Jump to content

infected with cozi.exe, MBAM/avg unable to remove


saque

Recommended Posts

Hi, I've been trying to get rid of this nasty program cozi.exe and it doesn't seem to want to go away. Any help is appreciated!! Hope the following are the right logs:

DDS (Ver_2012-11-05.02) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450

Run by rainbow shine at 20:19:22 on 2012-11-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8059.5729 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Users\rainbow shine\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\system32\taskmgr.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\rainbow shine\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{0D7D30DE-FCC5-45FC-936D-7D0D5783C0F0} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{A802D9B1-A27C-4039-B75E-2F084979DAC6} : DHCPNameServer = 13.36.0.103

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20121042,16900,0,54,0

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B9cb1ba8f-e57d-46b8-9a51-759a3b962154%7D&mid=e7b5bae0070b47d0a890b91405fff85c-198e8c780b736989ed6d572bb6e684ae4c8f3c03&ds=AVG&v=12.2.5.34〈=en&pr=fr&d=2012-10-07%2021%3A37%3A33&sap=ku&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - ExtSQL: 2012-10-07 21:34; firefox@ghostery.com; C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions\firefox@ghostery.com

FF - ExtSQL: 2012-10-07 21:37; avg@toolbar; C:\ProgramData\AVG Secure Search\12.2.5.34

FF - ExtSQL: 2012-10-18 17:14; ConsumerInput@Compete; C:\Program Files (x86)\Consumer Input\Firefox\src

FF - ExtSQL: 2012-10-18 17:14; addon@defaulttab.com; C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions\addon@defaulttab.com.xpi

FF - ExtSQL: 2012-10-18 17:14; wecarereminder@bryan; C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions\wecarereminder@bryan

FF - ExtSQL: 2012-10-22 21:06; {1266764D-FC4F-4FA7-B63B-884D53B1680F}; C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-23 16152]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-7 31080]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-21 1014096]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-21 1104208]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\rainbow shine\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-10-18 107520]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-23 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-5-23 1695040]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-23 363800]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-10-7 722528]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-21 1304912]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]

R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-13 747008]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-5-23 176096]

R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-23 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-23 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-23 788760]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-23 685160]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-5-23 313448]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-28 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-10-30 15:11:53 -------- d-----w- C:\Users\rainbow shine\AppData\Local\Diagnostics

2012-10-24 01:13:37 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-10-24 01:13:37 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2012-10-24 00:52:13 -------- d-----w- C:\Users\rainbow shine\AppData\Roaming\Malwarebytes

2012-10-24 00:52:06 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-24 00:52:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-23 03:11:59 -------- d-----w- C:\Users\rainbow shine\AppData\Local\Opera

2012-10-23 03:11:50 -------- d-----w- C:\Program Files\Opera x64

2012-10-18 23:14:31 -------- d-----w- C:\Program Files (x86)\Playalot Games

2012-10-18 23:14:28 -------- d-----w- C:\Program Files (x86)\Consumer Input

2012-10-18 23:14:24 -------- d-----w- C:\Users\rainbow shine\AppData\Roaming\DefaultTab

2012-10-18 23:14:19 -------- d-----w- C:\ProgramData\WeCareReminder

2012-10-18 23:06:57 -------- d-----w- C:\Users\rainbow shine\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1

2012-10-18 23:06:54 -------- d-----w- C:\Program Files (x86)\Zoodles

2012-10-12 14:44:12 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC4BE93C-0F1F-4403-8056-8F9AFEC9FA51}\mpengine.dll

2012-10-08 17:20:12 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-10-08 03:38:34 -------- d-----w- C:\Users\rainbow shine\AppData\Roaming\AVG2013

2012-10-08 03:37:47 -------- d-----w- C:\Users\rainbow shine\AppData\Roaming\TuneUp Software

2012-10-08 03:37:46 -------- d-----w- C:\Users\rainbow shine\AppData\Local\AVG Secure Search

2012-10-08 03:37:39 -------- d-----w- C:\ProgramData\AVG Secure Search

2012-10-08 03:37:33 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-10-08 03:37:31 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2012-10-08 03:37:31 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2012-10-08 03:36:56 -------- d--h--w- C:\$AVG

2012-10-08 03:36:56 -------- d-----w- C:\ProgramData\AVG2013

2012-10-08 03:36:27 -------- d-----w- C:\Program Files (x86)\AVG

2012-10-08 03:31:48 -------- d--h--w- C:\ProgramData\Common Files

2012-10-08 03:31:48 -------- d-----w- C:\Users\rainbow shine\AppData\Local\MFAData

2012-10-08 03:31:48 -------- d-----w- C:\Users\rainbow shine\AppData\Local\Avg2013

2012-10-08 03:31:48 -------- d-----w- C:\ProgramData\MFAData

.

==================== Find3M ====================

.

2012-10-09 21:36:29 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 21:36:29 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-05 09:26:22 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2012-10-02 09:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-09-21 09:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-09-21 09:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2012-09-21 09:45:50 61792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-14 09:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2012-09-13 09:11:18 151904 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust(82).dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust(90).dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase(89).dll

2012-08-20 17:37:18 1114112 ----a-w- C:\Windows\SysWow64\kernel32(88).dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos(72).dll

2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

.

============= FINISH: 20:19:46.35 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-05.02)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 8/24/2012 7:56:15 PM

System Uptime: 11/6/2012 7:56:32 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 023HTX

Processor: Intel® Core i7-3612QM CPU @ 2.10GHz | CPU Socket - U3E1 | 1197/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 918 GiB total, 852.719 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP40: 10/18/2012 5:41:45 PM - Removed Adobe Reader X (10.1.4) MUI.

RP41: 10/18/2012 5:42:15 PM - Removed Adobe Reader X (10.1.4) MUI.

RP42: 10/20/2012 11:30:50 PM - Removed Skype™ 5.10

RP43: 10/20/2012 11:31:13 PM - Removed Skype™ 5.10

RP44: 10/21/2012 10:00:51 PM - Removed Zoodles

RP45: 10/22/2012 9:08:51 PM - Removed Cozi

RP46: 11/1/2012 10:07:16 PM - Removed Skype Click to Call

RP47: 11/1/2012 10:08:47 PM - Removed Playalot Games

RP48: 11/6/2012 9:58:09 PM - Restore Operation

.

