Jump to content

cdn popup adware in browser can't be removed


Recommended Posts

CCleaner has been run, Malwarebyes permium version has been run. its cdn.adnxs.com that can't be removed

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by overallbeauty (administrator) on PC1 on 23-05-2014 11:08:13
Running from C:\Users\overallbeauty\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
(RingCentral, Inc.) C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HttpWatch_RegIEPlugin] => C:\Program Files (x86)\HttpWatch\regieplugin.exe [2344600 2014-02-14] (Simtec Limited)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1596224 2014-04-17] (IObit)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-105561042-507982339-2633723906-1000\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe [2562368 2013-12-02] (IObit)
HKU\S-1-5-21-105561042-507982339-2633723906-1000\...\Run: [RCUI] => C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe [493872 2013-04-08] (RingCentral, Inc.)
HKU\S-1-5-21-105561042-507982339-2633723906-1000\...\Run: [RCHotKey] => C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe [39216 2013-10-23] (RingCentral, Inc.)
HKU\S-1-5-21-105561042-507982339-2633723906-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-105561042-507982339-2633723906-1000\...\MountPoints2: {4210050d-4b00-11e3-9517-ded5a6848463} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {5C2E09DA-E6AA-4943-99AE-3A167C7412D2} URL = http://www.facebook.com/search/?src=os&q={searchTerms}
SearchScopes: HKCU - {A62589EB-C5FF-4DBF-BD21-F33F18012F60} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RCIEBrowserToolbar Class - {05F8C4F4-44DA-49D7-92EE-0944AB774D99} - C:\Program Files (x86)\RingCentral\RingCentral Call Controller\IEBHO.dll (RingCentral, Inc.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AccelerateTab - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll (Secure Speed Dial)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adblock - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll (Adblock)
BHO-x32: HttpWatch Basic - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files (x86)\HttpWatch\httpwatchsc.dll (Simtec Limited)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  No File
Toolbar: HKLM-x32 - No Name - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - RingCentral For Internet Explorer - {A50F643C-3C5B-4D99-B68C-21A13C81E50E} - C:\Program Files (x86)\RingCentral\RingCentral Call Controller\IEBHO.dll (RingCentral, Inc.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {A50F643C-3C5B-4D99-B68C-21A13C81E50E} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default
FF user.js: detected! => C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\user.js
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @httpwatch.com/hw_addon - C:\Program Files (x86)\HttpWatch\Firefox\components ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\overallbeauty\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\overallbeauty\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\searchplugins\googleca-unpersonalized-.xml
FF SearchPlugin: C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\searchplugins\googlecom-unpersonalized--with-results-indexed-in-the-last-2.xml
FF SearchPlugin: C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\searchplugins\googlecom-unpersonalized-.xml
FF SearchPlugin: C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\searchplugins\googlecom-unpersonalized-but-with-american-adwords.xml
FF SearchPlugin: C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\searchplugins\googlecom-unpersonalized-with-results-for-the-last-7-days.xml
FF SearchPlugin: C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\searchplugins\googlecomau-unpersonalized-.xml
FF SearchPlugin: C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\searchplugins\googlecouk-unpersonalized-.xml
FF SearchPlugin: C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\searchplugins\social-mention.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\ascsurfingprotection@iobit.com [2013-12-16]
FF Extension: Разпознаване на устройство Logitech - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\DeviceDetection@logitech.com [2011-08-09]
FF Extension: FavIconReloader - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\FavIconReloader@mozilla.org [2013-07-06]
FF Extension: IE Tab Plus - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\ietab@ip.cn [2012-05-04]
FF Extension: KGen - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\kgen@elitwork.com [2010-12-14]
FF Extension: Print pages to PDF - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\printPages2Pdf@reinhold.ripper [2013-11-28]
FF Extension: AD Block - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\searchads@instair.net [2014-05-09]
FF Extension: AccelerateTab - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\speeddial@instair.net [2014-03-04]
FF Extension: WebRank SEO Toolbar - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\webrank-toolbar@probcomp.com [2013-12-01]
FF Extension: ColorfulTabs - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-05-14]
FF Extension: FireShot - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-05-03]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-16]
FF Extension: SeoQuake - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-05-12]
FF Extension: AddThis - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2012-08-27]
FF Extension: Empty Cache Button - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-05-08]
FF Extension: ReminderFox - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-18]
FF Extension: AllowClipboard Helper - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{cda6db95-6aab-414b-803c-40cf34f589b5} [2013-05-02]
FF Extension: SearchPreview - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-20]
FF Extension: After the Deadline - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\afterthedeadline@afterthedeadline.com.xpi [2012-02-03]
FF Extension: Add to Amazon Wish List Button - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\amznUWL2@amazon.com.xpi [2011-06-22]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\elemhidehelper@adblockplus.org.xpi [2011-09-28]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\fbp@fbpurity.com.xpi [2013-02-27]
FF Extension: feedly - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\feedly@devhd.xpi [2013-01-21]
FF Extension: Firebug - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-30]
FF Extension: FireDiff - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\firediff@johnjbarton.com.xpi [2012-12-30]
FF Extension: Foxy SEO Tool - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\foxyseotool@foxyseotool.com.xpi [2011-06-30]
FF Extension: Spell Checker - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\gaurangnshah@gmail.com.xpi [2013-07-06]
FF Extension: Save Text To File - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2013-02-27]
FF Extension: cssUpdater - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\info@cssUpdater.com.xpi [2012-12-30]
FF Extension: Flash Control - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2014-05-18]
FF Extension: SafeBrowser - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\jid1-Y6skBMJOzmzplw@jetpack.xpi [2014-05-18]
FF Extension: DuckDuckGo Plus - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-10-11]
FF Extension: Buffer for Firefox - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\jid1-zUyU7TGKwejAyA@jetpack.xpi [2013-07-16]
FF Extension: NetExport - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\netexport@getfirebug.com.xpi [2012-12-30]
