Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: PC is slow/problems booting up/Windows Update Service missing


(!)

Xenara4evr's Avatar
Xenara4evr Xenara4evr is offline
Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2013
07-Dec-2013, 01:21 AM #1
PC is slow/problems booting up/Windows Update Service missing
Hi! I have a laptop that is having problems connecting to the internet with wireless. I can connect if I run a cable to my computer but if I try to do it wirelessly, I often can't attach. I also randomly get error messages about the hard drive not being available. The whole computer is slow and when I do get online, windows pop up from time to time.

Windows Update was disabled also. I followed the instructions from a Microsoft knowledge base article to try and enable it and instructions I found at bleepingcomputer.com.

My antivirus program has found a bunch of stuff and fixed some. It said it needed to reboot and when Windows came up, there were some strange errors.

Gamer wouldn't run. I attached a screen print of what it kept doing.

I really appreciate your help!! Thank you!!










***************************************************************************
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:28:20 PM, on 12/6/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16514)
Boot mode: Normal

Running processes:
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files (x86)\SelectRebates\SelectRebates.exe
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\McUICnt.exe
C:\Users\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^YK^xdm132^YY^us&ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: CrossriderApp0021802 - {11111111-1111-1111-1111-110211181102} - C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll
O2 - BHO: CrossriderApp0043628 - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Swift Browse - {808dc83c-d35b-4fba-a5b5-9a52103204df} - C:\Program Files (x86)\Swift Browse\SwiftBrowsebho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Toolbar BHO - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\PROGRA~2\TOTALR~2\bar\1.bin\14bar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Search Assistant BHO - {df22384f-cf68-4d19-969f-10423715528b} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [BrStsWnd] "C:\Program Files (x86)\Brownie\BrstsW64.exe" Autorun
O4 - HKLM\..\Run: [Brdefprn] "C:\Program Files (x86)\Brother\BRHL2140\Brdefprn.exe" -d
O4 - HKLM\..\Run: [SelectRebates] "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
O4 - HKLM\..\Run: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Rand McNally Dock.lnk = C:\Program Files (x86)\Rand McNally\RNDDock\StartupLauncher.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Sprint Con App Svc (CASprint) - SmithMicro Inc. - C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9d111e1fecef4) (gupdate1c9d111e1fecef4) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: Intel(R) Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: TotalRecipeSearchService (TotalRecipeSearch_14Service) - COMPANYVERS_NAME - C:\PROGRA~2\TOTALR~2\bar\1.bin\14barsvc.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Swift Browse - Swift Browse - C:\Program Files (x86)\Swift Browse\updateSwiftBrowse.exe
O23 - Service: Util Swift Browse - Unknown owner - C:\Program Files (x86)\Swift Browse\bin\utilSwiftBrowse.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareReso urceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 17663 bytes
*************************************************************************** ******
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16514
Run by Owner at 23:30:00 on 2013-12-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2057 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Brownie\BrStsW64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\SelectRebates\SelectRebates.exe
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\TOTALR~2\bar\1.bin\14barsvc.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Swift Browse\updateSwiftBrowse.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\Swift Browse\bin\utilSwiftBrowse.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\McUICnt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^YK^xdm132^YY^us&ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uURLSearchHooks: <No Name>: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
mWinlogon: Userinit = userinit.exe
BHO: MRI_DISABLED - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Shopping Sidekick Plugin: {11111111-1111-1111-1111-110211181102} - C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll
BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
BHO: Swift Browse: {808dc83c-d35b-4fba-a5b5-9a52103204df} - C:\Program Files (x86)\Swift Browse\SwiftBrowsebho.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Toolbar BHO: {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Search Assistant BHO: {df22384f-cf68-4d19-969f-10423715528b} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: TotalRecipeSearch: {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
mRun: [BrStsWnd] "C:\Program Files (x86)\Brownie\BrstsW64.exe" Autorun
mRun: [Brdefprn] "C:\Program Files (x86)\Brother\BRHL2140\Brdefprn.exe" -d
mRun: [SelectRebates] "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRun: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h
mRun: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RANDMC~1.LNK - C:\Program Files (x86)\Rand McNally\RNDDock\StartupLauncher.bat
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{396C12D6-B356-4440-B13C-4728B44C595B} : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{5D6A367D-10D3-445C-89F4-69969BE534DF} : DHCPNameServer = 68.28.137.132 68.28.138.132 8.8.8.8
TCP: Interfaces\{C1121A84-3E64-4076-93C4-3FECC133764B} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
x64-BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: DfLogon - LogonDll.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0&n=77fc1d71&p2=^YK^xdm132^YY^us
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0&n=77fc1d71&ind=2013011313&p2=^YK^xdm132^YY^us&searchfor=
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - ExtSQL: 2013-10-22 17:04; firefox@swiftbrowse.net; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\firefox@swiftbrowse.net.xpi
FF - ExtSQL: 2013-11-14 14:46; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.7
FF - ExtSQL: !HIDDEN! 2013-01-03 15:06; 14ffxtbr@TotalRecipeSearch_14.com; C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-9 55024]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-11-1 46368]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-1-11 82944]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-4-23 141344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-24 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-24 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-24 171416]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 TotalRecipeSearch_14Service;TotalRecipeSearchService;C:\PROGRA~2\TOTALR~2\b ar\1.bin\14barsvc.exe [2013-1-3 42504]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-9 104960]
R2 Update Swift Browse;Update Swift Browse;C:\Program Files (x86)\Swift Browse\updateSwiftBrowse.exe [2013-10-22 65312]
R2 Util Swift Browse;Util Swift Browse;C:\Program Files (x86)\Swift Browse\bin\utilSwiftBrowse.exe [2013-11-24 66336]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-4-23 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-1-14 5184872]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-11-1 1734680]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-20 27648]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-5-9 19968]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-4-23 126464]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-29 4745216]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-4-23 11392]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-4-23 403968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9d111e1fecef4;Google Update Service (gupdate1c9d111e1fecef4);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-9 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2010-3-26 359040]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2010-3-26 62976]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-4-23 36392]
S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-7-28 124224]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-4-23 300032]
S3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;C:\Windows\System32\drivers\DIFMBUS.sys [2010-4-28 69960]
S3 DIFMCVsp;Franklin EVDO USB Modem CM Port;C:\Windows\System32\drivers\DIFMCVsp.sys [2010-4-28 181320]
S3 DIFMMdm;Franklin EVDO USB Modem;C:\Windows\System32\drivers\DIFMMdm.sys [2010-4-28 181320]
S3 DIFMNET;Franklin EVDO USB Modem Network Adapter;C:\Windows\System32\drivers\DIFMNET.sys [2010-5-4 123976]
S3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;C:\Windows\System32\drivers\DIFMNVsp.sys [2010-4-28 181320]
S3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;C:\Windows\System32\drivers\DIFMVsp.sys [2010-4-28 181320]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2009-9-15 41280]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-7-28 43032]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-10-5 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-5-9 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-5-9 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-5-9 390440]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-5-9 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-5-9 91432]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-9 394536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-9 110376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0 400.exe [2013-7-20 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-7 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-11-25 03:05:48 1242562 ----a-w- C:\CAT.exe
2013-11-07 21:00:54 82896128 ----a-w- C:\Windows\System32\mrt.exe
2013-11-01 18:06:11 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-09-26 02:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-09-22 15:43:54 17833984 ----a-w- C:\Windows\System32\mshtml.dll
2013-09-22 15:01:48 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-09-22 14:42:33 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 14:36:01 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-09-22 14:33:53 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 14:33:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-09-22 14:30:37 237056 ----a-w- C:\Windows\System32\url.dll
2013-09-22 14:27:05 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-09-22 14:23:30 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-09-22 14:22:05 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-09-22 14:21:21 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-09-22 14:19:35 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-09-22 14:19:20 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-09-22 14:16:32 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-09-22 14:15:47 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-22 14:07:22 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-09-22 10:29:45 12336128 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-09-22 10:22:59 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 10:22:17 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-09-22 10:14:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-09-22 10:13:42 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-09-22 10:13:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 10:12:32 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-09-22 10:09:55 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-09-22 10:08:41 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-09-22 10:07:38 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-09-22 10:06:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-09-22 10:05:42 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-09-22 10:03:54 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-09-22 10:03:33 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-09-22 10:03:18 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-22 09:59:06 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-09-20 15:49:34 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-09-09 03:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2009-02-02 03:26:00 597504 ----a-w- C:\Program Files\bidwhist.exe
.
============= FINISH: 23:30:38.42 ===============
*************************************************************************** ********
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/9/2009 2:34:55 AM
System Uptime: 12/6/2013 10:23:26 PM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | N/A | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 85.903 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0127
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0127
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
AVG 2014
AVG SafeGuard toolbar
BidWhist
Bonjour
Brother HL-2140
Choice Guard
Click to Disc
Click to Disc Editor
Dragon NaturallySpeaking 11
DVDFab 8.1.3.8 (09/12/2011) Qt
FileExtensionFinder
Flixster
Geek Squad 24 Hour Computer Support
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
InterActual Player
iTunes
Java(TM) SE Runtime Environment 6
Junk Mail filter update
Masque IGT Slots Texas Tea
Mavis Beacon Teaches Typing Deluxe 17
McAfee Security Scan
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
OpenMG Secure Module 5.3.00
ParetoLogic DriverCure
Primo
QuickBooks Financial Center
QuickTime
Rand McNally Dock
Realtek High Definition Audio Driver
Reel Deal Casino Shuffle Master Edition
Reel Deal Slots 1.0
Reel Deal Slots Adventure
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Setting Utility Series
ShopAtHome.com Toolbar
Shopping Sidekick Plugin
Skype Click to Call
Skype™ 5.10
SmartWi Connection Utility
Sony Home Network Library
Sony Picture Utility
Sony Video Shared Library
Splashtop
Sprint SmartView
Spybot - Search & Destroy
Swift Browse 1.0.0
TotalRecipeSearch Toolbar
Ultimate Bid Whist
Ultimate Bid Whist (C:\Program Files (x86)\Ultimate Bid Whist\)
Ultimate Bid Whist (c:\Program Files\)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VAIO Care
VAIO Content Folder Setting
VAIO Content Folder Watcher
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Startup Assistant
VAIO Survey
VAIO Update 4
VAIO Wallpaper Contents
VD64Inst
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
weDownload Manager Pro
WIDCOMM Bluetooth Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinDVD for VAIO
.
==== End Of File ===========================
*************************************************************************** ********
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Xenara4evr's Avatar
Xenara4evr Xenara4evr is offline
Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2013
08-Dec-2013, 02:29 PM #2
Bump! I'm not sure if this is how I'm supposed to do this or not.

