Jump to content

Recommended Posts

My inlaws are in town for the week. She says for the last 2 months she has had this problem. IT will random play news, music,etc in hte background. I pulled up the taskmanager and see nothing to crazy. I know enough about computers, but am no expert by any means. She is running Vista. She has had malwarebytes installed for some time and we ran a scan, but it did not solve the problem. I did see she had no antivirus so I installed MSE, again ran it with no resolution. Thanks for any help.

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

 

Hi MrC... I have seen this issue very frequently on this form, but no real success with the SVCHOST process running ads besides reformatting. Do you guys have any insight on this?

Link to post
Share on other sites

DDS

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16526
Run by Ann at 9:54:08 on 2014-01-02
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2941.1319 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe
C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ann\AppData\Local\GCC\Controller.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.165.803.0.exe
C:\Windows\system32\MpSigStub.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Yahoo!
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.5\iobitappsToolbarIE.dll
mURLSearchHooks: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - <orphaned>
dURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.5\iobitappsToolbarIE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - c:\program files\nuance\naturallyspeaking12\program\ieshim.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.5\iobitappsToolbarIE.dll
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [skytel] Skytel.exe
mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [searchProtect] c:\windows\system32\config\systemprofile\appdata\roaming\searchprotect\bin\cltmng.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8DDCB78B-9BA0-4F26-B827-875C231F3756} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BD700D70-4407-43E8-AA8B-DDA1E4D7C854} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ann\appdata\roaming\mozilla\firefox\profiles\1bryt6pu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - component: c:\users\ann\appdata\roaming\mozilla\firefox\profiles\1bryt6pu.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCore.dll
FF - component: c:\users\ann\appdata\roaming\mozilla\firefox\profiles\1bryt6pu.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\dailyfitnesscenter_53ei\installr\1.bin\NP53EISb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nuance\naturallyspeaking12\program\npDgnRia.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\users\ann\appdata\roaming\mozilla\firefox\profiles\1bryt6pu.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}\plugins\np-mswmp.dll
FF - plugin: c:\users\ann\appdata\roaming\mozilla\firefox\profiles\1bryt6pu.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: !HIDDEN! 2009-08-08 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.id - 001E333CB458BC85
FF - user.js: extensions.mysearchdial.instlDay - 15993
FF - user.js: extensions.mysearchdial.vrsn - 
FF - user.js: extensions.mysearchdial.vrsni - 
FF - user.js: extensions.mysearchdial_i.vrsnTs - 21:28:10
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - airmsd
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 
FF - user.js: extensions.mysearchdial.dfltLng - 
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 772239961
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtC0EtAtAtA0C0ByEyDzz0B0CzzyDtN0D0Tzu0CyCyDyEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q
FF - user.js: extensions.irmysearch.aflt - airmsd
FF - user.js: extensions.irmysearch.instlRef - 
FF - user.js: extensions.irmysearch.cr - 772239961
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtC0EtAtAtA0C0ByEyDzz0B0CzzyDtN0D0Tzu0CyCyDyEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 MpKsla38ee91c;MpKsla38ee91c;c:\programdata\microsoft\microsoft antimalware\definition updates\{24a753a3-13d3-4ed4-a354-033665fbee97}\MpKsla38ee91c.sys [2014-1-2 40392]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-12-13 807800]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2012-7-18 310232]
R2 FileOpenManagerService;FileOpen Manager Service;c:\program files\fileopen\services\FileOpenManagerService32.exe [2012-10-17 213432]
R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\fileopen\services\FileOpenManagerSvc32.exe [2011-3-9 212352]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2010-6-27 12800]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2010-2-21 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2010-2-21 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2010-2-21 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2010-2-21 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2010-2-21 118800]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2013-9-26 1710640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-01-02 15:26:12 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f0077b3f-c058-48a3-ae3a-9e9f0c00b6f3}\mpengine.dll
2014-01-02 15:11:22 40392 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{24a753a3-13d3-4ed4-a354-033665fbee97}\MpKsla38ee91c.sys
2013-12-29 19:58:19 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8100616f-8fb7-466b-8453-01b03a8f8930}\gapaengine.dll
2013-12-29 19:58:10 7760024 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{24a753a3-13d3-4ed4-a354-033665fbee97}\mpengine.dll
2013-12-29 19:54:09 -------- d-----w- c:\program files\Microsoft Security Client
2013-12-28 18:37:29 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8772343c-7213-4ce9-8d74-9eef5ccbf195}\mpengine.dll
2013-12-23 19:32:50 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2013-12-18 00:59:52 -------- d-----w- c:\program files\Application Updater
2013-12-18 00:59:51 -------- d-----w- c:\program files\IObit Apps Toolbar
2013-12-11 10:07:00 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 10:06:59 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-11 10:06:58 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 10:06:58 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 10:06:56 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-11 10:06:56 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 10:06:56 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 10:06:56 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 10:06:56 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 10:06:55 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
==================== Find3M  ====================
.
2013-12-11 01:31:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 01:31:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 09:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-26 01:36:12 4953944 ----a-w- c:\users\ann\FLVMPlayer(1).exe
2013-10-26 01:19:04 4953944 ----a-w- c:\users\ann\FLVMPlayer.exe
2013-10-11 02:08:02 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2011-08-28 22:35:40 161720 ----a-w- c:\program files\2pres.dll
1998-04-30 20:56:44 129024 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH:  9:56:52.32 ===============
 
Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 4/28/2008 12:36:44 AM

System Uptime: 1/2/2014 9:10:10 AM (0 hours ago)

.