FF Extension: Noia 4 Theme Manager - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\Noia4Options@ArisT2.xpi [2013-02-28]
FF Extension: Noia Fox options - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\NoiaFoxoption@davidvincent.tld.xpi [2013-02-28]
FF Extension: Open in IE - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\openinie@wittersworld.com.xpi [2012-10-12]
FF Extension: Personas Plus - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\personas@christopher.beard.xpi [2011-05-07]
FF Extension: Print Edit - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\printedit@DW-dev.xpi [2012-07-08]
FF Extension: InstantFox - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\searchy@searchy.xpi [2011-09-13]
FF Extension: SenSEO - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\senseo@nicosteiner.de.xpi [2012-03-15]
FF Extension: SEO Doctor - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\seodoctor@prelovac.com.xpi [2011-06-21]
FF Extension: socialmonkee - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\sm@submitter.net.xpi [2011-07-24]
FF Extension: FastestFox - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\smarterwiki@wikiatic.com.xpi [2013-10-11]
FF Extension: Socialite - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\socialite@chromakode.xpi [2013-10-26]
FF Extension: Test Pilot - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\testpilot@labs.mozilla.com.xpi [2011-11-09]
FF Extension: Alexa Toolbar - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\toolbar@alexa.com.xpi [2012-12-11]
FF Extension: Google Translator for Firefox - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\translator@zoli.bod.xpi [2013-01-21]
FF Extension: Undo Closed Tabs Button - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2013-11-28]
FF Extension: All-in-One Sidebar - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013-01-21]
FF Extension: Capture & Print - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2013-02-27]
FF Extension: GoogleEnhancer - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}.xpi [2011-09-13]
FF Extension: Swoosty SEO Tools - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{23ad39a3-36e7-4d8e-92d2-ba116ee32c45}.xpi [2011-11-28]
FF Extension: PDF Download - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013-02-27]
FF Extension: ShowIP - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2012-12-30]
FF Extension: Print Hint - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{4ca88e02-7bbb-43fe-ae41-5103893fa10c}.xpi [2011-05-07]
FF Extension: Google Shortcuts - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi [2011-09-13]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-05-24]
FF Extension: Searchbar Autosizer - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}.xpi [2011-09-13]
FF Extension: Bluhell Firewall - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-07-06]
FF Extension: IE View - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi [2011-11-11]
FF Extension: Google  Image Search - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2013-11-06]
FF Extension: Noia Fox - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi [2013-02-28]
FF Extension: StumbleUpon - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-05-24]
FF Extension: Abduction! - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2012-07-08]
FF Extension: Pearl Crescent Page Saver Basic - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2012-07-08]
FF Extension: NoDoFollow - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi [2013-08-28]
FF Extension: Adblock Plus - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: SearchStatus - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-10-12]
FF Extension: Tab Mix Plus - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: CoLT - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}.xpi [2013-11-28]
FF Extension: Menu Editor - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2011-09-13]
FF Extension: Noia 4 - C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi [2013-04-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-09]
FF HKLM-x32\...\Firefox\Extensions: [{1E2593B2-E106-4697-BCE7-A9D30DE05D73}] - C:\Program Files (x86)\HttpWatch\Firefox\
FF Extension: HttpWatch Basic Edition - C:\Program Files (x86)\HttpWatch\Firefox\ []
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-09]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-01-05]
CHR Extension: (Google Drive) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-05]
CHR Extension: (Free Online Tarot Readings) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllpaelopnfgfampngdhgolbpfdkpdem [2013-11-09]
CHR Extension: (Add to Amazon Wish List) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-01-05]
CHR Extension: (Amazon) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciilfbphlddbmadcmmaocccdmhlelgck [2013-11-09]
CHR Extension: (Anna Sui) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib [2013-11-11]
CHR Extension: (Entanglement) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmnpffgfpcohhpoddjankjanolcekbni [2013-11-06]
CHR Extension: (MailChimp) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2013-11-09]
CHR Extension: (Google Calendar) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-09]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2013-11-09]
CHR Extension: (AccelerateTab) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg [2013-09-15]
CHR Extension: (PageRank Status) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2013-11-09]
CHR Extension: (AirDroid) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2013-11-09]
CHR Extension: (Thwack!!) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpjdjohkhgeohefcpllhdknhlgdgeajf [2013-01-05]
CHR Extension: (Blossom) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\idjmedbobeakbopimfiicbonioiahhnd [2013-01-05]
CHR Extension: (AccelerateTab) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak [2014-03-04]
CHR Extension: (History Eraser App) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjolhjmdgbhebcdnfjhngobjggghoipa [2013-11-09]
CHR Extension: (Etsy™) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnaidjmopknoembnafdnoljkpeidcgaa [2013-11-09]
CHR Extension: (HootSuite) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2013-01-05]
CHR Extension: (AD Block) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb [2014-01-17]
CHR Extension: (Poppit) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-01-05]
CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2013-11-11]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2013-01-19]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-12-16]
CHR Extension: (Google Wallet) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (AD Block) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkdcodhlkmiakbangobnmdhieapagic [2013-11-06]
CHR Extension: (Click&Clean App) - C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2013-11-09]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-14] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [886592 2013-12-16] (IObit)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [647488 2013-12-10] (IOBit)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-01-24] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-02-03] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 SecureUpdateSvc; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2503504 2014-03-04] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 ACDaemon; No ImagePath

