143,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys -- (BHDrvx64)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2011/12/27 22:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2013/04/29 20:51:46 | 000,000,000 | ---D | M]
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and run the Norton removal tool from here https://support.norton.com/sp/en/uk/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

Once completed could you let me kn ow what problems remain