Motherboard: ATI Corp. |  | 

Processor: AMD Turion 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 185 GiB total, 75.058 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.8)

Amazon Kindle For PC v1.1

American Heritage® Dictionary, 4th Ed.

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

Audio Creator LE 1.5

Camera Assistant Software for Toshiba

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.8

Canon Utilities EOS Utility

Canon Utilities Original Data Security Tools

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities WFT Utility

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCScore

CD/DVD Drive Acoustic Silencer

Compatibility Pack for the 2007 Office system

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dragon NaturallySpeaking 12

DVD MovieFactory for TOSHIBA

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

essvatgt

FileOpen Client

GearDrvs

Genesys USB Mass Storage Device

GigaClicks Crawler

Google Chrome

Google Earth

Google Update Helper

Greeting Card Factory Photo Card Maker 2.0

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iCloud

IObit Apps Toolbar v8.5

Java 6 Update 3

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kodak EasyShare software

KSU

Malwarebytes Anti-Malware version 1.75.0.1300

Mavis Beacon Teaches Typing Platinum 20

Memeo AutoBackup

Memorex exPressit Label Design Studio

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft XML Parser

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Musicnotes Player V1.23.2 and Viewer

Napster

Napster Burn Engine

netbrdg

Norton 360

Notifier

OfotoXMI

PANTECH PC USB Modem Software

ParetoLogic DriverCure

PCDADDIN

PCDHELP

Picasa 3

QuickBooks Financial Center

QuickTime

Ralink RT2870 Wireless LAN Card

Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

SanDiskSecureAccess_Manager.exe

Search Protect by conduit

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

SFR

SHASTA

Sibelius

Sibelius Scorch

Sibelius Scorch (ActiveX Only)

SKIN0001

Skins

SKINXSDK

SONAR Home Studio 7

staticcr

Studio Instruments 1.0

Synaptics Pointing Device Driver

tooltips

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Games

TOSHIBA Hardware Setup

Toshiba Registration

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

UM150 Firmware Updates

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition

VPRINTOL

Windows Media Encoder 9 Series

WIRELESS

Yahoo! Install Manager

Yahoo! Software Update

Yahoo! Toolbar

.

==== End Of File ===========================
Link to post
Share on other sites

RK

 

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ann [Admin rights]
Mode : Scan -- Date : 01/02/2014 10:28:18
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] FileOpenManagerSvc32.exe -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe [7] -> KILLED [TermProc]
[sUSP PATH] Controller.exe -- C:\Users\Ann\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] EasyShare Registration Task.job : C:\Windows\system32\rundll32.exe - C:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.20.2.sxt _RegistrationOffer@16 [7][-][x] -> FOUND
[V2][sUSP PATH] EasyShare Registration Task : C:\Windows\system32\rundll32.exe - C:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.20.2.sxt _RegistrationOffer@16 [7][-][x] -> FOUND
[V2][sUSP PATH] GC_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" [x] -> FOUND
[V2][sUSP PATH] UP_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" - --Update [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2035GSS ATA Device +++++
--- User ---
[MBR] c7ee93a3ddd48d593040f05ed60ae3ab
[bSP] 9488da1f5330690070aaa1c1bfab0b85 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 189280 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_01022014_102818.txt >>
Link to post
Share on other sites

Search Please uninstall Protect by conduit from your add/remove programs if you can.
 
Then......

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know if there's any difference, MrC

Link to post
Share on other sites

While trying to unistall Proctect by Conduit it get this message

 

 

An error occurred while trying to unistall .....................Would you like to remove it from Programs and Features List?

 

 

I said no just in case.. I am following the other steps now.

Link to post
Share on other sites

I am unsure what I am looking at

 

 

# AdwCleaner v3.016 - Report created 02/01/2014 at 10:47:51
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Ann - ANN-PC
# Running from : C:\Users\Ann\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : Application Updater
 
***** [ Files / Folders ] *****
 
File Found : C:\alotserviceruntime.log
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
File Found : C:\Users\Ann\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\searchplugins\Web Search.xml
File Found : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\user.js
File Found : C:\Windows\System32\Tasks\paretologic registration3
File Found : C:\Windows\Tasks\paretologic registration3.job
Folder Found : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Found : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Found : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Found : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Folder Found : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\Extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}
Folder Found : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\Extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}
Folder Found C:\Program Files\Application Updater
Folder Found C:\Program Files\Common Files\ParetoLogic
Folder Found C:\Program Files\Common Files\Spigot
Folder Found C:\Program Files\glindorus
Folder Found C:\Program Files\IObit Apps Toolbar
Folder Found C:\Program Files\ParetoLogic
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\DriverCure
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\Users\Ann\AppData\Local\iac
Folder Found C:\Users\Ann\AppData\Local\Temp\AirInstaller
Folder Found C:\Users\Ann\AppData\Local\Temp\glindorus
Folder Found C:\Users\Ann\AppData\LocalLow\Conduit
Folder Found C:\Users\Ann\AppData\LocalLow\CouponAlert_2p
Folder Found C:\Users\Ann\AppData\LocalLow\iac
Folder Found C:\Users\Ann\AppData\LocalLow\PriceGong
Folder Found C:\Users\Ann\AppData\LocalLow\Search Settings
Folder Found C:\Users\Ann\AppData\Roaming\DriverCure
Folder Found C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\ConduitCommon
Folder Found C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\CT3314312
Folder Found C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\Smartbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\iWon
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\FLEXnet
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Zugo
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3297951
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3314312
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\InstalledThirdPartyPrograms
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\paretologic registration3
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFDD827F-C221-4194-95FD-B060B828F161}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\Search Settings
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\prefs.js ]
 