Xenara
TechieRanger's Avatar
TechieRanger   (Richard) TechieRanger is online now TechieRanger is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 471 posts.
 
Join Date: Nov 2012
Experience: Intermediate
08-Dec-2013, 08:21 PM #3
Hi, and welcome to our malware removal forum!

My name is Richard and I'll be happy to help you with your computer problems.

Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.

Please note the following:
  • The cleaning process is not instant as logs can take time to research. Sit tight and please be patient.
  • I will be working on your malware issues. This may or may not solve other issues you may have with your system.
  • While we are fixing your problems, do NOT install/re-install any programs or run any fixes or scanners unless told to do so.
  • Ensure that your anti-virus definitions are up-to-date.
  • I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
  • Do not back up any Applications (programs). These should be re-installed from the original source CD(s) or website(s).
  • During the course of our cleanup, please do not do any additional online work or surfing until we have verified that your system is clean.
  • I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
  • Be sure to follow the directions and run tools/scans in the order listed.
I will return as soon as possible with more instructions.



Regards,

Richard
TechieRanger's Avatar
TechieRanger   (Richard) TechieRanger is online now TechieRanger is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 471 posts.
 
Join Date: Nov 2012
Experience: Intermediate
10-Dec-2013, 06:24 PM #4
Please download aswMBR.exe and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. If you use Windows Vista or 7, right click and choose 'Run as Administrator'.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the Desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
In your next reply, please provide the following:

  • aswMBR log.


Regards,

Richard
Xenara4evr's Avatar
Xenara4evr Xenara4evr is offline
Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2013
11-Dec-2013, 11:32 PM #5
Hi Richard,

Thanks for helping me!! I ran the scan as requested; however, it did not generate a MBR.DAT file. I searched the whole PC and showed system and hidden files but I still can't find it. Here's the logfile you requested.

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-11 23:13:07
-----------------------------
23:13:07.243 OS Version: Windows x64 6.0.6002 Service Pack 2
23:13:07.243 Number of processors: 2 586 0x170A
23:13:07.243 ComputerName: ARYFV17JPRH UserName: Owner
23:13:09.833 Initialize success
23:20:32.951 AVAST engine defs: 13121101
23:23:10.947 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


Thank you........Shonda
TechieRanger's Avatar
TechieRanger   (Richard) TechieRanger is online now TechieRanger is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 471 posts.
 
Join Date: Nov 2012
Experience: Intermediate
14-Dec-2013, 02:31 PM #6
I think the aswMBR log was saved too early. Please be patient as this scan can take a while to complete.

Please rerun aswMBR.exe.
  • Click Scan. Please be patient as this can take a while to complete.
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the Desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

In your next reply, please provide the following:
  • aswMBR log.