==================== Drivers (Whitelisted) ====================

R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-04-30] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-12] (Anchorfree Inc.)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U4 eabfiltr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 11:08 - 2014-05-23 11:08 - 00040842 _____ () C:\Users\overallbeauty\Downloads\FRST.txt
2014-05-23 11:08 - 2014-05-23 11:08 - 00000000 ____D () C:\FRST
2014-05-23 11:07 - 2014-05-23 11:07 - 02067456 _____ (Farbar) C:\Users\overallbeauty\Downloads\FRST64(1).exe
2014-05-23 11:06 - 2014-05-23 11:06 - 02067456 _____ (Farbar) C:\Users\overallbeauty\Downloads\FRST64.exe
2014-05-23 06:51 - 2014-05-23 06:51 - 00174624 _____ () C:\Users\overallbeauty\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-23 06:35 - 2014-05-23 06:35 - 04748896 _____ (Piriform Ltd) C:\Users\overallbeauty\Downloads\ccsetup414.exe
2014-05-18 10:43 - 2014-05-18 10:43 - 05504002 _____ () C:\Users\overallbeauty\Downloads\GoogleAlgoChanges_plr.zip
2014-05-18 10:43 - 2014-05-18 10:43 - 02039272 _____ () C:\Users\overallbeauty\Downloads\GoogleBusinessBlueprint-plr.zip
2014-05-18 10:42 - 2014-05-18 10:42 - 03267028 _____ () C:\Users\overallbeauty\Downloads\ContentMarketing101_mrr.zip
2014-05-18 10:42 - 2014-05-18 10:42 - 03215800 _____ () C:\Users\overallbeauty\Downloads\AdWordsClicks1Cent_mrr.zip
2014-05-18 10:42 - 2014-05-18 10:42 - 02024143 _____ () C:\Users\overallbeauty\Downloads\1KSubscribers30Days_mrr.zip
2014-05-18 10:42 - 2014-05-18 10:42 - 02013135 _____ () C:\Users\overallbeauty\Downloads\ExplainGooglePlus_mrr.zip
2014-05-16 21:24 - 2014-05-16 21:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 20:40 - 2014-05-16 20:40 - 02496241 _____ () C:\Users\overallbeauty\Downloads\SelfEsteemKit.zip
2014-05-15 22:41 - 2014-05-15 22:41 - 00300032 _____ () C:\Users\overallbeauty\Downloads\ProfitzamExcelTemplate.xls
2014-05-15 19:27 - 2014-05-15 19:27 - 05050787 _____ () C:\Users\overallbeauty\Downloads\DN+Bonus(4).zip
2014-05-15 15:56 - 2014-05-15 15:56 - 00028433 _____ () C:\Users\overallbeauty\Downloads\simple-social-icons.1.0.6(1).zip
2014-05-15 14:56 - 2014-05-15 14:56 - 00028433 _____ () C:\Users\overallbeauty\Downloads\simple-social-icons.1.0.6.zip
2014-05-15 01:59 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 01:59 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 01:59 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 01:59 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 01:59 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 01:59 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 00:20 - 2014-05-15 00:20 - 00002286 _____ () C:\Users\overallbeauty\Documents\stuff to use for vuccum article.txt
2014-05-14 15:25 - 2014-05-14 15:25 - 03182345 _____ () C:\Users\overallbeauty\Downloads\PerfectPostProVersion204-UNZIP_ME (1).zip
2014-05-14 15:25 - 2014-05-14 15:25 - 00000000 ____D () C:\Users\overallbeauty\Downloads\PerfectPostProVersion204-UNZIP_ME (1)
2014-05-14 14:18 - 2014-05-08 23:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 14:18 - 2014-05-08 23:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 14:18 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 14:18 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 14:17 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 14:17 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 14:17 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 14:17 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 14:17 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 14:17 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 14:17 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 14:17 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 14:17 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 14:17 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 14:17 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 14:17 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 14:17 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 14:17 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 14:17 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 14:17 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 14:17 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 14:17 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 14:17 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 14:17 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 14:17 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 14:17 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 14:17 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 14:17 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 14:17 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 14:17 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 14:17 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 14:17 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 14:17 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 14:17 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 13:09 - 2014-05-14 13:09 - 03182345 _____ () C:\Users\overallbeauty\Downloads\PerfectPostProVersion204-UNZIP_ME(2).zip
2014-05-14 13:01 - 2014-05-14 13:01 - 03182345 _____ () C:\Users\overallbeauty\Downloads\PerfectPostProVersion204-UNZIP_ME(1).zip
2014-05-14 12:45 - 2014-05-14 15:25 - 00000000 ____D () C:\Users\overallbeauty\Downloads\PerfectPostFreeVersion104-UNZIP_ME
2014-05-14 12:38 - 2014-05-14 12:38 - 03182345 _____ () C:\Users\overallbeauty\Downloads\PerfectPostProVersion204-UNZIP_ME.zip
2014-05-14 12:34 - 2014-05-14 12:34 - 01116720 _____ () C:\Users\overallbeauty\Downloads\Extreme-Review-for-Perfect-Post-204.zip
2014-05-12 15:47 - 2014-05-12 15:47 - 04195839 _____ () C:\Users\overallbeauty\Downloads\PerfectPostFreeVersion104-UNZIP_ME.zip
2014-05-11 12:51 - 2014-05-11 12:52 - 00233346 _____ () C:\Users\overallbeauty\Downloads\fitnessat(1).zip
2014-05-11 12:51 - 2014-05-11 12:51 - 00233346 _____ () C:\Users\overallbeauty\Downloads\fitnessat.zip
2014-05-10 22:44 - 2014-05-10 22:44 - 00001493 _____ () C:\Users\overallbeauty\Documents\giveaway terms for john russo.txt
2014-05-10 21:49 - 2014-05-10 21:49 - 21644687 _____ () C:\Users\overallbeauty\Downloads\head-vs-heart-download.zip
2014-05-09 21:31 - 2014-05-09 21:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 11:16 - 2014-05-23 08:03 - 00000000 ____D () C:\Users\overallbeauty\Documents\Pretty Serious
2014-05-09 08:25 - 2014-05-15 09:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 14:23 - 2014-05-07 14:23 - 00000000 __SHD () C:\Users\overallbeauty\AppData\Local\EmieUserList
2014-05-07 14:23 - 2014-05-07 14:23 - 00000000 __SHD () C:\Users\overallbeauty\AppData\Local\EmieSiteList
2014-05-06 12:16 - 2014-05-06 12:16 - 00346320 _____ () C:\Users\overallbeauty\Downloads\Download-1-paypal.csv
2014-05-06 11:08 - 2014-05-06 11:08 - 00387208 _____ () C:\Users\overallbeauty\Downloads\Download-paypal.csv
2014-05-06 09:20 - 2014-05-06 09:20 - 00778168 _____ () C:\Users\overallbeauty\Downloads\Download.csv
2014-05-06 09:18 - 2014-05-06 09:18 - 00337736 _____ () C:\Users\overallbeauty\Downloads\EtsyListingsDownload(2).csv
2014-05-06 08:37 - 2014-05-06 08:37 - 00102606 _____ () C:\Users\overallbeauty\Downloads\Download(1).qif
2014-05-05 16:38 - 2014-05-05 16:38 - 00017000 _____ () C:\Users\overallbeauty\Downloads\10articles.zip
2014-05-04 07:55 - 2014-05-04 07:55 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-05-04 07:55 - 2014-05-04 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-05-04 07:51 - 2014-05-04 07:51 - 00003180 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-05-04 07:51 - 2014-05-04 07:51 - 00001170 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-05-04 07:50 - 2014-05-04 07:50 - 08935344 _____ (IObit ) C:\Users\overallbeauty\Downloads\smart-defrag-setup.exe
2014-04-30 09:49 - 2014-04-30 13:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 06:44 - 2014-04-30 06:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2014-04-30 06:43 - 2014-04-30 06:43 - 00033008 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2014-04-29 13:16 - 2014-04-29 13:17 - 00017167 _____ () C:\Users\overallbeauty\Downloads\JPMC.QFX
2014-04-29 13:16 - 2014-04-29 13:16 - 00037075 _____ () C:\Users\overallbeauty\Desktop\JPMC.QFX
2014-04-29 11:53 - 2014-04-29 11:53 - 00000163 _____ () C:\Users\overallbeauty\Documents\Date Generator.ssm
2014-04-29 11:43 - 2014-04-29 11:43 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScriptSmart4.lnk
2014-04-28 14:51 - 2014-04-28 14:51 - 00052706 _____ () C:\Users\overallbeauty\Downloads\seo-roi-cheat-sheet.xlsx
2014-04-28 14:14 - 2014-04-28 14:17 - 00000000 ____D () C:\Users\overallbeauty\Documents\dic care niche 4-28
2014-04-25 13:20 - 2014-04-25 13:20 - 00000000 ____D () C:\Users\overallbeauty\Downloads\PanicAttacksWebsitePLR0811
2014-04-24 09:17 - 2014-04-24 09:17 - 17822566 _____ () C:\Users\overallbeauty\Downloads\im-web-graphics-pack-v2(1).zip
2014-04-24 09:17 - 2014-04-24 09:17 - 00127947 _____ () C:\Users\overallbeauty\Downloads\wp-dealpon-plugin(2).zip
2014-04-24 09:16 - 2014-04-24 09:17 - 92416796 _____ () C:\Users\overallbeauty\Downloads\HowToEditHeaderTemplates.mov(1).zip
2014-04-24 09:16 - 2014-04-24 09:17 - 62887114 _____ () C:\Users\overallbeauty\Downloads\premium-headers-pack(1).zip
2014-04-24 09:16 - 2014-04-24 09:16 - 00127947 _____ () C:\Users\overallbeauty\Downloads\wp-dealpon-plugin(1).zip
2014-04-24 09:16 - 2014-04-24 09:16 - 00012339 _____ () C:\Users\overallbeauty\Downloads\wp-auto-links(1).zip
2014-04-24 09:15 - 2014-04-24 09:15 - 02520180 _____ () C:\Users\overallbeauty\Downloads\15-ways-to-generate-traffic_full(2).zip
2014-04-24 09:14 - 2014-04-24 09:14 - 00207581 _____ () C:\Users\overallbeauty\Downloads\AzonTheme(1).zip
2014-04-24 09:14 - 2014-04-24 09:14 - 00119153 _____ () C:\Users\overallbeauty\Downloads\anti-backlinker-v0.7.2.zip
2014-04-23 08:56 - 2014-04-23 08:56 - 00070465 _____ () C:\Users\overallbeauty\Downloads\commentluv-link-cleaner-v0.9.8(1).zip