Line Found : user_pref("CT3314312.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Found : user_pref("CT3314312.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3314312.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3314312.FirstTime", "true");
Line Found : user_pref("CT3314312.FirstTimeFF3", "true");
Line Found : user_pref("CT3314312.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3314312.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3314312.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3314312.SF_USER_ID.enc", "Y2lkXzI3MTAyMDEzMTY0MjU5OTEwMzAy");
Line Found : user_pref("CT3314312.UserID", "UN36425507668122250");
Line Found : user_pref("CT3314312._key_cl_active.enc", "Y2ZhYTdmMDAtZTIxZC00ZjM1LWJkY2UtNzcwMmJkMDcxYWE3");
Line Found : user_pref("CT3314312.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3314312.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3314312.cb_experience_000.enc", "MQ==");
Line Found : user_pref("CT3314312.cb_firstuse0100.enc", "MQ==");
Line Found : user_pref("CT3314312.cb_user_id_000.enc", "Q0I3NzgwODYyNzQ0NDlfMTM4MjkwODAwMTM2Nl9GaXJlZm94");
Line Found : user_pref("CT3314312.cbfirsttime.enc", "U3VuIE9jdCAyNyAyMDEzIDEyOjIxOjU5IEdNVC0wNTAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp");
Line Found : user_pref("CT3314312.countryCode", "US");
Line Found : user_pref("CT3314312.embeddedsData", "[{\"appId\":\"130232788306295517\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3314312.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3314312.fixPageNotFoundErrorByUser", "TRUE");
Line Found : user_pref("CT3314312.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3314312.fullUserID", "UN36425507668122250.IN.20131013214717");
Line Found : user_pref("CT3314312.installType", "DirectDownload");
Line Found : user_pref("CT3314312.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3314312.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3314312.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3314312.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3314312.keyword", true);
Line Found : user_pref("CT3314312.lastVersion", "10.21.1.507");
Line Found : user_pref("CT3314312.mam_gk_appStateReportTime.enc", "MTM4Mjg5NDQ3ODAxMg==");
Line Found : user_pref("CT3314312.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Found : user_pref("CT3314312.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3314312.mam_gk_appState_Easytobook.enc", "b24=");
Line Found : user_pref("CT3314312.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Found : user_pref("CT3314312.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3314312.mam_gk_appState_WindowShopper.enc", "b24=");
Line Found : user_pref("CT3314312.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IkNsYXJpdHlfQWN0aXZlIiwidXJsIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vbWFtLzNyZHBhcnR5YXBwcy9jbGFyaXR5UmF5L2NyX2FjdGl2ZS5odG1sIiwic2NyaXB0[...]
Line Found : user_pref("CT3314312.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3314312.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNsYXJpdHlfQWN0aXZlIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiODZjMWY4NzItMGY3OC00OGUyLTg0M2UtODNiY2U0YTkyZTU4IiwiZG9tYWl[...]
Line Found : user_pref("CT3314312.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Found : user_pref("CT3314312.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3314312.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3314312.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Found : user_pref("CT3314312.mam_gk_lastLoginTime.enc", "MTM4Mjg5NDQ3MjI2Mw==");
Line Found : user_pref("CT3314312.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3314312.mam_gk_new_welcome_experience.enc", "MQ==");
Line Found : user_pref("CT3314312.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3314312.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEwMjciLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwMDlfMSIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
Line Found : user_pref("CT3314312.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3314312.mam_gk_userId.enc", "ZjRlMmIwOTYtYjI0NS00YjgwLWE3MmQtMTg3OWQyZmJiOWU4");
Line Found : user_pref("CT3314312.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3314312.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3314312.missingMachineIdSent", "true");
Line Found : user_pref("CT3314312.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.linkedin.com%2Fuas%2Flogin%3Fsession_redirect%3Dhxxp%253A%252F%252Fwww%252Elinkedin%252Ecom%252Fprofile%252Fvie[...]
Line Found : user_pref("CT3314312.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3314312.originalSearchEngine", "Yahoo!");
Line Found : user_pref("CT3314312.originalSearchEngineName", "Yahoo!");
Line Found : user_pref("CT3314312.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3314312.revertSettingsEnabled", "false");
Line Found : user_pref("CT3314312.search.searchAppId", "130232788306295517");
Line Found : user_pref("CT3314312.search.searchCount", "0");
Line Found : user_pref("CT3314312.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3314312.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3314312.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchSuggestEnabledByUser", "TRUE");