==== Installed Programs ======================

.

Accidental Damage Services Agreement

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Advanced Audio FX Engine

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASPCA Reminder by We-Care.com v4.1.19.1

AVG 2013

Banctec Service Agreement

Bejeweled 2 Deluxe

Bing Bar

Blackhawk Striker 2

Blio

Bonjour

Bounce Symphony

Build-a-lot 2

Cake Mania

Chuzzle Deluxe

Complete Care Business Service Agreement

Consumer In-Home Service Agreement

Consumer Input Firefox Extension (remove only)

Cozi

D3DX10

DefaultTab

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Digital Delivery

Dell Edoc Viewer

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell Stage Remote

Dell Support Center

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

eBay

Escape Whisper Valley

EXP Viewer 6.0

Farm Frenzy

FATE

Final Drive Fury

Final Drive Nitro

High-Definition Video Playback

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed

Intel® PROSet/Wireless Software for Bluetooth® Technology

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Monitor 2.0

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® WiDi

Intel® Wireless Display

Intel® PROSet/Wireless WiFi Software

Intel® Trusted Connect Service Client

iTunes

Jewel Quest

Jewel Quest Solitaire 2

Junk Mail filter update

Luxor

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Click-to-Run 2010

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works 6-9 Converter

Mozilla Firefox 15.0 (x86 en-US)

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Namco All-Stars PAC-MAN

Nero 10 Movie ThemePack Basic

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

Penguins!

Plants vs. Zombies - Game of the Year

Playalot Games

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Premium Service Agreement

QualxServ Service Agreement

Quickset64

Samantha Swift

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skype Click to Call

Skype™ 5.10

SyncUP

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

Virtual Villagers 4 - The Tree of Life

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.3

Wedding Dash - Ready, Aim, Love!

WildTangent Games

WildTangent Games App (Dell Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zinio Reader 4

Zoodles

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

11/6/2012 9:04:53 PM, Error: Service Control Manager [7023] - The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error: %%-2147196306

11/6/2012 8:31:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user sparklerainbow\rainbow shine SID (S-1-5-21-2446809276-4078469189-198621184-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/6/2012 8:31:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user sparklerainbow\rainbow shine SID (S-1-5-21-2446809276-4078469189-198621184-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/6/2012 7:57:36 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

11/6/2012 7:55:12 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

10/30/2012 8:25:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xdeaddead (0x000000000f00004b, 0x000000000023002c, 0x0000000012a60000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 103012-30420-01.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello saque and :welcome:!

This is not malware, but legitimate application. If you want to get rid of it. Just uninstall Cozi and should be gone.

Hi Maniac,

Uninstaller doesn't remove it, acts like it works, but cozi (or at least that's the program I think it is) has modified my IE and firefox search bars, and it stll shows up on both of them. Also, AVG keeps telling me it has 'protected from multiple threats,' even when Im not even browsing. Uninstaller cannot remove firefox, system restore keeps crashing when I try it too.

Is there another malware listed on my data that I have?

Thank you.

Link to post
Share on other sites

No and that's strange.

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • JunkWare Removal Tool log
  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

<p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 2.8.4 (11.07.2012)

OS: Windows 7 Home Premium x64

Ran by rainbow shine on Wed 11/07/2012 at 5:03:52.29

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

%

Link to post
Share on other sites

somehow the last post messed up:

<p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 2.8.4 (11.07.2012)

OS: Windows 7 Home Premium x64

Ran by rainbow shine on Wed 11/07/2012 at 5:03:52.29

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox detected and repaired

Successfully deleted: [File] C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\searchplugins\search-here.xml

Successfully deleted: [addon@defaulttab.com.xpi] from C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions

user_pref("browser.startup.homepage", "http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20121042,16900,0,54,0");

user_pref("extensions.defaulttab.active.affiliate", 2642);

user_pref("extensions.defaulttab.active.overridechromesearch", false);

user_pref("extensions.defaulttab.active.overridekeywordsearch", false);

user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20121042,18175,0,0,0");

user_pref("extensions.defaulttab.browserID", "8CEFE2C5547301934C33B150865117D8");