Regards,

Richard
Xenara4evr's Avatar
Xenara4evr Xenara4evr is offline
Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2013
15-Dec-2013, 11:56 PM #7
Hi Richard,

I ran another scan. Here's the results:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-11 23:13:07
-----------------------------
23:13:07.243 OS Version: Windows x64 6.0.6002 Service Pack 2
23:13:07.243 Number of processors: 2 586 0x170A
23:13:07.243 ComputerName: ARYFV17JPRH UserName: Owner
23:13:09.833 Initialize success
23:20:32.951 AVAST engine defs: 13121101
23:23:10.947 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-15 22:09:40
-----------------------------
22:09:40.199 OS Version: Windows x64 6.0.6002 Service Pack 2
22:09:40.200 Number of processors: 2 586 0x170A
22:09:40.200 ComputerName: ARYFV17JPRH UserName: Owner
22:09:42.397 Initialize success
22:16:29.225 AVAST engine defs: 13121501
22:17:42.769 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:17:42.772 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
22:17:42.775 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000066
22:17:42.779 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
22:17:42.782 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000067
22:17:42.786 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
22:17:43.387 Disk 0 MBR read successfully
22:17:43.393 Disk 0 MBR scan
22:17:43.429 Disk 0 Windows VISTA default MBR code
22:17:43.478 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10060 MB offset 2048
22:17:43.525 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295183 MB offset 20604928
22:17:43.884 Disk 0 scanning C:\Windows\system32\drivers
22:18:33.446 Service scanning
22:20:18.886 Service ?etadpug C:\Program Files (x86)\Google\Desktop\Install\{a0c14a11-bdbd-ba96-c775-62599764d9c7}\ **HIDDEN**
22:20:19.505 Modules scanning
22:20:19.509 Disk 0 trace - called modules:
22:20:19.575 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
22:20:19.584 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058af060]
22:20:19.589 3 CLASSPNP.SYS[fffffa6000fccc33] -> nt!IofCallDriver -> [0xfffffa8004ba7820]
22:20:19.595 5 acpi.sys[fffffa60008ddfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bf4050]
22:20:22.305 AVAST engine scan C:\Windows
22:20:42.307 AVAST engine scan C:\Windows\system32
22:33:03.697 AVAST engine scan C:\Windows\system32\drivers
22:33:30.906 AVAST engine scan C:\Users\Owner
22:43:15.419 File: C:\Users\Owner\AppData\Local\Temp\Low\abc.cfg **INFECTED** Win32:Malware-gen
22:54:05.826 AVAST engine scan C:\ProgramData
22:58:32.035 Scan finished successfully
23:12:29.840 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
23:12:29.846 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

I can't get the dat file to compress and I'm trying to attach it.

Shonda
Xenara4evr's Avatar
Xenara4evr Xenara4evr is offline
Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2013
15-Dec-2013, 11:58 PM #8
Here's the compressed file.

Shonda
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
TechieRanger's Avatar
TechieRanger   (Richard) TechieRanger is online now TechieRanger is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 471 posts.
 
Join Date: Nov 2012
Experience: Intermediate
16-Dec-2013, 07:20 PM #9

You're infected with ZeroAccess, a nasty rootkit infection that has backdoor functionality.

This allows hackers to remotely control your computer, steal critical system information and download and execute files. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

COMBOFIX
---------------
Please download ComboFix from one of the following locations:
  • Location #1
  • Location #2
    ***IMPORTANT!!! Save ComboFix.exe to your Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Windows Vista/Windows 7, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a Congratulations!!! message.

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

WARNING: ComboFix will disconnect your machine from the Internet as soon as it starts.

  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no internet connection after running ComboFix, then restart your computer to restore back your connection.
In your next reply, please provide the following:
  • ComboFix log.
  • Update on how your PC is running.

Regards,

Richard
Xenara4evr's Avatar
Xenara4evr Xenara4evr is offline
Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2013
17-Dec-2013, 11:10 PM #10
Hi Richard,

Here's the log. The computer is really sluggish and the browser appears to be controlled by MyWebSearch. There's a bunch of pop-ups, including one from McAfee. Mozilla also opens numerous windows and says to Update the Browser. It says I'm using Firefox 12. The website it goes to is: www.update-browser.org/Firefox.