==================== One Month Modified Files and Folders =======

2014-05-23 11:08 - 2014-05-23 11:08 - 00040842 _____ () C:\Users\overallbeauty\Downloads\FRST.txt
2014-05-23 11:08 - 2014-05-23 11:08 - 00000000 ____D () C:\FRST
2014-05-23 11:07 - 2014-05-23 11:07 - 02067456 _____ (Farbar) C:\Users\overallbeauty\Downloads\FRST64(1).exe
2014-05-23 11:06 - 2014-05-23 11:06 - 02067456 _____ (Farbar) C:\Users\overallbeauty\Downloads\FRST64.exe
2014-05-23 11:00 - 2014-01-25 01:12 - 00000390 _____ () C:\Windows\Tasks\WpsNotifyTask_overallbeauty.job
2014-05-23 10:57 - 2014-01-25 01:12 - 00000390 _____ () C:\Windows\Tasks\WpsUpdateTask_overallbeauty.job
2014-05-23 10:41 - 2014-01-21 09:35 - 01453309 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 10:18 - 2012-04-01 14:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 10:14 - 2014-03-26 13:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-23 09:01 - 2014-02-03 21:04 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForoverallbeauty
2014-05-23 09:01 - 2014-02-03 21:04 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForoverallbeauty.job
2014-05-23 08:38 - 2013-08-02 17:18 - 00000000 ____D () C:\Users\overallbeauty\Desktop\Use Your Words Delivery Folder
2014-05-23 08:03 - 2014-05-09 11:16 - 00000000 ____D () C:\Users\overallbeauty\Documents\Pretty Serious
2014-05-23 07:14 - 2013-01-19 13:15 - 00000000 ____D () C:\Program Files (x86)\Stephen Hawkins
2014-05-23 07:14 - 2012-12-20 15:36 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-23 07:02 - 2013-01-21 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social Signal Tracker
2014-05-23 07:02 - 2012-12-10 19:03 - 00000000 ____D () C:\Program Files (x86)\Social Signal Tracker
2014-05-23 06:51 - 2014-05-23 06:51 - 00174624 _____ () C:\Users\overallbeauty\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-23 06:41 - 2012-09-06 11:34 - 00000000 ____D () C:\Users\overallbeauty\AppData\Local\CrashDumps
2014-05-23 06:38 - 2010-11-14 13:53 - 00001017 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-23 06:38 - 2010-03-08 20:55 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-05-23 06:35 - 2014-05-23 06:35 - 04748896 _____ (Piriform Ltd) C:\Users\overallbeauty\Downloads\ccsetup414.exe
2014-05-23 06:30 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 06:30 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 06:21 - 2013-12-16 09:59 - 00002214 _____ () C:\Users\Public\Desktop\Advanced SystemCare Ultimate 7.lnk
2014-05-23 06:19 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 10:50 - 2012-04-26 08:28 - 00000000 ____D () C:\Users\overallbeauty\Documents\ad
2014-05-18 13:25 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 10:43 - 2014-05-18 10:43 - 05504002 _____ () C:\Users\overallbeauty\Downloads\GoogleAlgoChanges_plr.zip
2014-05-18 10:43 - 2014-05-18 10:43 - 02039272 _____ () C:\Users\overallbeauty\Downloads\GoogleBusinessBlueprint-plr.zip
2014-05-18 10:42 - 2014-05-18 10:42 - 03267028 _____ () C:\Users\overallbeauty\Downloads\ContentMarketing101_mrr.zip
2014-05-18 10:42 - 2014-05-18 10:42 - 03215800 _____ () C:\Users\overallbeauty\Downloads\AdWordsClicks1Cent_mrr.zip
2014-05-18 10:42 - 2014-05-18 10:42 - 02024143 _____ () C:\Users\overallbeauty\Downloads\1KSubscribers30Days_mrr.zip
2014-05-18 10:42 - 2014-05-18 10:42 - 02013135 _____ () C:\Users\overallbeauty\Downloads\ExplainGooglePlus_mrr.zip
2014-05-17 18:00 - 2012-05-19 17:55 - 00000526 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cf2ecae8-a00e-43b5-80df-b4851ed538ff.job
2014-05-17 15:44 - 2012-09-28 23:58 - 00000000 ____D () C:\Users\overallbeauty\Documents\sea lore
2014-05-16 21:30 - 2013-12-16 09:59 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-16 21:25 - 2014-05-16 21:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 21:25 - 2014-02-03 21:50 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-16 21:25 - 2014-02-03 21:49 - 00000000 ____D () C:\Program Files\iTunes
2014-05-16 21:25 - 2014-02-03 21:49 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-16 21:25 - 2011-11-16 07:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-16 20:40 - 2014-05-16 20:40 - 02496241 _____ () C:\Users\overallbeauty\Downloads\SelfEsteemKit.zip
2014-05-16 20:28 - 2012-04-01 14:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 20:28 - 2012-04-01 14:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 20:28 - 2011-06-27 08:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 20:27 - 2010-03-08 07:33 - 00000000 ____D () C:\Users\overallbeauty\AppData\Local\Adobe
2014-05-16 06:37 - 2009-07-13 22:08 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-15 22:45 - 2014-01-21 10:05 - 00164864 ___SH () C:\Users\overallbeauty\Desktop\Thumbs.db
2014-05-15 22:45 - 2012-10-18 19:42 - 00000000 ____D () C:\Users\overallbeauty\Desktop\Page one traffic system
2014-05-15 22:41 - 2014-05-15 22:41 - 00300032 _____ () C:\Users\overallbeauty\Downloads\ProfitzamExcelTemplate.xls
2014-05-15 22:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 19:27 - 2014-05-15 19:27 - 05050787 _____ () C:\Users\overallbeauty\Downloads\DN+Bonus(4).zip
2014-05-15 15:56 - 2014-05-15 15:56 - 00028433 _____ () C:\Users\overallbeauty\Downloads\simple-social-icons.1.0.6(1).zip
2014-05-15 14:56 - 2014-05-15 14:56 - 00028433 _____ () C:\Users\overallbeauty\Downloads\simple-social-icons.1.0.6.zip
2014-05-15 09:20 - 2010-03-06 20:03 - 00000000 ___RD () C:\Users\overallbeauty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:20 - 2010-03-06 20:03 - 00000000 ___RD () C:\Users\overallbeauty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 09:15 - 2014-05-09 08:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 01:59 - 2010-05-19 16:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 01:57 - 2013-07-19 09:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 01:53 - 2010-03-09 09:01 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 00:20 - 2014-05-15 00:20 - 00002286 _____ () C:\Users\overallbeauty\Documents\stuff to use for vuccum article.txt
2014-05-14 17:17 - 2010-03-06 19:50 - 00000000 ____D () C:\Users\overallbeauty
2014-05-14 15:25 - 2014-05-14 15:25 - 03182345 _____ () C:\Users\overallbeauty\Downloads\PerfectPostProVersion204-UNZIP_ME (1).zip
2014-05-14 15:25 - 2014-05-14 15:25 - 00000000 ____D () C:\Users\overallbeauty\Downloads\PerfectPostProVersion204-UNZIP_ME (1)
2014-05-14 15:25 - 2014-05-14 12:45 - 00000000 ____D () C:\Users\overallbeauty\Downloads\PerfectPostFreeVersion104-UNZIP_ME
2014-05-14 15:22 - 2010-05-02 22:40 - 00000000 ____D () C:\Users\overallbeauty\AppData\Roaming\Skype
2014-05-14 13:09 - 2014-05-14 13:09 - 03182345 _____ () C:\Users\overallbeauty\Downloads\PerfectPostProVersion204-UNZIP_ME(2).zip