user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search Here\", \"window_content\": \"<html>\\r\\n<head>\\r\\n<style type=\\\"text/css\\\">\\r\\nhtml,\\r\\n\\r\\n.content {\\r\\n position: absolute;\\r\\n top: 0;\\r\\n right: 0;\\r\\n}\\r\\n.content1 {\\r\\n\\tpadding-left: 0px;\\r\\n\\tpadding-top: 0px;\\r\\n\\tpadding-right: 0px;\\r\\n\\tpadding-bottom: 0px;\\r\\n}\\r\\n\\r\\n</style>\\r\\n</head>\\r\\n<body>\\r\\n <div class=\\\"content\\\">\\r\\n <img src=\\\"http://assets.defaulttab.com/pop3.png\\\">\\r\\n </div>\\r\\n \\r\\n</body>\\r\\n</html>\", \"version\": 1, \"search_box_default\": \"Search Here|Search Here\", \"third_party_reporting_partner\": null, \"change_home_page\": true, \"set_default_search_on_update\": true, \"change_default_search\": true, \"icon_image_file\": \"http://assets.mysearchresults.com/information-blue-16x16.ico\", \"change_dns_error_handling_on_update\": false, \"use_dns_error_handling\": true, \"set_search_box\": true, \"set_home_page_to\": \"http://www.mysearchresults.com/?c=0000&t=01\", \"enable_third_party_content\": true, \"country\": \"US\", \"search_engines\": [{\"search_engine\": \"Search Here|Search Here\", \"search_query_string\": \"&c=0000&t=01&q={searchTerms}\", \"toolbar_search_engine_config_id\": 583, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"<!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.1//EN\\\" \\\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\\\">\\r\\n<html xmlns=\\\"http://www.w3.org/1999/xhtml\\\">\\r\\n<head>\\r\\n\\t<meta http-equiv=\\\"Content-Type\\\" content=\\\"application/xhtml+xml; charset=utf-8\\\" />\\r\\n\\t<title>Internet Search</title>\\r\\n <link rel=\\\"shortcut icon\\\" type=\\\"image/ico\\\" href=\\\"http://assets.defaulttab.com/favicon.ico\\\">\\r\\n <style type=\\\"text/css\\\">\\r\\n * { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }\\r\\n\\t\\thtml, body{\\r\\n\\t\\t\\theight:100%;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.none{display:none;}\\r\\n\\t\\t.top-bar{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\ttop:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:30px;\\r\\n\\t\\t\\tbackground:#0342B7;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tpadding:0 3px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tpadding:6px 7px;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a{\\r\\n\\t\\t\\tcolor:#7DA7F4;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a:hover,\\r\\n\\t\\t.top-bar ul li a.active{color:#fff;}\\r\\n\\t\\t.top-bar .lang{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\tpadding:6px 10px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#9cf;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar span{float:right;}\\r\\n\\t\\t.top-bar .choose{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\twidth:16px;\\r\\n\\t\\t\\theight:16px;\\t\\r\\n\\t\\t\\tmargin:1px 0 1px 8px;\\r\\n\\t\\t\\tbackground:#1885f2;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar .choose em{\\r\\n\\t\\t\\tdisplay:block;\\r\\n\\t\\t\\twidth:0;\\r\\n\\t\\t\\theight:0;\\r\\n\\t\\t\\tmargin:6px auto 0;\\r\\n\\t\\t\\toverflow:hidden;\\r\\n\\t\\t\\tborder-top: 5px solid #fff;\\r\\n \\t\\tborder-left: 5px solid transparent;\\r\\n \\t\\tborder-right: 5px solid transparent;\\r\\n\\t\\t}\\r\\n\\t\\t.container{\\r\\n\\t\\t\\tdisplay:table;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:100%;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper{\\r\\n\\t\\t\\tdisplay:table-cell;\\t\\r\\n\\t\\t\\tpadding-top: 250px;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .logo,\\r\\n\\t\\t.wrapper img,\\r\\n\\t\\t.wrapper dl,\\r\\n\\t\\t.wrapper dt,\\r\\n\\t\\t.wrapper dd{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tpadding:0;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .search{\\r\\n\\t\\t\\tmargin:0 auto;\\t\\r\\n\\t\\t\\twidth:710px;\\r\\n }\\r\\n .wrapper .logo {\\r\\n padding-top: 4px;\\r\\n }\\r\\n\\t\\t*+ html .wrapper .search{margin-top:expression(this.parentNode.offsetHeight > this.offsetHeight ? ((this.parentNode.offsetHeight-this.offsetHeight)/2 + \\\"px\\\") : \\\"0\\\");}\\r\\n\\t\\t.search dl{\\r\\n\\t\\t\\tmargin:9px 0 9px 15px;\\t\\r\\n\\t\\t}\\r\\n .search dt input{\\r\\n \\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tpadding:2px 7px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:15px/27px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tbox-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-moz-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\twidth:500px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.search dd button{\\r\\n\\t\\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tbackground:#e5e3e3;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t\\tpadding:0px 40px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tmargin-left:-1px;\\r\\n\\t\\t}\\r\\n\\t\\t*+ html .wrapper .search dd button{\\r\\n\\t\\t\\tpadding-left:20px;\\r\\n\\t\\t\\tpadding-right:20px;\\r\\n\\t\\t\\tmargin-top:1px;\\r\\n\\t\\t}\\r\\n\\t\\t.search dt input:focus,\\r\\n\\t\\t.search dd button:focus{position:relative;}\\r\\n\\t\\t.search dd button::-moz-focus-inner{border:0;}\\r\\n\\t\\t.footer{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\tbottom:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\t\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul{\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tmargin:0 auto;\\r\\n\\t\\t\\tpadding:15px 0;\\r\\n\\t\\t\\tfont:11px Arial, Helvetica, sans-serif;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li{\\r\\n\\t\\t\\tdisplay:inline;\\r\\n\\t\\t\\tpadding:0 10px;\\r\\n\\t\\t\\tborder-left:1px solid #c2bfbf;\\r\\n\\t\\t\\tcolor:#555;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li:first-child{border:0;}\\r\\n\\t\\t*+ html #navigation li{border-left: expression( (this===this.parentNode.childNodes[0]) ? \\\"none\\\" : \\\"auto\\\");}\\r\\n\\t\\t.footer ul li a{\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li em a{color:#aca8a8;}\\r\\n\\t\\t.footer ul li a:hover{text-decoration:underline;}\\r\\n\\t</style>\\r\\n</head>\\r\\n<body>\\r\\n<div class=\\\"top-bar\\\">\\r\\n\\t<ul>\\r\\n \\t<li><a class=\\\"active\\\" href=\\\"#\\\">Web</a></li>\\r\\n\\r\\n <li><a href=\\\"http://www.google.com/images\\\">Images</a></li>\\r\\n <li><a href=\\\"http://news.google.com\\\">News</a></li>\\r\\n <!-- <li><a href=\\\"#\\\">Games</a></li> -->\\r\\n <li><a href=\\\"http://www.youtube.com\\\">Video</a></li>\\r\\n <li><a href=\\\"http://www.facebook.com\\\">Facebook</a></li>\\r\\n <li><a href=\\\"http://www.twitter.com\\\">Twitter</a></li>\\r\\n\\r\\n </ul>\\r\\n <!--\\r\\n <div class=\\\"lang\\\">\\r\\n \\t<a class=\\\"choose\\\" href=\\\"#\\\"><em> </em></a>\\r\\n <span>English</span>\\r\\n </div>\\r\\n -->\\r\\n</div>\\r\\n<div class=\\\"container\\\">\\r\\n\\t<div class=\\\"wrapper\\\">\\r\\n\\t\\t<form class=\\\"search\\\" method=\\\"get\\\" action=\\\"http://www.mysearchresults.com/search\\\">\\r\\n <div class=\\\"none\\\">\\r\\n <input type=\\\"hidden\\\" name=\\\"ei\\\" value=\\\"utf-8\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"c\\\" value=\\\"0000\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"t\\\" value=\\\"01\\\" />\\r\\n\\r\\n </div><!--/.none-->\\r\\n\\t\\t\\t<div class=\\\"logo\\\">\\r\\n\\t\\t\\t\\t<img src=\\\"http://assets.defaulttab.com/sr_logo.png\\\" />\\r\\n\\t\\t\\t</div><!--/.logo-->\\r\\n <dl>\\r\\n\\t <dt>\\r\\n \\t\\t <input type=\\\"text\\\" name=\\\"q\\\" />\\r\\n \\t</dt>\\r\\n \\t<dd>\\r\\n\\r\\n\\t\\t <button type=\\\"submit\\\" class=\\\"y_go\\\">Search</button>\\r\\n \\t </dd>\\r\\n </dl>\\r\\n\\t\\t</form><!--/.search-->\\r\\n\\t</div><!--/.wrapper-->\\r\\n\\t<div class=\\\"footer\\\">\\r\\n <ul>\\r\\n <li>© 2012 Search Results, LLC</li>\\r\\n\\r\\n <li>\\r\\n \\t <a href=\\\"http://corp.mysearchresults.com/about-us/privacy-policy/\\\">Privacy & Terms</a>\\r\\n </li>\\r\\n <!-- <li id=\\\"disablenewtab\\\" style=\\\"display: none\\\">Disable New Tab Search</li> -->\\r\\n </ul>\\r\\n\\t</div><!--/.footer-->\\r\\n</div><!--/.container-->\\r\\n</body>\\r\\n</html>\", \"base_url\": \"http://www.mysearchresults.com/search\", \"search_engine_id\": 99}, {\"search_engine\": \"Facebook\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 585, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.facebook.com/search.php?q={searchTerms}\", \"search_engine_id\": 88}, {\"search_engine\": \"YouTube\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 586, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.youtube.com/results?search_query={searchTerms}\", \"search_engine_id\": 90}, {\"search_engine\": \"Amazon\", \"search_query_string\": \"&tag=inline3-20&linkCode=ur2&camp=1789&field-keywords={searchTerms}\", \"toolbar_search_engine_config_id\": 587, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.amazon.com/mn/search/?encoding=UTF8\", \"search_engine_id\": 85}, {\"search_engine\": \"Wikipedia\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1077, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://en.wikipedia.org/wiki/{searchTerms}\", \"search_engine_id\": 86}, {\"search_engine\": \"Twitter\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1078, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"https://twitter.com/#!/search?q={searchTerms}\", \"search_engine_id\": 87}, {\"search_engine\": \"eBay\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1079, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.ebay.com/sch/?_nkw={searchTerms}\", \"search_engine_id\": 92}], \"set_home_page_on_update\": true, \"channel\": null, \"revision\": 1}}");