Thanks.....Shonda

ComboFix 13-12-17.02 - Owner 12/17/2013 21:39:21.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2332 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{a0c14a11-bdbd-ba96-c775-62599764d9c7}\0103~1\7154~1\CFFE~1\{a0c14a11-bdbd-ba96-c775-62599764d9c7}\L\00000004.@
c:\program files (x86)\Google\Desktop\Install\{a0c14a11-bdbd-ba96-c775-62599764d9c7}\0103~1\7154~1\CFFE~1\{a0c14a11-bdbd-ba96-c775-62599764d9c7}\L\201d3dde
c:\program files (x86)\Google\Desktop\Install\{a0c14a11-bdbd-ba96-c775-62599764d9c7}\0103~1\7154~1\CFFE~1\{a0c14a11-bdbd-ba96-c775-62599764d9c7}\L\6715e287
c:\program files (x86)\Google\Desktop\Install\{a0c14a11-bdbd-ba96-c775-62599764d9c7}\0103~1\7154~1\CFFE~1\{a0c14a11-bdbd-ba96-c775-62599764d9c7}\L\76603ac3
c:\program files (x86)\SelectRebates
c:\program files (x86)\SelectRebates\FFToolbar\chrome.manifest
c:\program files (x86)\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files (x86)\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files (x86)\SelectRebates\FFToolbar\install.rdf
c:\program files (x86)\SelectRebates\SahImages\alert.png
c:\program files (x86)\SelectRebates\SahImages\check.png
c:\program files (x86)\SelectRebates\SahImages\close.png
c:\program files (x86)\SelectRebates\SelectAlerts.dat
c:\program files (x86)\SelectRebates\SelectRebates.exe
c:\program files (x86)\SelectRebates\SelectRebates.ini
c:\program files (x86)\SelectRebates\SelectRebatesA.dat
c:\program files (x86)\SelectRebates\SelectRebatesApi.exe
c:\program files (x86)\SelectRebates\SelectRebatesB.dat
c:\program files (x86)\SelectRebates\SelectRebatesBT.dat
c:\program files (x86)\SelectRebates\SelectRebatesDownload.exe
c:\program files (x86)\SelectRebates\SelectRebatesH.dat
c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
c:\program files (x86)\SelectRebates\SelectRebatesW.ini
c:\program files (x86)\SelectRebates\SRebates.dll
c:\program files (x86)\SelectRebates\SRFF3.dll
c:\program files (x86)\SelectRebates\Toolbar\AddtoList.bmp
c:\program files (x86)\SelectRebates\Toolbar\basis.xml
c:\program files (x86)\SelectRebates\Toolbar\Basis.xml.dym
c:\program files (x86)\SelectRebates\Toolbar\Blank.bmp
c:\program files (x86)\SelectRebates\Toolbar\CashBack.bmp
c:\program files (x86)\SelectRebates\Toolbar\Coupons.bmp
c:\program files (x86)\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files (x86)\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files (x86)\SelectRebates\Toolbar\icons.bmp
c:\program files (x86)\SelectRebates\Toolbar\logo.bmp
c:\program files (x86)\SelectRebates\Toolbar\logo_24.bmp
c:\program files (x86)\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files (x86)\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files (x86)\SelectRebates\Toolbar\RightControls.dym
c:\program files (x86)\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files (x86)\SelectRebates\Toolbar\Scissors.bmp
c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\program files (x86)\Shopping Sidekick Plugin\ShOPping sidekick plugin.dll
c:\program files (x86)\TotalRecipeSearch_14
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14brstub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14datact.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dyn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14highin.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14httpct.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14idle.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14impipe.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14medint.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14msg.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14radio.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regfft.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14reghk.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regiet.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14script.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14sknlcr.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skplay.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\BOOTSTRAP.JS
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CREXT.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CrExtP14.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\installKeys.js
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8EXTEX.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8EXTPEX.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8HTML.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8TICKER.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\gen1\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Settings\s_pid.dat
c:\program files (x86)\weDownload Manager Pro\weDOwnload manager pro-bho.dll
c:\programdata\Roaming
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlopielgodpjhkbapdlbbicpiefpaack_0.localstorage-journal
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlopielgodpjhkbapdlbbicpiefpaack_0.localstorage
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TotalRecipeSearch_14Service
.
.
((((((((((((((((((((((((( Files Created from 2013-11-18 to 2013-12-18 )))))))))))))))))))))))))))))))
.
.
2013-12-18 02:51 . 2013-12-18 02:55 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-12-18 02:51 . 2013-12-18 02:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-18 02:51 . 2013-12-18 02:51 -------- d-----w- c:\users\Experience\AppData\Local\temp
2013-12-12 04:23 . 2013-10-11 04:23 462848 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-12-12 04:23 . 2013-10-11 04:23 781824 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-12-12 04:23 . 2013-10-11 02:07 596480 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-12-12 04:23 . 2013-10-30 02:10 2776064 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 04:22 . 2013-10-03 15:02 1278976 ----a-w- c:\windows\system32\crypt32.dll
2013-12-12 04:22 . 2013-10-03 12:45 993792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-12-12 04:12 . 2013-10-30 04:34 374784 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 04:12 . 2013-10-30 03:55 122368 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 04:12 . 2013-10-30 02:33 218112 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 02:47 . 2013-12-12 02:47 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-11-25 03:40 . 2013-11-25 03:40 -------- d-----w- C:\03dd1c58bf219cf3613ef9ad
2013-11-25 03:30 . 2013-12-18 02:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-11-25 03:30 . 2013-12-18 02:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-11-25 03:10 . 2013-12-12 08:08 -------- d-----w- c:\windows\system32\catroot2
2013-11-25 03:10 . 2013-11-25 03:10 -------- d-----w- C:\CAT-Logs
2013-11-25 03:09 . 2013-11-25 03:05 1242562 ----a-w- C:\CAT.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 17:48 . 2013-11-13 17:48 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-07 21:00 . 2006-11-02 12:35 82896128 ----a-w- c:\windows\system32\mrt.exe
2013-11-06 02:55 . 2013-11-06 02:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-05 02:52 . 2013-11-05 02:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-01 18:06 . 2013-11-01 18:06 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-01 04:00 . 2013-11-01 04:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-11-01 03:49 . 2013-11-01 03:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-30 04:34 . 2008-01-21 02:46 1386496 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-25 03:25 . 2013-10-25 03:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-01 05:52 . 2013-10-01 05:52 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-09-30 20:44 . 2013-09-30 20:44 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\M icrosoft.MediaCenter.Sports.UI.dll
2013-09-30 20:43 . 2013-09-30 20:43 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2013-09-30 20:43 . 2013-09-30 20:43 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-02-02 03:26 . 2009-10-03 17:25 597504 ----a-w- c:\program files\bidwhist.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{808dc83c-d35b-4fba-a5b5-9a52103204df}]
2013-10-22 21:04 249632 ----a-w- c:\program files (x86)\Swift Browse\SwiftBrowseBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
"AVG-Secure-Search-Update_1013b"="c:\program files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe" [2013-12-16 2163224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2009-03-06 77824]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2010-07-28 75072]
"RDVCHG"="c:\program files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [2010-07-28 316736]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-09-18 967168]
"Brdefprn"="c:\program files (x86)\Brother\BRHL2140\Brdefprn.exe" [2007-11-05 40960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-12-16 2471448]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-2 1076264]
McAfee Security Scan.lnk - c:\program files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Rand McNally Dock.lnk - c:\program files (x86)\Rand McNally\RNDDock\StartupLauncher.bat [2013-9-17 25]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSv c]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrationReminder]
2009-04-14 18:38 2054448 ----a-w- c:\program files\Sony\First Experience\OOBEFcdRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-23 20:59 77824 ----a-w- c:\program files (x86)\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2008-06-26 21:42 16384 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2008-07-25 18:21 385024 ----a-w- c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-12 03:56 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-18 c:\windows\Tasks\AVG-Secure-Search-Update_1013b_rel.job
- c:\program files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe [2013-12-16 02:54]
.
2013-12-18 c:\windows\Tasks\AVG-Secure-Search-Update_1013b_rmv.job
- c:\program files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe [2013-12-16 02:54]
.
2013-12-18 c:\windows\Tasks\DriverCure.job
- c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-10 01:51]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-10 01:51]
.
2013-12-18 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2013-12-18 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2013-12-16 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2013-12-18 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-29 18:43]
.
2013-12-18 c:\windows\Tasks\weDownload Manager Pro-chromeinstaller.job
- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe [2013-11-01 18:10]
.
2013-12-18 c:\windows\Tasks\weDownload Manager Pro-codedownloader.job
- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe [2013-11-01 18:11]
.
2013-12-18 c:\windows\Tasks\weDownload Manager Pro-enabler.job
- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe [2013-11-01 18:11]
.
2013-12-18 c:\windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe [2013-11-01 18:11]
.
2013-12-18 c:\windows\Tasks\weDownload Manager Pro-updater.job
- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe [2013-11-01 18:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-13 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-13 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-13 202264]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^YK^xdm132^YY^us&ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0&n=77fc1d71&p2=^YK^xdm132^YY^us
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0&n=77fc1d71&ind=2013011313&p2=^YK^xdm132^YY^us&searchfor=
FF - ExtSQL: 2013-10-22 17:04; firefox@swiftbrowse.net; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\firefox@swiftbrowse.net.xpi
FF - ExtSQL: 2013-11-14 14:46; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\17.0.0.7
FF - ExtSQL: !HIDDEN! 2013-01-03 15:06; 14ffxtbr@TotalRecipeSearch_14.com; c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110211181102} - c:\program files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll
BHO-{11111111-1111-1111-1111-110411361128} - c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
BHO-{ab56dfde-0c14-45b3-9df6-7b0eba617870} - c:\progra~2\TOTALR~2\bar\1.bin\14bar.dll
BHO-{df22384f-cf68-4d19-969f-10423715528b} - c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
BHO-{E8DAAA30-6CAA-4b58-9603-8E54238219E2} - c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
Toolbar-{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
Toolbar-{a0154e07-2b48-475c-a82a-80efd84ea33e} - c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKCU-Run-Weather - c:\program files (x86)\AWS\WeatherBug\Weather.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-SelectRebates - c:\program files (x86)\SelectRebates\SelectRebates.exe
Wow6432Node-HKLM-Run-TotalRecipeSearch Search Scope Monitor - c:\progra~2\TOTALR~2\bar\1.bin\14srchmn.exe
Wow6432Node-HKLM-Run-TotalRecipeSearch_14 Browser Plugin Loader - c:\progra~2\TOTALR~2\bar\1.bin\14brmon.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Reel Deal Slots_is1 - c:\program files (x86)\Reel Deal Slots\unins000.exe
AddRemove-SelectRebatesUninstall - c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
AddRemove-BidWhist - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe
c:\program files (x86)\Common Files\Nuance\dgnsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
c:\program files (x86)\Swift Browse\updateSwiftBrowse.exe
c:\program files (x86)\Swift Browse\bin\utilSwiftBrowse.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files (x86)\Brownie\brpjp04a.exe
c:\program files (x86)\Brownie\brpjp04a.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\CCP.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
c:\program files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
.
**************************************************************************
.
Completion time: 2013-12-17 22:01:48 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-18 03:01
.
Pre-Run: 98,580,541,440 bytes free
Post-Run: 99,242,328,064 bytes free
.
- - End Of File - - C41474D2FC57EAD0511AFAA5B8B50BF5
5C616939100B85E558DA92B899A0FC36
TechieRanger's Avatar
TechieRanger   (Richard) TechieRanger is online now TechieRanger is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 471 posts.
 