Line Found : user_pref("CT3314312.searchUserMode", "2");
Line Found : user_pref("CT3314312.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3314312.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3314312.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Found : user_pref("CT3314312.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3314312\"}");
Line Found : user_pref("CT3314312.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SweetPacks A5 \"}");
Line Found : user_pref("CT3314312.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3314312.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3314312.serviceLayer_services_Configuration_lastUpdate", "1382894451395");
Line Found : user_pref("CT3314312.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1382894455736");
Line Found : user_pref("CT3314312.serviceLayer_services_appsMetadata_lastUpdate", "1382894455751");
Line Found : user_pref("CT3314312.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1382894455521");
Line Found : user_pref("CT3314312.serviceLayer_services_login_10.21.1.507_lastUpdate", "1382894523470");
Line Found : user_pref("CT3314312.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1382894455606");
Line Found : user_pref("CT3314312.serviceLayer_services_searchAPI_lastUpdate", "1382894453024");
Line Found : user_pref("CT3314312.serviceLayer_services_serviceMap_lastUpdate", "1382894449198");
Line Found : user_pref("CT3314312.serviceLayer_services_setupAPI_lastUpdate", "1382894451422");
Line Found : user_pref("CT3314312.serviceLayer_services_toolbarContextMenu_lastUpdate", "1382894455672");
Line Found : user_pref("CT3314312.serviceLayer_services_toolbarSettings_lastUpdate", "1382907858724");
Line Found : user_pref("CT3314312.serviceLayer_services_translation_lastUpdate", "1382894455884");
Line Found : user_pref("CT3314312.settingsINI", true);
Line Found : user_pref("CT3314312.showToolbarPermission", "false");
Line Found : user_pref("CT3314312.smartbar.CTID", "CT3314312");
Line Found : user_pref("CT3314312.smartbar.Uninstall", "0");
Line Found : user_pref("CT3314312.smartbar.homepage", true);
Line Found : user_pref("CT3314312.smartbar.toolbarName", "SweetPacks A5 ");
Line Found : user_pref("CT3314312.toolbarBornServerTime", "27-10-2013");
Line Found : user_pref("CT3314312.toolbarCurrentServerTime", "27-10-2013");
Line Found : user_pref("CT3314312.toolbarInstallDate", "27-10-2013 12:20:51");
Line Found : user_pref("CT3314312.toolbarLoginClientTime", "Sun Oct 27 2013 12:22:03 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT3314312.url_history0001.enc", "c3RhcnQ6OjpjbGlja2hhbmRsZXI6OjoxMzgyOTA4MDAzODg2");
Line Found : user_pref("CT3314312_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382907848952,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3314312");
Line Found : user_pref("browser.search.order.1", "Mysearchdial");
Line Found : user_pref("extensions.crossrider.bic", "141faee68dd999a4e6a50af4a171ffda");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", true);
Line Found : user_pref("extensions.helperbar.countryiso", "us");
Line Found : user_pref("extensions.helperbar.downloadprovider", "gob1");
Line Found : user_pref("extensions.helperbar.installationid", "943fb96c-1d00-a5ca-0c94-b733e216d251");
Line Found : user_pref("extensions.helperbar.installdate", "25/10/2013");
Line Found : user_pref("extensions.helperbar.publisher", "snapdogoblidooyb");
Line Found : user_pref("extensions.mysearchdial.aflt", "airmsd");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0EtAtAtA0C0ByEyDzz0B0CzzyDtN0D0Tzu0CyCyDyEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q");
Line Found : user_pref("extensions.mysearchdial.cntry", "US");
Line Found : user_pref("extensions.mysearchdial.cr", "772239961");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Found : user_pref("extensions.mysearchdial.dpk_blck", "true");
Line Found : user_pref("extensions.mysearchdial.dspFFXOld", "Yahoo!");
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hdrMd5", "431C87D3876BA80207199D117ACDC52F");
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.id", "001E333CB458BC85");
Line Found : user_pref("extensions.mysearchdial.instlDay", "15993");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");
Line Found : user_pref("extensions.mysearchdial.lastVrsnTs", "");
Line Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"80\",\"lastVrsn\":\"80\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.sg", "{smplGrp}");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.vrsn", "");
Line Found : user_pref("extensions.mysearchdial.vrsni", "");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "21:28:10");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3314312");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3314312");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3314312");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [27636 octets] - [02/01/2014 10:47:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [27697 octets] ##########
Link to post
Share on other sites