2014-05-14 13:01 - 2014-05-14 13:01 - 03182345 _____ () C:\Users\overallbeauty\Downloads\PerfectPostProVersion204-UNZIP_ME(1).zip
2014-05-14 12:38 - 2014-05-14 12:38 - 03182345 _____ () C:\Users\overallbeauty\Downloads\PerfectPostProVersion204-UNZIP_ME.zip
2014-05-14 12:34 - 2014-05-14 12:34 - 01116720 _____ () C:\Users\overallbeauty\Downloads\Extreme-Review-for-Perfect-Post-204.zip
2014-05-14 07:13 - 2011-01-16 16:34 - 00000000 ____D () C:\Users\Public\Documents\overallbeauty minerals site
2014-05-12 15:47 - 2014-05-12 15:47 - 04195839 _____ () C:\Users\overallbeauty\Downloads\PerfectPostFreeVersion104-UNZIP_ME.zip
2014-05-11 12:52 - 2014-05-11 12:51 - 00233346 _____ () C:\Users\overallbeauty\Downloads\fitnessat(1).zip
2014-05-11 12:51 - 2014-05-11 12:51 - 00233346 _____ () C:\Users\overallbeauty\Downloads\fitnessat.zip
2014-05-11 07:56 - 2012-03-12 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 22:44 - 2014-05-10 22:44 - 00001493 _____ () C:\Users\overallbeauty\Documents\giveaway terms for john russo.txt
2014-05-10 21:49 - 2014-05-10 21:49 - 21644687 _____ () C:\Users\overallbeauty\Downloads\head-vs-heart-download.zip
2014-05-10 08:10 - 2010-11-14 13:52 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 08:10 - 2010-11-14 13:52 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-09 21:31 - 2014-05-09 21:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:22 - 2010-11-14 13:52 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 08:22 - 2010-11-14 13:52 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 23:14 - 2014-05-14 14:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-08 23:11 - 2014-05-14 14:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 13:49 - 2014-03-11 18:07 - 00000000 ____D () C:\Users\overallbeauty\Documents\John Russo
2014-05-07 14:45 - 2011-05-15 14:36 - 00000000 ____D () C:\Users\Public\Documents\Kim Snyder
2014-05-07 14:23 - 2014-05-07 14:23 - 00000000 __SHD () C:\Users\overallbeauty\AppData\Local\EmieUserList
2014-05-07 14:23 - 2014-05-07 14:23 - 00000000 __SHD () C:\Users\overallbeauty\AppData\Local\EmieSiteList
2014-05-06 12:16 - 2014-05-06 12:16 - 00346320 _____ () C:\Users\overallbeauty\Downloads\Download-1-paypal.csv
2014-05-06 11:56 - 2010-03-21 13:23 - 00000000 ____D () C:\Users\overallbeauty\Documents\paid for images
2014-05-06 11:08 - 2014-05-06 11:08 - 00387208 _____ () C:\Users\overallbeauty\Downloads\Download-paypal.csv
2014-05-06 09:20 - 2014-05-06 09:20 - 00778168 _____ () C:\Users\overallbeauty\Downloads\Download.csv
2014-05-06 09:18 - 2014-05-06 09:18 - 00337736 _____ () C:\Users\overallbeauty\Downloads\EtsyListingsDownload(2).csv
2014-05-06 08:37 - 2014-05-06 08:37 - 00102606 _____ () C:\Users\overallbeauty\Downloads\Download(1).qif
2014-05-05 21:40 - 2014-05-15 01:59 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:17 - 2014-05-15 01:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:25 - 2014-05-15 01:59 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:07 - 2014-05-15 01:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 20:00 - 2014-05-15 01:59 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-15 01:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 16:38 - 2014-05-05 16:38 - 00017000 _____ () C:\Users\overallbeauty\Downloads\10articles.zip
2014-05-04 07:55 - 2014-05-04 07:55 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-05-04 07:55 - 2014-05-04 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-05-04 07:55 - 2010-03-08 19:47 - 00000000 ____D () C:\Users\overallbeauty\AppData\Roaming\IObit
2014-05-04 07:51 - 2014-05-04 07:51 - 00003180 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-05-04 07:51 - 2014-05-04 07:51 - 00001170 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-05-04 07:51 - 2014-01-26 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-05-04 07:50 - 2014-05-04 07:50 - 08935344 _____ (IObit ) C:\Users\overallbeauty\Downloads\smart-defrag-setup.exe
2014-05-02 07:25 - 2012-12-21 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-01 15:44 - 2014-03-11 23:56 - 00000000 ____D () C:\Users\overallbeauty\Documents\fonts made with 3D creator
2014-04-30 13:22 - 2014-04-30 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 06:44 - 2014-04-30 06:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2014-04-30 06:43 - 2014-04-30 06:43 - 00033008 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2014-04-29 13:17 - 2014-04-29 13:16 - 00017167 _____ () C:\Users\overallbeauty\Downloads\JPMC.QFX
2014-04-29 13:16 - 2014-04-29 13:16 - 00037075 _____ () C:\Users\overallbeauty\Desktop\JPMC.QFX
2014-04-29 11:53 - 2014-04-29 11:53 - 00000163 _____ () C:\Users\overallbeauty\Documents\Date Generator.ssm
2014-04-29 11:43 - 2014-04-29 11:43 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScriptSmart4.lnk
2014-04-29 11:43 - 2010-03-10 20:53 - 00000000 ____D () C:\Program Files (x86)\WebSmartCentral
2014-04-29 11:41 - 2011-01-20 00:02 - 00000000 ____D () C:\Users\overallbeauty\AppData\Roaming\com.script-smart.ScriptSmart4
2014-04-29 11:37 - 2013-12-13 12:32 - 00001059 _____ () C:\Users\overallbeauty\Desktop\Notepad++.lnk
2014-04-29 11:37 - 2011-02-01 14:30 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-04-28 14:51 - 2014-04-28 14:51 - 00052706 _____ () C:\Users\overallbeauty\Downloads\seo-roi-cheat-sheet.xlsx
2014-04-28 14:17 - 2014-04-28 14:14 - 00000000 ____D () C:\Users\overallbeauty\Documents\dic care niche 4-28
2014-04-25 13:20 - 2014-04-25 13:20 - 00000000 ____D () C:\Users\overallbeauty\Downloads\PanicAttacksWebsitePLR0811
2014-04-24 09:17 - 2014-04-24 09:17 - 17822566 _____ () C:\Users\overallbeauty\Downloads\im-web-graphics-pack-v2(1).zip
2014-04-24 09:17 - 2014-04-24 09:17 - 00127947 _____ () C:\Users\overallbeauty\Downloads\wp-dealpon-plugin(2).zip
2014-04-24 09:17 - 2014-04-24 09:16 - 92416796 _____ () C:\Users\overallbeauty\Downloads\HowToEditHeaderTemplates.mov(1).zip
2014-04-24 09:17 - 2014-04-24 09:16 - 62887114 _____ () C:\Users\overallbeauty\Downloads\premium-headers-pack(1).zip
2014-04-24 09:16 - 2014-04-24 09:16 - 00127947 _____ () C:\Users\overallbeauty\Downloads\wp-dealpon-plugin(1).zip
2014-04-24 09:16 - 2014-04-24 09:16 - 00012339 _____ () C:\Users\overallbeauty\Downloads\wp-auto-links(1).zip
2014-04-24 09:15 - 2014-04-24 09:15 - 02520180 _____ () C:\Users\overallbeauty\Downloads\15-ways-to-generate-traffic_full(2).zip
2014-04-24 09:14 - 2014-04-24 09:14 - 00207581 _____ () C:\Users\overallbeauty\Downloads\AzonTheme(1).zip
2014-04-24 09:14 - 2014-04-24 09:14 - 00119153 _____ () C:\Users\overallbeauty\Downloads\anti-backlinker-v0.7.2.zip
2014-04-23 08:56 - 2014-04-23 08:56 - 00070465 _____ () C:\Users\overallbeauty\Downloads\commentluv-link-cleaner-v0.9.8(1).zip