Join Date: Nov 2012
Experience: Intermediate
19-Dec-2013, 03:35 PM #11
Quote:
The computer is really sluggish and the browser appears to be controlled by MyWebSearch. There's a bunch of pop-ups, including one from McAfee. Mozilla also opens numerous windows and says to Update the Browser.
Please do not download anything.

Only download and install Firefox from the Mozilla servers. We will update it later.

CFSCRIPT
---------------
  • Please open Notepad and copy/paste the text present inside the code box into the notepad:
    Code:
    File:: 
    C:\Users\Owner\AppData\Local\Temp\Low\abc.cfg 
    c:\windows\Tasks\weDownload Manager Pro-chromeinstaller.job 
    c:\windows\Tasks\weDownload Manager Pro-codedownloader.job 
    c:\windows\Tasks\weDownload Manager Pro-enabler.job 
    c:\windows\Tasks\weDownload Manager Pro-firefoxinstaller.job 
    c:\windows\Tasks\weDownload Manager Pro-updater.job 
     
    Folder:: 
    c:\program files (x86)\weDownload Manager Pro 
     
    Firefox:: 
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ 
    FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0&n=77fc1d71&p2=^YK^xdm132^YY^us 
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0&n=77fc1d71&ind=2013011313&p2=^YK^xdm132^YY^us&searchfor= 
    FF - ExtSQL: 2013-10-22 17:04; firefox@swiftbrowse.net; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\firefox@swiftbrowse.net.xpi 
    FF - ExtSQL: !HIDDEN! 2013-01-03 15:06; 14ffxtbr@TotalRecipeSearch_14.com; c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin 
     
    DDS:: 
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^YK^xdm132^YY^us&ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0 
     
    DirLook:: 
    C:\03dd1c58bf219cf3613ef9ad 
     
    ClearJavaCache::
  • Save this as CFScript.txt and change the 'Save as type' to 'All Files' and place it on your Desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
=
Next

ADWCLEANER
----------------------------
Download AdwCleaner from here and save it to your desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Next

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

In your next reply, please provide the following:
  • ComboFix log.
  • AdwCleaner log.
  • JRT.txt
  • Update on how your PC is running.


Regards,

Richard
Xenara4evr's Avatar
Xenara4evr Xenara4evr is offline
Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2013
21-Dec-2013, 10:58 PM #12
Hi Richard,

I'm still getting a lot of popups from AVG, DriverCure, Mozilla Firefox and something called SpySubtract popped up several times. I can't go to websites because it will say "The connection was reset." I'm also seeing websearch. If I reboot, I can get online for a few minutes then it goes back to "The connection was reset." vToolbar is also popping up. So is McAfee, as is something called Software Manager. Here's the logs you wanted:

