~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by salk nchir (Administrator) on 25/12/2016 at 12:54:28,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5 

Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\salk nchir\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\salk nchir\AppData\Roaming\Mozilla\Firefox\Profiles\m265zc86.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} (Folder) 
Successfully deleted: C:\Users\salk nchir\AppData\Roaming\Mozilla\Firefox\Profiles\m265zc86.default\searchplugins\mailru.xml (File) 
Successfully deleted: C:\Users\salk nchir\Documents\add-in express (Folder) 

Deleted the following from C:\Users\salk nchir\AppData\Roaming\Mozilla\Firefox\Profiles\m265zc86.default\prefs.js
user_pref(browser.search.defaultenginename, Поиск@Mail.Ru);
user_pref(browser.search.selectedEngine, Поиск@Mail.Ru);
user_pref(browser.startup.homepage, hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=818411);
user_pref(extensions.homepage@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7B3DDC15DB-0F77-47E5-8D59-9C247C9B5729%7D&install_id=%7B06960234-B8BB-4EEA-A
user_pref(extensions.homepage@mail.ru.info, {\gp\:\818411\,\product_id\:\{3DDC15DB-0F77-47E5-8D59-9C247C9B5729}\,\install_id\:\{06960234-B8BB-4EEA-A83E-8F4EA175C
user_pref(extensions.homepage@mail.ru.install_id, {06960234-B8BB-4EEA-A83E-8F4EA175C402});
user_pref(extensions.homepage@mail.ru.lastHomepage, hxxp://mail.ru/cnt/10445?gp=818411);
user_pref(extensions.homepage@mail.ru.lastPageType, 1);
user_pref(extensions.homepage@mail.ru.metric_state_go_metric, {\lastDayNumber\:2,\lastDayDate\:\2016-12-24T00:00:00.000Z\});
user_pref(extensions.homepage@mail.ru.metric_state_mrds_metric, {\lastDayNumber\:2,\lastDayDate\:\2016-12-24T00:00:00.000Z\});
user_pref(extensions.homepage@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7B3DDC15DB-0F77-47E5-8D59-9C247C9B572
user_pref(extensions.homepage@mail.ru.partner_product_online_url, hxxp://ec2-54-229-84-172.eu-west-1.compute.amazonaws.com/affect?guid={guid}&sid=16045&homesearch=1&label=8
user_pref(extensions.homepage@mail.ru.product_id, {3DDC15DB-0F77-47E5-8D59-9C247C9B5729});
user_pref(extensions.homepage@mail.ru.product_type, ff_xtnhp);
user_pref(extensions.homepage@mail.ru.rfr, 818411);
user_pref(extensions.search@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7BAD4BF534-2C50-43A5-BE85-FD1843918A95%7D&install_id=%7B06960234-B8BB-4EEA-A83
user_pref(extensions.search@mail.ru.info, {\gp\:\811041\,\product_id\:\{AD4BF534-2C50-43A5-BE85-FD1843918A95}\,\install_id\:\{06960234-B8BB-4EEA-A83E-8F4EA175C40
user_pref(extensions.search@mail.ru.install_id, {06960234-B8BB-4EEA-A83E-8F4EA175C402});
user_pref(extensions.search@mail.ru.metric_state_go_metric, {\lastDayNumber\:2,\lastDayDate\:\2016-12-24T00:00:00.000Z\});
user_pref(extensions.search@mail.ru.metric_state_mrds_metric, {\lastDayNumber\:2,\lastDayDate\:\2016-12-24T00:00:00.000Z\});
user_pref(extensions.search@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7BAD4BF534-2C50-43A5-BE85-FD1843918A95%
user_pref(extensions.search@mail.ru.partner_product_online_url, hxxp://ec2-54-229-84-172.eu-west-1.compute.amazonaws.com/affect?guid={guid}&sid=16045&homesearch=1&label=811
user_pref(extensions.search@mail.ru.product_id, {AD4BF534-2C50-43A5-BE85-FD1843918A95});
user_pref(extensions.search@mail.ru.product_type, ff_xtndse);
user_pref(extensions.search@mail.ru.rfr, 811041);
user_pref(extensions.xpiState, {\app-profile\:{\firefox@zenmate.com\:{\d\:\C:\\\\Users\\\\salk nchir\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\m265z
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7B93951E76-8503-46CB-880E-AF60762AD2CF%7D&install_id=%
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.info, {\gp\:\811042\,\product_id\:\{93951E76-8503-46CB-880E-AF60762AD2CF}\,\install_id\:\{06960234-B8
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7B93951E76-8503
user_pref(keyword.URL, hxxp://go.mail.ru/distib/ep/?product_id=%7BF7E9D2BC-FF44-4D66-87CB-CCA3CCB4440A%7D&gp=811041);



Registry: 9 

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SCBackService (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\WCUService_STC_IE (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FD47D5D9-4C72-4966-8E72-A887B8A52F21} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/12/2016 at 12:57:11,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~