Some content of TEMP:
====================
C:\Users\overallbeauty\AppData\Local\Temp\_TinDel.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-20 09:50

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

I have waited three days for help.  :(  but I know it was over the weekend and today was a holiday. But its really bugging me. I even unstalled FireFox and removed it, all of it. I restalled FireFox with a fresh copy. Well the cdn.adnxs.com ad is still there right in the middle at the top of my browser. It just shows up. But not as often as it once did and I got the image blocked so all I see is the x to close it. I won't use Chrome because it just takes over everything, and IE has it as well. Any clue what to do next? I checked my version of Malwarebyes is 2.0.1.1004 which is two updates behind? I have that one you buy the Pro and you don't have to pay for it again.  I have had the paid version for years. Would those missing updates helped getting rid of this stupid adware or had caught it?

Link to post
Share on other sites

Hello kmms02! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
I'm sorry about waiting, but there is a lot of work around here.

Step 1

Please uninstall the following programs;

Advanced SystemCare Ultimate 7

Driver Booster

IObit Malware Fighter

IObit Uninstaller

Smart Defrag 3

Surfing Protection

Yahoo! Detect

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

I am not surpired that there is a lot of work. Even an amazing software as this one, there can always be something that needs work on.

I am about to ask a really dumb question. What do you mean by paying customer? I paid for it last year but I don't know if that means anything. My license is covered up so I can't even read it. It just says Licensed and if I delete it I will go back to the free version. And I know that there is a update for that database all most everyday. But it says I have premium 2.0.1,1004

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 5/29/2014

Scan Time: 11:05:24 AM

Logfile:

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.29.09

Rootkit Database: v2014.05.21.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: overallbeauty

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 309271

Time Elapsed: 33 min, 10 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

Files: 1

HackTool.Agent, C:\Users\Public\Documents\stuff from tinu\GoogleKeyword.zip, Quarantined, [19f62f25d2a9da5c1398186868987987],

 

Physical Sectors: 0

(No malicious items detected)

 

(end)