COMBOFIX

ComboFix 13-12-17.02 - Owner 12/20/2013 22:52:05.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2209 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Owner\AppData\Local\Temp\Low\abc.cfg"
"c:\windows\Tasks\weDownload Manager Pro-chromeinstaller.job"
"c:\windows\Tasks\weDownload Manager Pro-codedownloader.job"
"c:\windows\Tasks\weDownload Manager Pro-enabler.job"
"c:\windows\Tasks\weDownload Manager Pro-firefoxinstaller.job"
"c:\windows\Tasks\weDownload Manager Pro-updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\weDownload Manager Pro
c:\program files (x86)\weDownload Manager Pro\43628.crx
c:\program files (x86)\weDownload Manager Pro\43628.xpi
c:\program files (x86)\weDownload Manager Pro\background.html
c:\program files (x86)\weDownload Manager Pro\Installer.log
c:\program files (x86)\weDownload Manager Pro\Uninstall.exe
c:\program files (x86)\weDownload Manager Pro\utils.exe
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-bg.exe
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil.dll
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil.exe
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil64.dll
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil64.exe
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-helper.exe
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro.ico
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dlopielgodpjhkbapdlbbicpiefpaack_0
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dlopielgodpjhkbapdlbbicpiefpaack_0\3
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dlopielgodpjhkbapdlbbicpiefpaack_0\4
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\backgrou nd.html
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\crossrid erManifest.json
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\icons\ac tions\1.png
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\icons\ic on128.png
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\icons\ic on16.png
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\icons\ic on48.png
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\api\c hrome.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\api\c ookie.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\api\m essage.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\backg round.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\a pp_api.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\a sync_api.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\b g_app_api.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\c ookie_store.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\d ata_store.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\d elegate.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\e vents.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\l ogging.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\o nBGDocumentLoad.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\r eports.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\u til.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\js\lib\x hr.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\manifest .json
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.23.46_0\popup.ht ml
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\backgrou nd.html
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\crossrid erManifest.json
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\manifest.xml
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins.json
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\1_base.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\101_cortica_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\102_dealply_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\103_intext_5_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\104_jollywallet_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\105_corticas_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\107_coupish_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\108_icm_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\116_ads_only_5_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\119_similar_web_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\120_luck_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\123_intext_adv_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\125_arcadi2_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\126_revizer_ws_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\127_revizer_p_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\128_superfish_pricora_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\129_widdit_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\13_CrossriderAppUtils.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\135_arcadi3_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\138_getdeal_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\14_CrossriderUtils.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\141_corticas_ru_m.js.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\142_intext_fa_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\155_ibario_pops_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\159_cortica_rollover_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\17_jQuery.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\170_icm1_5_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\171_arcadi2_sourceID_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\175_coolmirage_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\19_CHAppAPIWrapper.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\21_debug.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\22_resources.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\28_initializer.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\4_jquery_1_7_1.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\47_resources_background.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\5_notifications.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\64_appApiMessage.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\7_hooks.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\72_appApiValidation.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\78_CrossriderInfo.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\80_CHPopupAppAPI.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\87_ginyas_wrapper.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\9_search_engine_hook.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\91_monetizationLoader.js.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\92_superfish_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\93_superfish_no_coupons_m.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\plugins\97_resourceApiWrapper.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\userCode\background.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\extensio nData\userCode\extension.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\icons\ac tions\1.png
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\icons\ic on128.png
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\icons\ic on16.png
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\icons\ic on48.png
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\api\c hrome.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\api\c ookie.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\api\m essage.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\api\p ageAction.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\api\p ageActionBG.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\backg round.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\a pp_api.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\b g_app_api.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\c onsts.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\c ookie_store.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\c rossriderAPI.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\d elegate.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\e vents.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\e xtensionDataStore.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\i nstaller.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\l ogFile.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\l ogging.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\o nBGDocumentLoad.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\p opupResource\newPopup.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\p opupResource\popup.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\r eports.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\s torageWrapper.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\u pdateManager.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\u til.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\lib\x hr.js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\js\main. js
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\manifest .json
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.18_0\popup.ht ml
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\asyncDB.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\background.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\browserAction.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\contextMenu.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dbManager.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dom_bg.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\fileManager.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefox.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxNotifications.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxOmnibox.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\message.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\pageAction.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\request.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\tabs.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\webRequest.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\background.html
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\baseObject.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\browser.xul
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\console.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\consts.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\delegate.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\extensionDataStore.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\folderIOWrapper.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\httpObserver.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\IDBWrapper.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\installer.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\logFile.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\prefs.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\progressListenerObserver.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\registry.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reloadObserver.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reports.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\requestObject.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\searchSettings.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\uninstallObserver.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\updateManager.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\utils.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\xhr.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\dialog.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\main.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.xul
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\search_dialog.xul
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\defaults\preferences\prefs.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\manifest.xml
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins.json
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\1_base.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\101_cortica_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\102_dealply_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\103_intext_5_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\105_corticas_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\107_coupish_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\108_icm_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\116_ads_only_5_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\119_similar_web_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\120_luck_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\124_superfish_no_search_no_coupons_m .js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\129_widdit_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\138_getdeal_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\17_jQuery.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\170_icm1_5_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\182_openUrl.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\189_active_sanity.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\190_pops_5_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\197_kreapixel_pops_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\198_superfish_no_search_no_coupons_p lushd_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\200_foxydeal_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\204_pricedetect_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\21_debug.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\22_resources.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\28_initializer.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\47_resources_background.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\5_notifications.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\64_appApiMessage.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\7_hooks.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\72_appApiValidation.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\79_CrossriderDailyPing.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\92_superfish_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\98_omniCommands.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\background.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\extension.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\install.rdf
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\locale\en-US\translations.dtd
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button1.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button2.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button3.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button4.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button5.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\crossrider_statusbar.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon128.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon16.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon24.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon48.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\panelarrow-up.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\popup.html
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\skin.css
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\update.css
c:\windows\Tasks\weDownload Manager Pro-chromeinstaller.job
c:\windows\Tasks\weDownload Manager Pro-codedownloader.job
c:\windows\Tasks\weDownload Manager Pro-enabler.job
c:\windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
c:\windows\Tasks\weDownload Manager Pro-updater.job
.
.
((((((((((((((((((((((((( Files Created from 2013-11-21 to 2013-12-21 )))))))))))))))))))))))))))))))
.
.
2013-12-21 04:05 . 2013-12-21 04:05 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-12-21 04:05 . 2013-12-21 04:05 -------- d-----w- c:\users\Experience\AppData\Local\temp
2013-12-21 04:05 . 2013-12-21 04:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-21 03:45 . 2013-12-21 03:45 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\M icrosoft.MediaCenter.Sports.UI.dll
2013-12-12 04:23 . 2013-10-11 04:23 462848 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-12-12 04:23 . 2013-10-11 04:23 781824 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-12-12 04:23 . 2013-10-11 02:07 596480 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-12-12 04:23 . 2013-10-30 02:10 2776064 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 04:22 . 2013-10-03 15:02 1278976 ----a-w- c:\windows\system32\crypt32.dll
2013-12-12 04:22 . 2013-10-03 12:45 993792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-12-12 04:12 . 2013-10-30 04:34 374784 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 04:12 . 2013-10-30 03:55 122368 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 04:12 . 2013-10-30 02:33 218112 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 02:47 . 2013-12-12 02:47 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-11-25 03:40 . 2013-11-25 03:40 -------- d-----w- C:\03dd1c58bf219cf3613ef9ad
2013-11-25 03:30 . 2013-12-18 02:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-11-25 03:30 . 2013-12-18 02:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-11-25 03:10 . 2013-12-12 08:08 -------- d-----w- c:\windows\system32\catroot2
2013-11-25 03:10 . 2013-11-25 03:10 -------- d-----w- C:\CAT-Logs
2013-11-25 03:09 . 2013-11-25 03:05 1242562 ----a-w- C:\CAT.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 17:48 . 2013-11-13 17:48 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-07 21:00 . 2006-11-02 12:35 82896128 ----a-w- c:\windows\system32\mrt.exe
2013-11-06 02:55 . 2013-11-06 02:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-05 02:52 . 2013-11-05 02:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-01 18:06 . 2013-11-01 18:06 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-01 04:00 . 2013-11-01 04:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-11-01 03:49 . 2013-11-01 03:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-30 04:34 . 2008-01-21 02:46 1386496 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-25 03:25 . 2013-10-25 03:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-01 05:52 . 2013-10-01 05:52 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-09-30 20:43 . 2013-09-30 20:43 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2013-09-30 20:43 . 2013-09-30 20:43 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-02-02 03:26 . 2009-10-03 17:25 597504 ----a-w- c:\program files\bidwhist.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\03dd1c58bf219cf3613ef9ad ----
.
2013-11-25 03:40 . 2013-11-25 03:40 788 ---ha-w- c:\03dd1c58bf219cf3613ef9ad\$shtdwn$.req
2013-11-07 21:00 . 2013-11-07 21:00 82896128 ----a-w- c:\03dd1c58bf219cf3613ef9ad\mrt.exe
2013-11-07 21:00 . 2013-11-07 21:00 81112 ----a-w- c:\03dd1c58bf219cf3613ef9ad\mrtstub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211181102}]
c:\program files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110411361128}]
c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{808dc83c-d35b-4fba-a5b5-9a52103204df}]
2013-10-22 21:04 249632 ----a-w- c:\program files (x86)\Swift Browse\SwiftBrowseBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ab56dfde-0c14-45b3-9df6-7b0eba617870}]
c:\progra~2\TOTALR~2\bar\1.bin\14bar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{df22384f-cf68-4d19-969f-10423715528b}]
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}]
c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}"= "c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll" [BU]
"{a0154e07-2b48-475c-a82a-80efd84ea33e}"= "c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}]
[HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}]
[HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{a0154e07-2b48-475c-a82a-80efd84ea33e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
"AVG-Secure-Search-Update_1013b"="c:\program files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe" [2013-12-16 2163224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2009-03-06 77824]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2010-07-28 75072]
"RDVCHG"="c:\program files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [2010-07-28 316736]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-09-18 967168]
"Brdefprn"="c:\program files (x86)\Brother\BRHL2140\Brdefprn.exe" [2007-11-05 40960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-12-16 2471448]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-2 1076264]
McAfee Security Scan.lnk - c:\program files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Rand McNally Dock.lnk - c:\program files (x86)\Rand McNally\RNDDock\StartupLauncher.bat [2013-9-17 25]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSv c]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrationReminder]
2009-04-14 18:38 2054448 ----a-w- c:\program files\Sony\First Experience\OOBEFcdRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-23 20:59 77824 ----a-w- c:\program files (x86)\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2008-06-26 21:42 16384 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2008-07-25 18:21 385024 ----a-w- c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-12 03:56 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-21 c:\windows\Tasks\AVG-Secure-Search-Update_1013b_rel.job
- c:\program files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe [2013-12-16 02:54]
.
2013-12-18 c:\windows\Tasks\AVG-Secure-Search-Update_1013b_rmv.job
- c:\program files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe [2013-12-16 02:54]
.
2013-12-18 c:\windows\Tasks\DriverCure.job
- c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-10 01:51]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-10 01:51]
.
2013-12-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2013-12-21 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2013-12-16 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2013-12-18 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-29 18:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-13 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-13 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-13 202264]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - ExtSQL: 2013-10-22 17:04; firefox@swiftbrowse.net; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\ex tensions\firefox@swiftbrowse.net.xpi
FF - ExtSQL: 2013-11-14 14:46; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
AddRemove-Reel Deal Slots_is1 - c:\program files (x86)\Reel Deal Slots\unins000.exe
AddRemove-SelectRebatesUninstall - c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
AddRemove-weDownload Manager Pro - c:\program files (x86)\weDownload Manager Pro\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-12-20 23:08:15
ComboFix-quarantined-files.txt 2013-12-21 04:08
ComboFix2.txt 2013-12-18 03:01
.
Pre-Run: 99,045,695,488 bytes free
Post-Run: 99,004,092,416 bytes free
.
- - End Of File - - A6E61D673364F643041FDFD2E1BFB363
5C616939100B85E558DA92B899A0FC36