I called her and got the ok to remove some programs she was not aware of. HEre is the log from after the reboot

 

 

# AdwCleaner v3.016 - Report created 02/01/2014 at 11:07:34
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Ann - ANN-PC
# Running from : C:\Users\Ann\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Application Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\glindorus
Folder Deleted : C:\Program Files\IObit Apps Toolbar
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Ann\AppData\Local\iac
Folder Deleted : C:\Users\Ann\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Ann\AppData\Local\Temp\glindorus
Folder Deleted : C:\Users\Ann\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ann\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\Ann\AppData\LocalLow\iac
Folder Deleted : C:\Users\Ann\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Ann\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Ann\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\ConduitCommon
Folder Deleted : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\Smartbar
Folder Deleted : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\CT3314312
Folder Deleted : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\Extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}
Folder Deleted : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Deleted : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\END
File Deleted : C:\Users\Ann\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\user.js
File Deleted : C:\Windows\Tasks\paretologic registration3.job
File Deleted : C:\Windows\System32\Tasks\paretologic registration3
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFDD827F-C221-4194-95FD-B060B828F161}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFDD827F-C221-4194-95FD-B060B828F161}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297951
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3314312
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412252}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\prefs.js ]
 
Line Deleted : user_pref("CT3314312.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Deleted : user_pref("CT3314312.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.FirstTime", "true");
Line Deleted : user_pref("CT3314312.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3314312.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3314312.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3314312.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3314312.SF_USER_ID.enc", "Y2lkXzI3MTAyMDEzMTY0MjU5OTEwMzAy");
Line Deleted : user_pref("CT3314312.UserID", "UN36425507668122250");
Line Deleted : user_pref("CT3314312._key_cl_active.enc", "Y2ZhYTdmMDAtZTIxZC00ZjM1LWJkY2UtNzcwMmJkMDcxYWE3");
Line Deleted : user_pref("CT3314312.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3314312.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3314312.cb_experience_000.enc", "MQ==");
Line Deleted : user_pref("CT3314312.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3314312.cb_user_id_000.enc", "Q0I3NzgwODYyNzQ0NDlfMTM4MjkwODAwMTM2Nl9GaXJlZm94");
Line Deleted : user_pref("CT3314312.cbfirsttime.enc", "U3VuIE9jdCAyNyAyMDEzIDEyOjIxOjU5IEdNVC0wNTAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3314312.countryCode", "US");
Line Deleted : user_pref("CT3314312.embeddedsData", "[{\"appId\":\"130232788306295517\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3314312.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3314312.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3314312.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3314312.fullUserID", "UN36425507668122250.IN.20131013214717");
Line Deleted : user_pref("CT3314312.installType", "DirectDownload");
Line Deleted : user_pref("CT3314312.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3314312.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3314312.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.keyword", true);
Line Deleted : user_pref("CT3314312.lastVersion", "10.21.1.507");
Line Deleted : user_pref("CT3314312.mam_gk_appStateReportTime.enc", "MTM4Mjg5NDQ3ODAxMg==");
Line Deleted : user_pref("CT3314312.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IkNsYXJpdHlfQWN0aXZlIiwidXJsIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vbWFtLzNyZHBhcnR5YXBwcy9jbGFyaXR5UmF5L2NyX2FjdGl2ZS5odG1sIiwic2NyaXB0[...]
Line Deleted : user_pref("CT3314312.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3314312.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNsYXJpdHlfQWN0aXZlIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiODZjMWY4NzItMGY3OC00OGUyLTg0M2UtODNiY2U0YTkyZTU4IiwiZG9tYWl[...]
Line Deleted : user_pref("CT3314312.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3314312.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3314312.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3314312.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT3314312.mam_gk_lastLoginTime.enc", "MTM4Mjg5NDQ3MjI2Mw==");
Line Deleted : user_pref("CT3314312.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3314312.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3314312.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3314312.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEwMjciLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwMDlfMSIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
Line Deleted : user_pref("CT3314312.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3314312.mam_gk_userId.enc", "ZjRlMmIwOTYtYjI0NS00YjgwLWE3MmQtMTg3OWQyZmJiOWU4");
Line Deleted : user_pref("CT3314312.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3314312.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3314312.missingMachineIdSent", "true");
Line Deleted : user_pref("CT3314312.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.linkedin.com%2Fuas%2Flogin%3Fsession_redirect%3Dhxxp%253A%252F%252Fwww%252Elinkedin%252Ecom%252Fprofile%252Fvie[...]
Line Deleted : user_pref("CT3314312.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.originalSearchEngine", "Yahoo!");
Line Deleted : user_pref("CT3314312.originalSearchEngineName", "Yahoo!");
Line Deleted : user_pref("CT3314312.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3314312.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3314312.search.searchAppId", "130232788306295517");
Line Deleted : user_pref("CT3314312.search.searchCount", "0");
Line Deleted : user_pref("CT3314312.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3314312.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3314312.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchSuggestEnabledByUser", "TRUE");
Line Deleted : user_pref("CT3314312.searchUserMode", "2");
Line Deleted : user_pref("CT3314312.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3314312\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SweetPacks A5 \"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_services_Configuration_lastUpdate", "1382894451395");
Line Deleted : user_pref("CT3314312.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1382894455736");
Line Deleted : user_pref("CT3314312.serviceLayer_services_appsMetadata_lastUpdate", "1382894455751");
Line Deleted : user_pref("CT3314312.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1382894455521");
Line Deleted : user_pref("CT3314312.serviceLayer_services_login_10.21.1.507_lastUpdate", "1382894523470");
Line Deleted : user_pref("CT3314312.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1382894455606");
Line Deleted : user_pref("CT3314312.serviceLayer_services_searchAPI_lastUpdate", "1382894453024");
Line Deleted : user_pref("CT3314312.serviceLayer_services_serviceMap_lastUpdate", "1382894449198");
Line Deleted : user_pref("CT3314312.serviceLayer_services_setupAPI_lastUpdate", "1382894451422");
Line Deleted : user_pref("CT3314312.serviceLayer_services_toolbarContextMenu_lastUpdate", "1382894455672");
Line Deleted : user_pref("CT3314312.serviceLayer_services_toolbarSettings_lastUpdate", "1382907858724");
Line Deleted : user_pref("CT3314312.serviceLayer_services_translation_lastUpdate", "1382894455884");
Line Deleted : user_pref("CT3314312.settingsINI", true);
Line Deleted : user_pref("CT3314312.showToolbarPermission", "false");
Line Deleted : user_pref("CT3314312.smartbar.CTID", "CT3314312");
Line Deleted : user_pref("CT3314312.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3314312.smartbar.homepage", true);
Line Deleted : user_pref("CT3314312.smartbar.toolbarName", "SweetPacks A5 ");
Line Deleted : user_pref("CT3314312.toolbarBornServerTime", "27-10-2013");
Line Deleted : user_pref("CT3314312.toolbarCurrentServerTime", "27-10-2013");
Line Deleted : user_pref("CT3314312.toolbarInstallDate", "27-10-2013 12:20:51");
Line Deleted : user_pref("CT3314312.toolbarLoginClientTime", "Sun Oct 27 2013 12:22:03 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT3314312.url_history0001.enc", "c3RhcnQ6OjpjbGlja2hhbmRsZXI6OjoxMzgyOTA4MDAzODg2");
Line Deleted : user_pref("CT3314312_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382907848952,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3314312");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("extensions.crossrider.bic", "141faee68dd999a4e6a50af4a171ffda");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "gob1");
Line Deleted : user_pref("extensions.helperbar.installationid", "943fb96c-1d00-a5ca-0c94-b733e216d251");
Line Deleted : user_pref("extensions.helperbar.installdate", "25/10/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "snapdogoblidooyb");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "airmsd");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0EtAtAtA0C0ByEyDzz0B0CzzyDtN0D0Tzu0CyCyDyEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "772239961");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.dpk_blck", "true");
Line Deleted : user_pref("extensions.mysearchdial.dspFFXOld", "Yahoo!");
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "431C87D3876BA80207199D117ACDC52F");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.id", "001E333CB458BC85");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "15993");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "");
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"80\",\"lastVrsn\":\"80\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "{smplGrp}");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "21:28:10");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3314312");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3314312");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3314312");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [27778 octets] - [02/01/2014 10:47:51]
AdwCleaner[s0].txt - [27871 octets] - [02/01/2014 11:07:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [27932 octets] ##########
Link to post
Share on other sites