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by overallbeauty on Sun 06/01/2014 at  9:03:51.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mxtask2_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mxtask2_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mxtask2_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mxtask2_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\overallbeauty\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\bigfishcache"



~~~ FireFox

Successfully deleted: [File] C:\Users\overallbeauty\AppData\Roaming\mozilla\firefox\profiles\mu11qk0h.default\user.js
Successfully deleted: [File] C:\Users\overallbeauty\AppData\Roaming\mozilla\firefox\profiles\mu11qk0h.default\extensions\searchy@searchy.xpi
Successfully deleted: [Folder] C:\Users\overallbeauty\AppData\Roaming\mozilla\firefox\profiles\mu11qk0h.default\extensions\{ef522540-89f5-46b9-b6fe-1829e2b572c6}
Successfully deleted the following from C:\Users\overallbeauty\AppData\Roaming\mozilla\firefox\profiles\mu11qk0h.default\prefs.js

user_pref("CT2602837.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2602837.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2602837.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2602837.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2602837.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2602837.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2602837.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2602837.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2602837.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/995659/991378/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0c2e55e22f5cb1:eaa\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5.1", "\"07b2625f8cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634248284990000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/2010 3:54:59 PM", "634285417620000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2010 3:22:42 PM", "634339976460000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.EngineHiddenByUser", true);
user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.IsEngineShown", false);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=mcafee&p=");
user_pref("CommunityToolbar.ToolbarsList", "CT2602837,ConduitEngine");
user_pref("CommunityToolbar.ToolbarsList2", "CT2602837");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 28 2011 08:31:07 GMT-0700 (Pacific Daylight Time)");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun May 08 2011 13:46:33 GMT-0700 (Pacific Daylight Time)");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon May 09 2011 09:17:19 GMT-0700 (Pacific Daylight Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{8afd1c64-1e04-4335-a7a3-a5896106377e}");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2602837");
user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon May 02 2011 10:04:56 GMT-0700 (Pacific Daylight Time)");
user_pref("ConduitEngine.CTID", "ConduitEngine");
user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu May 05 2011 09:56:24 GMT-0700 (Pacific Daylight Time)");
user_pref("ConduitEngine.FirstServerDate", "12/21/2010 18");
user_pref("ConduitEngine.FirstTime", true);
user_pref("ConduitEngine.FirstTimeFF3", true);
user_pref("ConduitEngine.HasUserGlobalKeys", true);
user_pref("ConduitEngine.Initialize", true);
user_pref("ConduitEngine.InitializeCommonPrefs", true);
user_pref("ConduitEngine.InstalledDate", "Fri Dec 17 2010 10:56:42 GMT-0800 (Pacific Standard Time)");
user_pref("ConduitEngine.IsMulticommunity", false);
user_pref("ConduitEngine.IsOpenThankYouPage", false);
user_pref("ConduitEngine.IsOpenUninstallPage", true);
user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat May 07 2011 09:17:18 GMT-0700 (Pacific Daylight Time)");
user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri Dec 24 2010 08:58:49 GMT-0800 (Pacific Standard Time)");
user_pref("ConduitEngine.LastLogin_3.3.2.1", "Fri Mar 25 2011 17:16:05 GMT-0700 (Pacific Daylight Time)");
user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Apr 09 2011 08:38:37 GMT-0700 (Pacific Daylight Time)");
user_pref("ConduitEngine.LastLogin_3.3.5.1", "Sat May 07 2011 15:35:29 GMT-0700 (Pacific Daylight Time)");
user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
user_pref("ConduitEngine.SettingsLastCheckTime", "Sat May 07 2011 15:35:29 GMT-0700 (Pacific Daylight Time)");
user_pref("ConduitEngine.UserID", "UN54258405491916128");
user_pref("ConduitEngine.componentAlertEnabled", true);
user_pref("ConduitEngine.engineLocale", "en-US");
user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat May 07 2011 09:17:18 GMT-0700 (Pacific Daylight Time)");
user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat May 07 2011 17:44:29 GMT-0700 (Pacific Daylight Time)");
user_pref("ConduitEngine.initDone", true);
user_pref("ConduitEngine.isAppTrackingManagerOn", true);
user_pref("browser.search.defaultthis.engineName", "SuperPoke Pets Customized Web Search");
user_pref("de.soerenrinne.googlebuttons.userlist", "Mail,Maps,Reader,Web Search,Google Shortcuts Settings,Currency Converter,iGoogle,Search-based keyword tool,Traffic Estimato
user_pref("extensions.alexa.searchconf", "{\n  \"google\" : {\n     \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n     \"rankometer\" :  {\n
user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\n  <replacements>\n    <replacement>\n      <key><![CDATA[__REGION__PLACEHO
user_pref("extensions.engine@conduit.com.install-event-fired", true);
user_pref("extensions.seoquake.baidu-mode", 1);
user_pref("extensions.seoquake.params.0.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97
user_pref("extensions.seoquake.params.1.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97
user_pref("extensions.seoquake.params.108.icon", "AAABAAIAEBAAAAAAAABoBQAAJgAAACAgAAAAAAAAqAgAAI4FAAAoAAAAEAAAACAAAAABAAgAAAAAAEABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wAGgvsA63YdA
user_pref("extensions.seoquake.params.2.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97
user_pref("extensions.seoquake.params.20.icon", "AAABAAEAEBAAAAEAGABoAwAAFgAAACgAAAAQAAAAIAAAAAEAGAAAAAAAAAAAABMLAAATCwAAAAAAAAAAAAAVpv8Vpv8Vpv8Vpv8Vpv8Vpv8Vpv8Vpv8Vpv8Vpv8Vpv
user_pref("extensions.seoquake.params.3.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97
user_pref("extensions.seoquake.params.37.icon", "AAABAAEAEBAAAAAAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD///8B////Af///wHp6en/ubm5/4ODg/+JiYn/YmJi/8
user_pref("extensions.seoquake.params.370.icon", "AAABAAEAEBAAAAAAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD///8B////Af///wHp6en/ubm5/4ODg/+JiYn/YmJi/
user_pref("extensions.seoquake.params.51.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAABILAAASCwAAAAAAAAAAAACgoKB+oKCg56CgoP+goKD/oKCg/6CgoP+goKD/oKCg/6
user_pref("extensions.seoquake.webalta-mode", 1);
Emptied folder: C:\Users\overallbeauty\AppData\Roaming\mozilla\firefox\profiles\mu11qk0h.default\minidumps [122 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/01/2014 at  9:19:09.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.211 - Report created 01/06/2014 at 09:24:09
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : overallbeauty - PC1
# Running from : C:\Users\overallbeauty\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\overallbeauty\AppData\Local\PackageAware
Folder Deleted : C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Conduit
Folder Deleted : C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\ConduitEngine
Folder Deleted : C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\StumbleUpon
File Deleted : C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\Extensions\toolbar@alexa.com.xpi

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\prefs.js ]

Line Deleted : user_pref("CT2602837.CTID", "CT2602837");
Line Deleted : user_pref("CT2602837.CurrentServerDate", "2-8-2010");
Line Deleted : user_pref("CT2602837.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2602837.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"5/26/2010 3:57:43 AM\",\"SourceId\":1,\"ReferralUrl\":\"hxxp://s[...]
Line Deleted : user_pref("CT2602837.FirstServerDate", "26-5-2010");
Line Deleted : user_pref("CT2602837.FirstTime", true);
Line Deleted : user_pref("CT2602837.FirstTimeFF3", true);
Line Deleted : user_pref("CT2602837.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2602837.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2602837.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2602837.Initialize", true);
Line Deleted : user_pref("CT2602837.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2602837.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2602837.InstalledDate", "Tue May 25 2010 18:07:57 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2602837.IsGrouping", false);
Line Deleted : user_pref("CT2602837.IsMulticommunity", false);
Line Deleted : user_pref("CT2602837.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2602837.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2602837.LanguagePackLastCheckTime", "Mon Aug 02 2010 09:03:07 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2602837.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2602837.LastLogin_2.6.0.15", "Mon Aug 02 2010 13:14:52 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2602837.LatestVersion", "2.1.0.18");
Line Deleted : user_pref("CT2602837.Locale", "en");
Line Deleted : user_pref("CT2602837.LoginCache", 4);