*************************************************************************** *********
JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Owner on Fri 12/20/2013 at 23:44:27.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{03F3147C-CEA6-4AAE-B0AE-8D8ABE7A8080}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2502086B-5A46-4D05-8D5B-A1E77AB8BB32}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{396A4E14-83E7-4941-B0D9-B598E1B97197}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{76F3207C-3A0A-461B-B958-5653C5718243}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{895F3DBD-2484-4A14-A0EA-C3252EBB0FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8C4B563E-52A1-4A10-B700-F8BF1CD7B726}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{96B8A0EF-0D9D-4A92-B548-376DB4BBB58B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9E5C950C-93F2-46B4-A47E-8450FFF4D841}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0154E07-2B48-475C-A82A-80EFD84EA33E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A4503EC3-1111-4B62-8F46-0D88508F8A7B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A9C524BF-4044-402A-AA00-8C3B3DA86125}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B38FBAED-DED1-4BA6-BA2E-F2515FD49442}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B5EDE79D-B004-47DD-93F9-152B0D145914}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D0690E53-168C-4632-99B2-5700228F760F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\totalrecipesearch_14
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\totalrecipesearch_14"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\3ambf89r.default\ex tensions\14ffxtbr@totalrecipesearch_14.com
Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\3ambf89r.default\ex tensions\staged
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\14ffxtbr@totalrecip esearch_14.com



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/20/2013 at 23:55:18.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Last edited by Xenara4evr; 21-Dec-2013 at 11:03 PM.. Reason: additional information
Xenara4evr's Avatar
Xenara4evr Xenara4evr is offline
Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2013
21-Dec-2013, 10:59 PM #13
Hi Richard,

Here's the other logfile. It said it was too long to submit all 3 in one post.

ADWCLEANER

# AdwCleaner v3.015 - Report created 20/12/2013 at 23:38:16
# Updated 10/12/2013 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Owner - ARYFV17JPRH
# Running from : C:\Users\Owner\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update Swift Browse
[#] Service Deleted : Util Swift Browse

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[!] Folder Deleted : C:\ProgramData\DriverCure
[!] Folder Deleted : C:\ProgramData\ParetoLogic
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[!] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Program Files (x86)\ParetoLogic
[!] Folder Deleted : C:\Program Files (x86)\Shopping Sidekick Plugin
[!] Folder Deleted : C:\Program Files (x86)\Swift Browse
[!] Folder Deleted : C:\Program Files (x86)\Shopping Sidekick Plugin
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
[!] Folder Deleted : C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Shopping Sidekick Plugin
[!] Folder Deleted : C:\Users\Owner\AppData\Local\weDownload Manager Pro
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Shopping Sidekick Plugin
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\DriverCure
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\se archplugins\my-web-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Windows\Tasks\paretologic registration3.job
File Deleted : C:\Windows\System32\Tasks\paretologic registration3
File Deleted : C:\Windows\Tasks\paretologic update version3.job
File Deleted : C:\Windows\System32\Tasks\paretologic update version3

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jgapglgghagmhogfjkdlnnmbdfddeedb
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0043628.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0043628.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0043628.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181102}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411361128}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222182202}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255185502}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455365528}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411361128}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411361128}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181102}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Swift Browse
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Shopping Sidekick Plugin
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Swift Browse
Key Deleted : HKLM\Software\weDownload Manager Pro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload Manager Pro
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Shopping Sidekick Plugin
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Swift Browse
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\weDownload Manager Pro
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\ParetoLogic
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Browse