user_pref("extensions.defaulttab.firstrun", false);

user_pref("extensions.defaulttab.installedVersion", "1.4.2");

user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"td\":1.5},\"1-Stop-Florists\":{\"name\":\"1 Stop Florists\",\"autordr\":1,\"td\":6},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\"autordr\":1},\"1and1internet-Canada\":{\"name\":\"1&1 Internet Inc. Canada\",\"autordr\":1},\"1-800-Bakery.com\":{\"name\":\"1-800-Bakery.com\",\"autordr\":1,\"td\":5},\"1-800-Baskets.com\":{\"name\":\"1-800-Baskets.com\",\"autordr\":1,\"td\":5},\"1-800-FLORALS\":{\"name\":\"1-800-FLORALS\",\"autordr\":1,\"td\":10},\"1-800Flowers.com\":{\"name\":\"1-800-Flowers.com\",\"autordr\":1,\"td\":10,\"ctxt\":\"5% off!\",\"ccode\":\"WECAREFIVE\"},\"1-800-Get-Lens\":{\"name\":\"1-800-Get-Lens\",\"autordr\":1,\"td\":4},\"1-800-GOT-JUNK\":{\"name\":\"1-800-GOT-JUNK?\",\"autordr\":1,\"td\":1.5},%5

Link to post
Share on other sites

<p>user_pref("extensions.defaulttab.firstrun", false);

user_pref("extensions.defaulttab.installedVersion", "1.4.2");

user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"td\":1.5},\"1-Stop-Florists\":{\"name\":\"1 Stop Florists\",\"autordr\":1,\"td\":6},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\"autordr\":1},\"1and1internet-Canada\":{\"name\":\"1&1 Internet Inc. Canada\",\"autordr\":1},\"1-800-Bakery.com\":{\"name\":\"1-800-Bakery.com\",\"autordr\":1,\"td\":5},\"1-800-Baskets.com\":{\"name\":\"1-800-Baskets.com\",\"autordr\":1,\"td\":5},\"1-800-FLORALS\":{\"name\":\"1-800-FLORALS\",\"autordr\":1,\"td\":10},\"1-800Flowers.com\":{\"name\":\"1-800-Flowers.com\",\"autordr\":1,\"td\":10,\"ctxt\":\"5% off!\",\"ccode\":\"WECAREFIVE\"},\"1-800-Get-Lens\":{\"name\":\"1-800-Get-Lens\",\"autordr\":1,\"td\":4},\"1-800-GOT-JUNK\":{\"name\":\"1-800-GOT-JUNK?\",\"autordr\":1,\"td\":1.5},\"100-Day-Loans\":{\"name\":\"100 Day Loans\",\"autordr\":1},\"101-Phones\":{\"name\":\"101Phones.com\",\"autordr\":1,\"td\":3},\"123inkjets.com\":{\"name\":\"123Inkjets.com\",\"autordr\":1,\"td\":14},\"123Print\":{\"name\":\"123Print\",\"autordr\":1,\"td\":5},\"1800CarDonations.org\":{\"name\":\"1800CarDonations.org\",\"autordr\":1},\"1800Treadmill\":{\"name\":\"1800Treadmill\",\"autordr\":1,\"td\":4.5},\"1928-Jewelry\":{\"name\":\"1928 Jewelry\",\"autordr\":1,\"td\":7.5},\"1928-Jewelry-Bridal\":{\"name\":%2

Link to post
Share on other sites

Yes, I'm sorry, it seems the forum kept glitching and would not post all of my text. I will try it again now:

<p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 2.8.4 (11.07.2012)

OS: Windows 7 Home Premium x64

Ran by rainbow shine on Wed 11/07/2012 at 5:03:52.29

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox detected and repaired

Successfully deleted: [File] C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\searchplugins\search-here.xml