Line Deleted : user_pref("CT2602837.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2602837.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2602837.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2602837.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2602837.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2602837.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2602837.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2602837.SearchInNewTabLastCheckTime", "Mon Aug 02 2010 09:03:05 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2602837.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2602837.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2602837.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2602837.SettingsLastCheckTime", "Mon Aug 02 2010 13:14:51 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2602837.SettingsLastUpdate", "1277519293");
Line Deleted : user_pref("CT2602837.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2602837.ThirdPartyComponentsLastCheck", "Wed Jul 28 2010 06:11:24 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2602837.ThirdPartyComponentsLastUpdate", "1277519293");
Line Deleted : user_pref("CT2602837.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2602837.UserID", "UN39316881478907641");
Line Deleted : user_pref("CT2602837.ValidationData_Search", 2);
Line Deleted : user_pref("CT2602837.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2602837.alertChannelId", "995659");
Line Deleted : user_pref("CT2602837.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2602837.myStuffEnabled", true);
Line Deleted : user_pref("CT2602837.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2602837.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/995659/991378/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0c2e55e22f5cb1:eaa\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5.1", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\n  <replacements>\n    <replacement>\n      <key><![CDATA[__REGION__PLACEHOLDER__]]></key>\n      <v[...]
Line Deleted : user_pref("extensions.enabledItems", "personas@christopher.beard:1.6.2,{dc572301-7619-498c-a57d-39143191b318}:0.3.8.5,{5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1,elemhidehelper@adblockplu[...]

-\\ Google Chrome v

[ File : C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [8927 octets] - [01/06/2014 09:21:17]
AdwCleaner[s0].txt - [8973 octets] - [01/06/2014 09:24:09]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9033 octets] ##########

Link to post
Share on other sites

I would but which one is that one? And yes it still there. IN all browers. It pops up in the middle of the browser. Not all the time but till still does. I use FireFox and it shows up when I do more than one tab opened at a time. Do you want to see it?

Link to post
Share on other sites

Thanks!

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

It took almost 23 hours to run this!

 

C:\Program Files (x86)\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\5a35a96d-678fa303 multiple threats cleaned by deleting - quarantined

C:\Users\overallbeauty\Documents\Downloads\CNET TechTracker\ccsetup321.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Documents\Downloads\CNET TechTracker\copy1-ccsetup321.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Documents\Downloads\CNET TechTracker\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Documents\paid for images\WpViralUnlimitedPackage.zip PHP/Obfuscated.F potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Documents\paid for images\WpViralUnlimitedPackage\wpviralunlimited.php PHP/Obfuscated.F potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Documents\paid for images\WpViralUnlimitedPackage\resellersite\WpViralUnlimited98.zip PHP/Obfuscated.F potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\asc-setup-v5.exe Win32/ELEX.AH potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\cbsi-3_2_5_41-10912909.exe a variant of Win32/CNETInstaller.A potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\cbsidlm-cbsi5_3_0_96-Anti_Tracks_Free_Edition-ORG-75759813(1).exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\cbsidlm-cbsi5_3_0_96-Anti_Tracks_Free_Edition-ORG-75759813.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup402(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\overallbeauty\Downloads\cnet2_Star-Watermark-Setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\defragsetup(1).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\defragsetup(2).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\defragsetup(3).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\driver_booster_setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\gb3-setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\Monitor4Pro.zip probably unknown NewHeur_PE virus deleted - quarantined

C:\Users\overallbeauty\Downloads\picpick_inst.exe Win32/InstallMonetizer.AN potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\puzzle_master_halloween_tb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\rpg-setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\sd-setup.exe Win32/ELEX.AH potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\sd2-setup220.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\smart-defrag-setup-beta.exe Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\smart-defrag-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\overallbeauty\Downloads\TuneUpInst-2.4.6.4.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

F:\2samples\2samples\Soft4Pro26Products-MRR&GAWAY.zip probably unknown NewHeur_PE virus deleted - quarantined

F:\Meta deal\25MRRresellsite.zip a variant of Generik.IWDSXQA trojan deleted - quarantined

F:\Meta deal\FunWedding-MRR.zip PHP/Obfuscated.F potentially unwanted application deleted - quarantined

F:\Meta deal\FunWedding2953.zip PHP/Obfuscated.F potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 1154.zip probably unknown NewHeur_PE virus deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 14.zip PHP/Obfuscated.F potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 144.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 2.zip Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 222.zip PHP/Obfuscated.F potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 3.zip a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 70.zip multiple threats deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 71.zip Win32/ELEX.AH potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 72.zip a variant of Win32/CNETInstaller.A potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 73.zip a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 74.zip a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 76.zip Win32/InstallMonetizer.AN potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 77.zip a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 78.zip Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-10 070512\Backup files 80.zip Win32/OpenCandy potentially unsafe application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-02-24 075618\Backup files 2.zip a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-05-04 190004\Backup files 7.zip a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-05-11 190003\Backup files 14.zip a variant of Win32/Toolbar.Widgi.A potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-05-11 190003\Backup files 19.zip probably a variant of Win32/FreeNew potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-05-11 190003\Backup files 33.zip a variant of Win64/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-05-19 104742\Backup files 1.zip a variant of Win64/Toolbar.Widgi.A potentially unwanted application deleted - quarantined

F:\PC1\Backup Set 2014-02-10 070512\Backup Files 2014-06-01 190004\Backup files 4.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

Link to post
Share on other sites

I turn off Bluhell Firewall in my FireFox browser because it blocked me from added content to sell on OpenSky.. as  you see in the image that damn thing is still there! Any ideas oh what to do now? When I have BluHell Firewall enbled all I see is the X..

post-164488-0-31356900-1402275620_thumb.

Link to post
Share on other sites

Step 1

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa
Step 2

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

i did what you asked. The file by Kaspersky is too large to be saved by any of the programs I have. I tried Word, I tried Notepad, Wordpad, Notepad plus plus (my plus key doesn't work) I can't open it to save it in any program I have. It is a 512 Mb.. I don't know what to do.. I did run the JavaRa.exe and now have no java on my browsers. It took Kaspersky to run through everything 24 hours. What do I do now? It removed 5 things

Link to post
Share on other sites

i think this is the FRIT file again but now I have no home page. BUT I did noticed that my home page didn't have just google.com it had something after it. So I think maybe my home page got jacked

 

 AdwCleaner v3.212 - Report created 11/06/2014 at 09:14:10

# Updated 05/06/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : overallbeauty - PC1

# Running from : C:\Users\overallbeauty\Downloads\AdwCleaner(1).exe

# Option : Clean

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\overallbeauty\Documents\Updater

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\overallbeauty\AppData\Roaming\Mozilla\Firefox\Profiles\mu11qk0h.default\prefs.js ]

 

-\\ Google Chrome v

 

[ File : C:\Users\overallbeauty\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

*************************

AdwCleaner[R0].txt - [8927 octets] - [01/06/2014 09:21:17]

AdwCleaner[R1].txt - [1095 octets] - [11/06/2014 08:53:30]

AdwCleaner[s0].txt - [9129 octets] - [01/06/2014 09:24:09]

AdwCleaner[s1].txt - [1019 octets] - [11/06/2014 09:14:10]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1079 octets] ##########

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.