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v12.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3ambf89r.default\pr efs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26b b888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26b b888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26b b888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.expiration ", "Fri Dec 27 2013 22:43:41 GMT-0500 (Eastern Sta[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26b b888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26b b888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.expiration", "Sat Dec 21 2013 22:43:43 GMT-0500 (Eastern Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26b b888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26b b888ecae1906com43628.43628.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26b b888ecae1906com43628.43628.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26b b888ecae1906com43628.43628.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.crossrider.bic", "13c3594a3d46365c5bac6484d34b66d1");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationTime", 1358108571);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.sea rchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.set Homepage", false);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.set NewTab", false);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.InstallationUserSettings.set Search", false);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.active", true);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.backgroundver", 33);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.expi ration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.valu e", "1358108571");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallerParams.expir ation", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.InstallerParams.value ", "%7B%22source_id%22%3A%2274052%22%2C%22sub_id%22%3A%22default%22%2C%22uzid% 22%3A%2274052%26pid%3D1696%22%7D");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.value", "1358108571");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_arbitrary_code.e xpiration", "Tue Dec 17 2013 23:10:01 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_arbitrary_code.v alue", "%22%28function%28%29%7B_GPL_PLUGIN.st%3D%7B%5C%2274052%26pid%3D1269%5C%22% 3A%7Bs%3A%5B%5C%2274052%26pid%3D1695%5C%22%[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.expira tion", "Tue Dec 17 2013 23:10:01 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.value" , "%22facebook.com%2Cnonexistantdomain.com%22");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.exp iration", "Wed Dec 18 2013 21:53:34 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.val ue", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.value", "1366409714");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.expi ration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.valu e", "%221386683838%22");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix2011110264 5.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix2011110264 5.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_ib_delay.expirat ion", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_ib_delay.value", "24");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_ib_disclosure.ex piration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_ib_disclosure.va lue", "1379436225");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_ib_list.expirati on", "Wed Dec 18 2013 05:05:01 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%22d763717b4b2e0a17a877cc642fb80ee4%22%3A%7B%22p%22%3A[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_ib_list_temp.exp iration", "Tue Dec 17 2013 23:15:01 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_ib_list_temp.val ue", "1387339501.236");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params .expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params .value", "%7B%22source_id%22%3A%2274052%22%2C%22sub_id%22%3A%22default%22%2C%22uzid% 22%3A%2274052%26subid%3D%26pid%3D1269%22%[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.expi ration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.valu e", "%221357677933%22");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.ex piration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.va lue", "%2274052%22");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.expi ration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.valu e", "1358108621417");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.expir ation", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.value ", "%221696%22");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_splittest.expira tion", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_splittest.value" , "1381891795");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.expiratio n", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.value", "%22130795%22");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.value", "1358108609400");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.lastrequest.expiratio n", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.cookie.lastrequest.value", "%7B%22path%22%3A%22/redirector/bak%22%2C%22host%22%3A%22buy.norton.com%22%2C%22scheme%22%3A%22hxxps%22%7D" );
Line Deleted : user_pref("extensions.crossriderapp21802.21802.description", "Shopping Sidekick");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.domain", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.group", 0);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.InstallerIdentifi ers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.InstallerIdentifi ers.value", "%7B%22installer_bic%22%3A%2253FFBC2026EA438694DBC50F0D77D662IE%22%2C%22ins taller_verifier%22%3A%2282d6e8f6b3623b[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer. expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer. value", "48");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVer sion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVer sion.value", "1");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.ex piration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.va lue", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextChe ck.expiration", "Wed Dec 18 2013 05:04:59 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextChe ck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.e xpiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.v alue", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_remote_ resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_remote_ resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.SoftwareDetected. expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.internaldb.SoftwareDetected. value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22% 3Afalse%2C%22VMWare%22%3Afalse%2C%22Inside[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1222,baseCDN :\"shoppingside-a.akamaihd[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.name", "Shopping Sidekick Plugin");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.ex[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.code" , "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Obje[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.name" , "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.ver", 15);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.code" , "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowe d:!1,log:function(f){console.log(f)},factor[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.name" , "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.ver", 35);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.ge[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigat[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&ty[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, Joh[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.wh en.apply(n[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.exte[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery [...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());va r CrossRiderResourcesManager=(function(){var C={appId[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(func[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=[...]
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_98.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/21802/plugins/087/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.pluginsversion", 45);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp21802.21802.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp21802.21802.ver", 48);
Line Deleted : user_pref("extensions.crossriderapp21802.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp21802.apps", "21802");
Line Deleted : user_pref("extensions.crossriderapp21802.bic", "13c3594a3d46365c5bac6484d34b66d1");
Line Deleted : user_pref("extensions.crossriderapp21802.cid", 21802);
Line Deleted : user_pref("extensions.crossriderapp21802.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp21802.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp21802.installationdate", 1358108599);
Line Deleted : user_pref("extensions.crossriderapp21802.lastcheck", 23126624);
Line Deleted : user_pref("extensions.crossriderapp21802.lastcheckitem", 23126624);
Line Deleted : user_pref("extensions.crossriderapp21802.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp21802.reportInstall", true);
Line Deleted : user_pref("extensions.crossriderapp21802.updating", true);
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0&n=77fc1d71&ind=2013011313&p2=^YK^xdm132^YY^us&sea[...]
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=1B73D347-FB5E-4F46-B254-1FD2783390E0&n=77fc1d71&p2=^YK^xdm132^YY^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.lastGuardTime", -1910762632);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.contextKey ", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.installDat e", "2013011313");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerId" , "^YK^xdm132^YY^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerSub Id", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.toolbarId" , "1B73D347-FB5E-4F46-B254-1FD2783390E0");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.lastActivePing", "1387597412048");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.homePageEnabled ", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.keywordEnabled" , true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.weather.location", "37401");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "totalrecipesearch@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "totalrecipesearch@mindspark.com");

*************************

AdwCleaner[R0].txt - [38859 octets] - [20/12/2013 23:10:59]
AdwCleaner[R1].txt - [38872 octets] - [20/12/2013 23:37:05]
AdwCleaner[S0].txt - [37285 octets] - [20/12/2013 23:38:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [37346 octets] ##########
TechieRanger's Avatar
TechieRanger   (Richard) TechieRanger is online now TechieRanger is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 471 posts.
 
Join Date: Nov 2012
Experience: Intermediate
23-Dec-2013, 10:35 PM #14
vToolbar appears to be related to AVG Secure Search and SpySubtract appears to be an anti-spyware product. It is now Trend Micro AntiSpyware.

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
~~~~~~~~~~~~~~~~~~~~~~~

Note: <<<This step is very important >>>
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit located in the mbar\plugins folder and reboot.
Verify that your system is now functioning normally.

In your next reply, please provide the following:
  • mbar logs.
  • Update on how your PC is running.
Regards,

Richard
TechieRanger's Avatar
TechieRanger   (Richard) TechieRanger is online now TechieRanger is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 471 posts.
 
Join Date: Nov 2012
Experience: Intermediate
29-Dec-2013, 01:54 PM #15
It has been two days or more since my last post. Do you still need help or more time?



Regards,

Richard
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