Just finished with MBbytes....as soon as the notepad info below posted....it did it again...it has been silent the whole time until then...still not fixed

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.02.03
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ann :: ANN-PC [administrator]
 
1/2/2014 11:17:07 AM
mbam-log-2014-01-02 (11-17-07).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 440208
Time elapsed: 3 hour(s), 14 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 14-01-01.01 - Ann 01/02/2014  17:57:15.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2941.1487 [GMT -6:00]

Running from: c:\users\Ann\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\CouponAlert_2pEI

c:\program files\DailyFitnessCenter_53EI

c:\program files\DailyFitnessCenter_53EI\Installr\1.bin\53EIPlug.dll

c:\program files\DailyFitnessCenter_53EI\Installr\1.bin\53EZSETP.dll

c:\program files\DailyFitnessCenter_53EI\Installr\1.bin\NP53EISb.dll

c:\users\Ann\AppData\Local\Temp\GC\Profiles\{0B2D4495-DD9A-4B9E-8115-3BEEF6D710D1}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\Ann\AppData\Local\Temp\GC\Profiles\{0B2D4495-DD9A-4B9E-8115-3BEEF6D710D1}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\Ann\AppData\Local\Temp\GC\Profiles\{16EABAC2-8658-4EDC-B022-B085FB98956A}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\Ann\AppData\Local\Temp\GC\Profiles\{16EABAC2-8658-4EDC-B022-B085FB98956A}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\Ann\AppData\Local\Temp\GC\Profiles\{1B1DB09B-4213-4B46-A952-EAA8A3B0E916}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\Ann\AppData\Local\Temp\GC\Profiles\{34C2B487-4BF3-4A10-A694-9D646249A734}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\Ann\AppData\Local\Temp\GC\Profiles\{34C2B487-4BF3-4A10-A694-9D646249A734}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome.manifest

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\asyncDB.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\background.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\browserAction.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\contextMenu.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\dbManager.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\dom_bg.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\fileManager.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\firefox.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\firefoxNotifications.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\firefoxOmnibox.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\message.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\pageAction.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\request.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\tabs.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\api\webRequest.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\background.html

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\baseObject.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\browser.xul

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\console.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\consts.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\delegate.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\extensionDataStore.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\folderIOWrapper.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\httpObserver.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\IDBWrapper.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\installer.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\logFile.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\prefs.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\progressListenerObserver.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\registry.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\reloadObserver.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\reports.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\requestObject.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\searchSettings.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\uninstallObserver.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\updateManager.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\utils.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\core\xhr.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\dialog.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\main.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\options.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\options.xul

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\chrome\content\search_dialog.xul

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\defaults\preferences\prefs.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\manifest.xml

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins.json

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\1_base.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\101_cortica_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\102_dealply_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\103_intext_5_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\104_jollywallet_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\105_corticas_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\107_coupish_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\108_icm_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\116_ads_only_5_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\117_coupons_intext_ads_5_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\119_similar_web_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\120_luck_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\123_intext_adv_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\125_arcadi2_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\126_revizer_ws_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\127_revizer_p_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\128_superfish_pricora_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\129_widdit_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\13_CrossriderAppUtils.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\135_arcadi3_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\138_getdeal_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\14_CrossriderUtils.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\141_corticas_ru_m.js.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\142_intext_fa_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\155_ibario_pops_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\159_cortica_rollover_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\16_FFAppAPIWrapper.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\17_jQuery.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\170_icm1_5_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\171_arcadi2_sourceID_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\175_coolmirage_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\178_revizer_ws_dynamic_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\179_revizer_p_dynamic_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\21_debug.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\22_resources.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\28_initializer.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\4_jquery_1_7_1.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\47_resources_background.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\64_appApiMessage.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\7_hooks.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\72_appApiValidation.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\78_CrossriderInfo.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\87_ginyas_wrapper.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\9_search_engine_hook.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\91_monetizationLoader.js.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\92_superfish_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\93_superfish_no_coupons_m.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\98_omniCommands.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\userCode\background.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\userCode\extension.js

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\install.rdf

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\locale\en-US\translations.dtd

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\button1.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\button2.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\button3.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\button4.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\button5.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\crossrider_statusbar.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\icon128.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\icon16.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\icon24.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\icon48.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\panelarrow-up.png

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\popup.html

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\skin.css

c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\skin\update.css

c:\windows\security\Database\tmp.edb

c:\windows\system32\pt

c:\windows\system32\pt\toscdspd.cpl.mui

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-03 to 2014-01-03  )))))))))))))))))))))))))))))))

.