Successfully deleted: [addon@defaulttab.com.xpi] from C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions

user_pref("browser.startup.homepage", "http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20121042,16900,0,54,0");

user_pref("extensions.defaulttab.active.affiliate", 2642);

user_pref("extensions.defaulttab.active.overridechromesearch", false);

user_pref("extensions.defaulttab.active.overridekeywordsearch", false);

user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20121042,18175,0,0,0");

user_pref("extensions.defaulttab.browserID", "8CEFE2C5547301934C33B150865117D8");

user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search Here\", \"window_content\": \"<html>\\r\\n<head>\\r\\n<style type=\\\"text/css\\\">\\r\\nhtml,\\r\\n\\r\\n.content {\\r\\n position: absolute;\\r\\n top: 0;\\r\\n right: 0;\\r\\n}\\r\\n.content1 {\\r\\n\\tpadding-left: 0px;\\r\\n\\tpadding-top: 0px;\\r\\n\\tpadding-right: 0px;\\r\\n\\tpadding-bottom: 0px;\\r\\n}\\r\\n\\r\\n</style>\\r\\n</head>\\r\\n<body>\\r\\n <div class=\\\"content\\\">\\r\\n <img src=\\\"http://assets.defaulttab.com/pop3.png\\\">\\r\\n </div>\\r\\n \\r\\n</body>\\r\\n</html>\", \"version\": 1, \"search_box_default\": \"Search Here|Search Here\", \"third_party_reporting_partner\": null, \"change_home_page\": true, \"set_default_search_on_update\": true, \"change_default_search\": true, \"icon_image_file\": \"http://assets.mysearchresults.com/information-blue-16x16.ico\", \"change_dns_error_handling_on_update\": false, \"use_dns_error_handling\": true, \"set_search_box\": true, \"set_home_page_to\": \"http://www.mysearchresults.com/?c=0000&t=01\", \"enable_third_party_content\": true, \"country\": \"US\", \"search_engines\": [{\"search_engine\": \"Search Here|Search Here\", \"search_query_string\": \"&c=0000&t=01&q={searchTerms}\", \"toolbar_search_engine_config_id\": 583, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"<!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.1//EN\\\" \\\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\\\">\\r\\n<html xmlns=\\\"http://www.w3.org/1999/xhtml\\\">\\r\\n<head>\\r\\n\\t<meta http-equiv=\\\"Content-Type\\\" content=\\\"application/xhtml+xml; charset=utf-8\\\" />\\r\\n\\t<title>Internet Search</title>\\r\\n <link rel=\\\"shortcut icon\\\" type=\\\"image/ico\\\" href=\\\"http://assets.defaulttab.com/favicon.ico\\\">\\r\\n <style type=\\\"text/css\\\">\\r\\n * { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }\\r\\n\\t\\thtml, body{\\r\\n\\t\\t\\theight:100%;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.none{display:none;}\\r\\n\\t\\t.top-bar{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\ttop:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:30px;\\r\\n\\t\\t\\tbackground:#0342B7;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tpadding:0 3px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tpadding:6px 7px;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a{\\r\\n\\t\\t\\tcolor:#7DA7F4;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a:hover,\\r\\n\\t\\t.top-bar ul li a.active{color:#fff;}\\r\\n\\t\\t.top-bar .lang{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\tpadding:6px 10px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#9cf;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar span{float:right;}\\r\\n\\t\\t.top-bar .choose{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\twidth:16px;\\r\\n\\t\\t\\theight:16px;\\t\\r\\n\\t\\t\\tmargin:1px 0 1px 8px;\\r\\n\\t\\t\\tbackground:#1885f2;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar .choose em{\\r\\n\\t\\t\\tdisplay:block;\\r\\n\\t\\t\\twidth:0;\\r\\n\\t\\t\\theight:0;\\r\\n\\t\\t\\tmargin:6px auto 0;\\r\\n\\t\\t\\toverflow:hidden;\\r\\n\\t\\t\\tborder-top: 5px solid #fff;\\r\\n \\t\\tborder-left: 5px solid transparent;\\r\\n \\t\\tborder-right: 5px solid transparent;\\r\\n\\t\\t}\\r\\n\\t\\t.container{\\r\\n\\t\\t\\tdisplay:table;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:100%;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper{\\r\\n\\t\\t\\tdisplay:table-cell;\\t\\r\\n\\t\\t\\tpadding-top: 250px;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .logo,\\r\\n\\t\\t.wrapper img,\\r\\n\\t\\t.wrapper dl,\\r\\n\\t\\t.wrapper dt,\\r\\n\\t\\t.wrapper dd{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tpadding:0;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .search{\\r\\n\\t\\t\\tmargin:0 auto;\\t\\r\\n\\t\\t\\twidth:710px;\\r\\n }\\r\\n .wrapper .logo {\\r\\n padding-top: 4px;\\r\\n }\\r\\n\\t\\t*+ html .wrapper .search{margin-top:expression(this.parentNode.offsetHeight > this.offsetHeight ? ((this.parentNode.offsetHeight-this.offsetHeight)/2 + \\\"px\\\") : \\\"0\\\");}\\r\\n\\t\\t.search dl{\\r\\n\\t\\t\\tmargin:9px 0 9px 15px;\\t\\r\\n\\t\\t}\\r\\n .search dt input{\\r\\n \\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tpadding:2px 7px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:15px/27px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tbox-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-moz-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\twidth:500px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.search