.

2014-01-02 16:47 . 2014-01-02 17:08 -------- d-----w- C:\AdwCleaner

2014-01-02 15:26 . 2013-12-04 00:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0077B3F-C058-48A3-AE3A-9E9F0C00B6F3}\mpengine.dll

2013-12-29 19:58 . 2013-12-29 19:58 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8100616F-8FB7-466B-8453-01B03A8F8930}\gapaengine.dll

2013-12-29 19:58 . 2013-12-04 00:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-12-29 19:54 . 2013-12-29 19:54 -------- d-----w- c:\program files\Microsoft Security Client

2013-12-23 19:32 . 2013-12-23 19:32 4558848 ----a-w- c:\windows\system32\GPhotos.scr

2013-12-11 10:07 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys

2013-12-11 10:06 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll

2013-12-11 10:06 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-11 10:06 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-11 10:06 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll

2013-12-11 10:06 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx

2013-12-11 10:06 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll

2013-12-11 10:06 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe

2013-12-11 10:06 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe

2013-12-11 10:06 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-02 16:28 . 2014-01-02 16:28 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 17976 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 15872 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 22072 ----a-w- c:\windows\system32\drivers\wd.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 62464 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 20608 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 130616 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 52792 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 110080 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 20024 ----a-w- c:\windows\system32\drivers\viaide.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 56888 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak

2014-01-02 16:28 . 2014-01-02 16:28 41472 ----a-w- c:\windows\system32\drivers\viac7.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 18432 ----a-w- c:\windows\system32\drivers\UVCFTR_S.SYS.bak

2014-01-02 16:28 . 2014-01-02 16:28 134272 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 65536 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak

2014-01-02 16:28 . 2014-01-02 16:28 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 226304 ----a-w- c:\windows\system32\drivers\usbport.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 18944 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 6016 ----a-w- c:\windows\system32\drivers\usbd.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 68608 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 7680 ----a-w- c:\windows\system32\drivers\umpass.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 34816 ----a-w- c:\windows\system32\drivers\umbus.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 98408 ----a-w- c:\windows\system32\drivers\ulsata.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 115816 ----a-w- c:\windows\system32\drivers\ulsata2.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 238648 ----a-w- c:\windows\system32\drivers\uliahci.sys.bak

2014-01-02 16:28 . 2014-01-02 16:28 60984 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak

2014-01-02 16:28 . 2014-01-02 16:28 226816 ----a-w- c:\windows\system32\drivers\udfs.sys.bak

2014-01-02 16:28 . 2014-01-02 16:27 59448 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak

2014-01-02 16:27 . 2014-01-02 16:27 23640 ----a-w- c:\windows\system32\drivers\TVALZ_O.SYS.bak

2014-01-02 16:27 . 2014-01-02 16:27 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS.bak

2014-01-02 16:27 . 2014-01-02 16:27 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 53224 ----a-w- c:\windows\system32\drivers\termdd.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 285184 ----a-w- c:\windows\system32\drivers\tos_sps32.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 72192 ----a-w- c:\windows\system32\drivers\tdx.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 29184 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 20992 ----a-w- c:\windows\system32\drivers\tdi.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 17920 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 16128 ----a-w- c:\windows\system32\drivers\tdcmdpst.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 196400 ----a-w- c:\windows\system32\drivers\SynTP.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 34920 ----a-w- c:\windows\system32\drivers\sym_u3.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 35944 ----a-w- c:\windows\system32\drivers\symc8xx.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 31848 ----a-w- c:\windows\system32\drivers\sym_hi.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 15288 ----a-w- c:\windows\system32\drivers\swenum.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 52992 ----a-w- c:\windows\system32\drivers\stream.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 122344 ----a-w- c:\windows\system32\drivers\Storport.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 146432 ----a-w- c:\windows\system32\drivers\srv2.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 305152 ----a-w- c:\windows\system32\drivers\srv.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 684032 ----a-w- c:\windows\system32\drivers\spsys.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 21048 ----a-w- c:\windows\system32\drivers\spldr.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 74808 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 66560 ----a-w- c:\windows\system32\drivers\smb.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 41016 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 55864 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak

2014-01-02 16:27 . 2014-01-02 16:27 13312 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 13312 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 17920 ----a-w- c:\windows\system32\drivers\serenum.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 76392 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 142904 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 60416 ----a-w- c:\windows\system32\drivers\RTSTOR.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 104448 ----a-w- c:\windows\system32\drivers\Rtlh86.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 2058528 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 1710640 ----a-w- c:\windows\system32\drivers\rt2870.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 8192 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 60416 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 6144 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys.bak