dd button{\\r\\n\\t\\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tbackground:#e5e3e3;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t\\tpadding:0px 40px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tmargin-left:-1px;\\r\\n\\t\\t}\\r\\n\\t\\t*+ html .wrapper .search dd button{\\r\\n\\t\\t\\tpadding-left:20px;\\r\\n\\t\\t\\tpadding-right:20px;\\r\\n\\t\\t\\tmargin-top:1px;\\r\\n\\t\\t}\\r\\n\\t\\t.search dt input:focus,\\r\\n\\t\\t.search dd button:focus{position:relative;}\\r\\n\\t\\t.search dd button::-moz-focus-inner{border:0;}\\r\\n\\t\\t.footer{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\tbottom:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\t\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul{\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tmargin:0 auto;\\r\\n\\t\\t\\tpadding:15px 0;\\r\\n\\t\\t\\tfont:11px Arial, Helvetica, sans-serif;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li{\\r\\n\\t\\t\\tdisplay:inline;\\r\\n\\t\\t\\tpadding:0 10px;\\r\\n\\t\\t\\tborder-left:1px solid #c2bfbf;\\r\\n\\t\\t\\tcolor:#555;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li:first-child{border:0;}\\r\\n\\t\\t*+ html #navigation li{border-left: expression( (this===this.parentNode.childNodes[0]) ? \\\"none\\\" : \\\"auto\\\");}\\r\\n\\t\\t.footer ul li a{\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li em a{color:#aca8a8;}\\r\\n\\t\\t.footer ul li a:hover{text-decoration:underline;}\\r\\n\\t</style>\\r\\n</head>\\r\\n<body>\\r\\n<div class=\\\"top-bar\\\">\\r\\n\\t<ul>\\r\\n \\t<li><a class=\\\"active\\\" href=\\\"#\\\">Web</a></li>\\r\\n\\r\\n <li><a href=\\\"http://www.google.com/images\\\">Images</a></li>\\r\\n <li><a href=\\\"http://news.google.com\\\">News</a></li>\\r\\n <!-- <li><a href=\\\"#\\\">Games</a></li> -->\\r\\n <li><a href=\\\"http://www.youtube.com\\\">Video</a></li>\\r\\n <li><a href=\\\"http://www.facebook.com\\\">Facebook</a></li>\\r\\n <li><a href=\\\"http://www.twitter.com\\\">Twitter</a></li>\\r\\n\\r\\n </ul>\\r\\n <!--\\r\\n <div class=\\\"lang\\\">\\r\\n \\t<a class=\\\"choose\\\" href=\\\"#\\\"><em> </em></a>\\r\\n <span>English</span>\\r\\n </div>\\r\\n -->\\r\\n</div>\\r\\n<div class=\\\"container\\\">\\r\\n\\t<div class=\\\"wrapper\\\">\\r\\n\\t\\t<form class=\\\"search\\\" method=\\\"get\\\" action=\\\"http://www.mysearchresults.com/search\\\">\\r\\n <div class=\\\"none\\\">\\r\\n <input type=\\\"hidden\\\" name=\\\"ei\\\" value=\\\"utf-8\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"c\\\" value=\\\"0000\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"t\\\" value=\\\"01\\\" />\\r\\n\\r\\n </div><!--/.none-->\\r\\n\\t\\t\\t<div class=\\\"logo\\\">\\r\\n\\t\\t\\t\\t<img src=\\\"http://assets.defaulttab.com/sr_logo.png\\\" />\\r\\n\\t\\t\\t</div><!--/.logo-->\\r\\n <dl>\\r\\n\\t <dt>\\r\\n \\t\\t <input type=\\\"text\\\" name=\\\"q\\\" />\\r\\n \\t</dt>\\r\\n \\t<dd>\\r\\n\\r\\n\\t\\t <button type=\\\"submit\\\" class=\\\"y_go\\\">Search</button>\\r\\n \\t </dd>\\r\\n </dl>\\r\\n\\t\\t</form><!--/.search-->\\r\\n\\t</div><!--/.wrapper-->\\r\\n\\t<div class=\\\"footer\\\">\\r\\n <ul>\\r\\n <li>© 2012 Search Results, LLC</li>\\r\\n\\r\\n <li>\\r\\n \\t <a href=\\\"http://corp.mysearchresults.com/about-us/privacy-policy/\\\">Privacy & Terms</a>\\r\\n </li>\\r\\n <!-- <li id=\\\"disablenewtab\\\" style=\\\"display: none\\\">Disable New Tab Search</li> -->\\r\\n </ul>\\r\\n\\t</div><!--/.footer-->\\r\\n</div><!--/.container-->\\r\\n</body>\\r\\n</html>\", \"base_url\": \"http://www.mysearchresults.com/search\", \"search_engine_id\": 99}, {\"search_engine\": \"Facebook\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 585, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.facebook.com/search.php?q={searchTerms}\", \"search_engine_id\": 88}, {\"search_engine\": \"YouTube\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 586, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.youtube.com/results?search_query={searchTerms}\", \"search_engine_id\": 90}, {\"search_engine\": \"Amazon\", \"search_query_string\": \"&tag=inline3-20&linkCode=ur2&camp=1789&field-keywords={searchTerms}\", \"toolbar_search_engine_config_id\": 587, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.amazon.com/mn/search/?encoding=UTF8\", \"search_engine_id\": 85}, {\"search_engine\": \"Wikipedia\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1077, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://en.wikipedia.org/wiki/{searchTerms}\", \"search_engine_id\": 86}, {\"search_engine\": \"Twitter\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1078, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"https://twitter.com/#!/search?q={searchTerms}\", \"search_engine_id\": 87}, {\"search_engine\": \"eBay\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1079, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.ebay.com/sch/?_nkw={searchTerms}\", \"search_engine_id\": 92}], \"set_home_page_on_update\": true, \"channel\": null, \"revision\": 1}}");

user_pref("extensions.defaulttab.firstrun", false);

user_pref("extensions.defaulttab.installedVersion", "1.4.2");

user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"td\":1.5},\"1-Stop-Florists\":{\"name\":\"1 Stop Florists\",\"autordr\":1,\"td\":6},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\"autordr\":1},\"1and1internet-Canada\":{\"name\":\"1&1 Internet Inc. Canada\",\"autordr\":1},\"1-800-Bakery.com\":{\"name\":\"1-800-Bakery.com\",\"autordr\":1,\"td\":5},\"1-800-Baskets.com\":{\"name\":\"1-800-Baskets.com\",\"autordr\":1,\"td\":5},\"1-800-FLORALS\":{\"name\":\"1-800-FLORALS\",\"autordr\":1,\"td\":10},\"1-800Flowers.com\":{\"name\":\"1-800-Flowers.com\",\"autordr\":1,\"td\":10,\"ctxt\":\"5% off!\",\"ccode\":\"WECAREFIVE\"},\"1-800-Get-Lens\":{\"name\":\"1-800-Get-Lens\",\"autordr\":1,\"td\":4},\"1-800-GOT-JUNK\":{\"name\":\"1-800-GOT-JUNK?\",\"autordr\":1,\"td\":1.5},\"100-Day-Loans\":{\"name\":\"100 Day Loans\",\"autordr\":1},\"101-Phones\":{\"name\":\"101Phones.com\",\"autordr\":1,\"td\":3},\"123inkjets.com\":{\"name\":\"123Inkjets.com\",\"autordr\":1,\"td\":14},\"123Print\":{\"name\":\"123Print\",\"autordr\":1,\"td\":5},\"1800CarDonations.org\":{\"name\":\"1800CarDonations.org\",\"autordr\":1},\"1800Treadmill\":{\"name\":\"1800Treadmill\",\"autordr\":1,\"td\":4.5},\"1928-Jewelry\":{\"name\":\"1928 Jewelry\",\"autordr\":1,\"td\":7.5},\"1928-Jewelry-Bridal\":{\"name\":\"1928 Jewelry Bridal\",\"autordr\":1,\"td\":7.5},\"1ink.com\":{\"name\":\"1ink.com\",\"autordr\":1,\"td\":14},\"1ShoppingCart\":{\"name\":\"1ShoppingCart\",\"autordr\":1},\"1STOPLighting\":{\"name\":\"1STOPLighting\",\"autordr\":0,\"td\":3.5},\"23andMe\":{\"name\":\"23andMe\",\"autordr\":1,\"td\":2.5},\"24-Hour-Fitness\":{\"name\":\"24 Hour Fitness\",\"autordr\":1,\"td\":5},\"2b-Store\":{\"name\":\"2b Store\",\"autordr\":0,\"td\":2.5},\"2xist\":{\"name\":\"2xist\",\"autordr\":1,\"td\":3},\"3Balls\":{\"name\":\"3 Balls\",\"autordr\":1,\"td\":2},\"360training\":{\"name\":\"360training\",\"autordr\":1,\"td\":7.5},\"39DollarGlasses.com\":{\"name\":\"39DollarGlasses.com\",\"autordr\":1,\"td\":4},\"3lab\":{\"name\":\"3lab\",\"autordr\":1,\"td\":6},\"4-Inkjets\":{\"name\":\"4 Inkjets\",\"autordr\":1},\"4seasonswine\":{\"name\":\"4 Seasons Wine\",\"autordr\":1},\"4-Wheel-Drive\":{\"name\":\"4 Wheel Drive\",\"autordr\":1,\"td\":3},\"4WheelParts\":{\"name\":\"4 Wheel Parts\",\"autordr\":1,\"td\":3},\"48HourPrint.com\":{\"name\":\"48HourPrint.com\",\"autordr\":1,\"td\":7.5},\"5.11-Tactical-Series\":{\"name\":\"5.11 Tactical Series\",\"autordr\":1,\"td\":3},\"525-America\":{\"name\":\"525 America\",\"autordr\":1,\"td\":3},\"599fashion.com\":{\"name\":\"599fashion.com\",\"autordr\":1,\"td\":1.5},\"6DollarShirts.com\":{\"name\":\"6DollarShirts.com\",\"autordr\":1,\"td\":5},\"7-For-All-Mankind\":{\"name\":\"7 For All Mankind\",\"autordr\":1,\"td\":2},\"80s-Purple\":{\"name\":\"80's Purple\",\"autordr\":1,\"td\":3.5},\"8x8\":{\"name\":\"8x8\",\"autordr\":1},\"911-Health\":{\"name\":\"911 Health\",\"autordr\":1,\"td\":5},\"99Designs\":{\"name\":\"99designs\",\"autordr\":1},\"AARP-Auto-Insurance-Program-from-The-Hartford\":{\"name\":\"The AARP Auto Insurance Program from The Hartford\",\"autordr\":1},\"ababy.com\":{\"name\":\"ababy.com\",\"autordr\":1,\"td\":4},\"Abacus24-7.com\":{\"name\":\"Abacus24-7.com\",\"autordr\":1,\"td\":15},\"ABCmouse.com\":{\"name\":\"ABCmouse.com\",\"autordr\":1},\"Abes-of-Maine\":{\"name\":\"Abe's of Maine\",\"autordr\":1,\"td\":3},\"AbleNet\":{\"name\":\"AbleNet\",\"autordr\":0,\"td\":3},\"AboutAirportParking\":{\"name\":\"About Airport Parking\",\"autordr\":1,\"td\":25},\"Abt-Electronics\":{\"name\":\"Abt Electronics\",\"autordr\":0},\"Academic-Superstore\":{\"name\":\"Academic Superstore\",\"autordr\":1,\"td\":2.5},\"Accessorize\":{\"name\":\"Accessorize\",\"autordr\":1,\"td\":2.5},\"ACDSee\":{\"name\":\"ACDSee\",\"autordr\":1,\"td\":7.5},\"ACE-Hardware\":{\"name\":\"ACE Hardware\",\"autordr\":1,\"td\":2.5},\"Ace-Ticket\":{\"name\":\"AceTicket\",\"autordr\":1,\"td\":3.5},\"Acnecomplexcanada.com\":{\"name\":\"Acnecomplexcanada.com\",\"autordr\":1},\"Acronis\":{\"name\":\"Acronis\",\"autordr\":1},\"Action-Alert\":{\"name\":\"Action Alert\",\"autordr\":1,\"td\":12.5},\"ActiveForever\":{\"name\":\"ActiveForever\",\"autordr\":1,\"td\":3},\"ActivewearUSA.com\":{\"name\":\"ActivewearUSA.com\",\"autordr\":1,\"td\":5},\"Adagio-Teas\":{\"name\":\"Adagio Teas\",\"autordr\":1,\"td\":5},\"adameveToys.com\":{\"name\":\"Adam and Eve Toys\",\"autordr\":1,\"td\":10},\"Adirondack-Chair-Superstore\":{\"name\":\"Adirondack Chair Superstore\",\"autordr\":1,\"td\":2.5},\"Adonit\":{\"name\":\"Adonit\",\"autordr\":1,\"td\":5},\"Adorama\":{\"name\":\"Adorama\",\"autordr\":1,\"td\":2},\"Adorama-Pix\":{\"name\":\"Adorama Pix\",\"autordr\":1,\"td\":5},\"Adore-Me\":{\"name\":\"Adore Me\",\"autordr\":1},\"Adorn.com\":{\"name\":\"Adorn.com\",\&quot%3