2014-01-02 16:27 . 2014-01-02 16:27 6144 ----a-w- c:\windows\system32\drivers\RDPCDD.sys.bak

2011-04-14 19:01 . 2010-08-13 23:11 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]

2008-01-22 21:25 712704 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2013-04-22 02:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2012-11-05 21:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]

2010-10-27 17:44 328992 ----a-w- c:\program files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]

2007-11-01 05:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2013-05-01 08:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]

2008-10-07 17:28 180224 ----a-w- c:\program files\Nova Development\Greeting Card Factory Photo Card Maker 2.0\ReminderApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-01-30 01:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-11-21 01:15 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2007-06-16 04:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]

2008-01-17 23:27 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide

"HeadlineAlley_29 Browser Plugin Loader"=c:\progra~1\HEADLI~2\bar\1.bin\29brmon.exe

"HeadlineAlley Search Scope Monitor"="c:\progra~1\HEADLI~2\bar\1.bin\29srchmn.exe" /m=2 /w /h

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start

"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe

"InboxToolbar"="c:\program files\Inbox Toolbar\Inbox.exe" /STARTUP

"FileOpenBroker"=c:\program files\FileOpen\Services\FileOpenBroker32.exe

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"UMonit"=c:\windows\system32\UMonit.exe

"ISUSPM"=c:\programdata\FLEXnet\Connect\11\\isuspm.exe -scheduler

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 02:35 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2011-05-09 16:35 114176 ----a-w- c:\windows\System32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-22 01:31]

.

2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 03:21]

.

2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 03:21]

.

.

------- Supplementary Scan -------

.




IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\1bryt6pu.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo!


FF - ExtSQL: !HIDDEN! 2009-08-08 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-NDSTray - NDSTray.exe

AddRemove-GigaClicks Crawler - c:\users\Ann\AppData\Local\GCC\uninstall.exe

AddRemove-{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A} - c:\program files\ParetoLogic\DriverCure\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-01-02 18:18

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrueSight]

"ImagePath"="\??\"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-378617835-4007918265-3677288751-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%²*%]

@Class="Shell"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Common Files\Nuance\dgnsvc.exe

c:\program files\FileOpen\Services\FileOpenManagerService32.exe

c:\programdata\FileOpen\Services\FileOpenManagerSvc32.exe

c:\toshiba\IVP\ISM\pinger.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\users\Ann\AppData\Local\GCC\Controller.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\program files\Google\Chrome\Application\chrome.exe

c:\program files\Google\Chrome\Application\chrome.exe

c:\program files\Google\Chrome\Application\chrome.exe

c:\program files\Google\Chrome\Application\chrome.exe

c:\program files\Google\Chrome\Application\chrome.exe

c:\program files\Google\Chrome\Application\chrome.exe

c:\program files\Google\Chrome\Application\chrome.exe

c:\program files\Google\Chrome\Application\chrome.exe

.

**************************************************************************

.

Completion time: 2014-01-02  18:25:32 - machine was rebooted

ComboFix-quarantined-files.txt  2014-01-03 00:25

.

Pre-Run: 78,273,486,848 bytes free

Post-Run: 86,551,740,416 bytes free

.

- - End Of File - - C5DE88926759846F6E04351EFB8483CC

5B5E648D12FCADC244C1EC30318E1EB9

 

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :Filefindrpcss.dll   
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff
Log created at 19:46 on 02/01/2014 by Ann
Administrator - Elevation successful

========== Filefind ==========

Searching for "rpcss.dll "
C:\Windows\erdnt\cache\rpcss.dll --a---- 550400 bytes [00:23 03/01/2014] [06:28 11/04/2009] 3B5B4D53FEC14F7476CA29A20CC31AC9
C:\Windows\System32\rpcss.dll --a---- 550400 bytes [22:04 11/09/2009] [06:28 11/04/2009] 3B5B4D53FEC14F7476CA29A20CC31AC9
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll --a---- 549888 bytes [14:17 16/04/2009] [04:19 03/03/2009] 7B981222A257D076885BFFB66F19B7CE
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll --a---- 550400 bytes [14:17 16/04/2009] [04:17 03/03/2009] B1BB45E24717A7F790B4411C4446EF5E
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll --a---- 547328 bytes [02:24 21/01/2008] [02:24 21/01/2008] 33FB1F0193EE2051067441492D56113C
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll --a---- 551424 bytes [14:17 16/04/2009] [04:39 03/03/2009] 301AE00E12408650BADDC04DBC832830
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll --a---- 551424 bytes [14:17 16/04/2009] [04:32 03/03/2009] 4DFCBDEF3CCAA98F99038DED78945253
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll --a---- 550400 bytes [22:04 11/09/2009] [06:28 11/04/2009] 3B5B4D53FEC14F7476CA29A20CC31AC9

-= EOF =-

Link to post
Share on other sites

That looks OK..

Should I try restarting the computer and using only Chrome and see if it comes back? And then do the same with IE

This infection may be linked to Chrome, so give that a try.

Also, reset Chrome: https://support.google.com/chrome/answer/3296214?hl=en

and make sure all the extensions and plug-ins are disabled.

See if there's any difference.

MrC

Link to post
Share on other sites

I thought it was fixed but it is not. She used chrome today and it started again. I just uninstalled chrome because she doesn't even know how it got on there and is fine with not using it. I will have her try all night with IE and see if it comes back. How does that sound?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.