Link to post
Share on other sites

Yes, I'm sorry, it seems the forum kept glitching and would not post all of my text. I will try it again now:

<p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 2.8.4 (11.07.2012)

OS: Windows 7 Home Premium x64

Ran by rainbow shine on Wed 11/07/2012 at 5:03:52.29

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox detected and repaired

Successfully deleted: [File] C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\searchplugins\search-here.xml

Successfully deleted: [addon@defaulttab.com.xpi] from C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions

user_pref("browser.startup.homepage", "http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20121042,16900,0,54,0");

user_pref("extensions.defaulttab.active.affiliate", 2642);

user_pref("extensions.defaulttab.active.overridechromesearch", false);

user_pref("extensions.defaulttab.active.overridekeywordsearch", false);

user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20121042,18175,0,0,0");

user_pref("extensions.defaulttab.browserID", "8CEFE2C5547301934C33B150865117D8");

user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search Here\", \"window_content\": \"<html>\\r\\n<head>\\r\\n<style type=\\\"text/css\\\">\\r\\nhtml,\\r\\n\\r\\n.content {\\r\\n position: absolute;\\r\\n top: 0;\\r\\n right: 0;\\r\\n}\\r\\n.content1 {\\r\\n\\tpadding-left: 0px;\\r\\n\\tpadding-top: 0px;\\r\\n\\tpadding-right: 0px;\\r\\n\\tpadding-bottom: 0px;\\r\\n}\\r\\n\\r\\n</style>\\r\\n</head>\\r\\n<body>\\r\\n <div class=\\\"content\\\">\\r\\n <img src=\\\"http://assets.defaulttab.com/pop3.png\\\">\\r\\n </div>\\r\\n \\r\\n</body>\\r\\n</html>\", \"version\": 1, \"search_box_default\": \"Search Here|Search Here\", \"third_party_reporting_partner\": null, \"change_home_page\": true, \"set_default_search_on_update\": true, \"change_default_search\": true, \"icon_image_file\": \"http://assets.mysearchresults.com/information-blue-16x16.ico\", \"change_dns_error_handling_on_update\": false, \"use_dns_error_handling\": true, \"set_search_box\": true, \"set_home_page_to\": \"http://www.mysearchresults.com/?c=0000&t=01\", \"enable_third_party_content\": true, \"country\": \"US\", \"search_engines\": [{\"search_engine\": \"Search Here|Search Here\", \"search_query_string\": \"&c=0000&t=01&q={searchTerms}\", \"toolbar_search_engine_config_id\": 583, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"<!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.1//EN\\\" \\\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\\\">\\r\\n<html xmlns=\\\"http://www.w3.org/1999/xhtml\\\">\\r\\n<head>\\r\\n\\t<meta http-equiv=\\\"Content-Type\\\" content=\\\"application/xhtml+xml; charset=utf-8\\\" />\\r\\n\\t<title>Internet Search</title>\\r\\n <link rel=\\\"shortcut icon\\\" type=\\\"image/ico\\\" href=\\\"http://assets.defaulttab.com/favicon.ico\\\">\\r\\n <style type=\\\"text/css\\\">\\r\\n * { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }\\r\\n\\t\\thtml, body{\\r\\n\\t\\t\\theight:100%;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.none{display:none;}\\r\\n\\t\\t.top-bar{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\ttop:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:30px;\\r\\n\\t\\t\\tbackground:#0342B7;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tpadding:0 3px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tpadding:6px 7px;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a{\\r\\n\\t\\t\\tcolor:#7DA7F4;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a:hover,\\r\\n\\t\\t.top-bar ul li a.active{color:#fff;}\\r\\n\\t\\t.top-bar .lang{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\tpadding:6px 10px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#9cf;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar span{float:right;}\\r\\n\\t\\t.top-bar .choose{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\twidth:16px;\\r\\n\\t\\t\\theight:16px;\\t\\r\\n\\t\\t\\tmargin:1px 0 1px 8px;\\r\\n\\t\\t\\tbackground:%

Link to post
Share on other sites

Yes, I'm sorry, it seems the forum kept glitching and would not post all of my text. I will try it again now:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 2.8.4 (11.07.2012)

OS: Windows 7 Home Premium x64

Ran by rainbow shine on Wed 11/07/2012 at 5:03:52.29

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox detected and repaired

Successfully deleted: [File] C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\searchplugins\search-here.xml

Successfully deleted: [addon@defaulttab.com.xpi] from C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions

user_pref("browser.startup.homepage", "http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20121042,16900,0,54,0");

user_pref("extensions.defaulttab.active.affiliate", 2642);

user_pref("extensions.defaulttab.active.overridechromesearch", false);

user_pref("extensions.defaulttab.active.overridekeywordsearch", false);

user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20121042,18175,0,0,0");

user_pref("extensions.defaulttab.browserID", "8CEFE2C5547301934C33B150865117D8");

user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search Here\", \"window_content\": \"<html>\\r\\n<head>\\r\\n<style type=\\\"text/css\\\">\\r\\nhtml,\\r\\n\\r\\n.content {\\r\\n position: absolute;\\r\\n top: 0;\\r\\n right: 0;\\r\\n}\\r\\n.content1 {\\r\\n\\tpadding-left: 0px;\\r\\n\\tpadding-top: 0px;\\r\\n\\tpadding-right: 0px;\\r\\n\\tpadding-bottom: 0px;\\r\\n}\\r\\n\\r\\n</style>\\r\\n</head>\\r\\n<body>\\r\\n <div class=\\\"content\\\">\\r\\n <img src=\\\"http://assets.defaulttab.com/pop3.png\\\">\\r\\n </div>\\r\\n \\r\\n</body>\\r\\n</html>\", \"version\": 1, \"search_box_default\": \"Search Here|Search Here\", \"third_party_reporting_partner\": null, \"change_home_page\": true, \"set_default_search_on_update\": true, \"change_default_search\": true, \"icon_image_file\": \"http://assets.mysearchresults.com/information-blue-16x16.ico\", \"change_dns_error_handling_on_update\": false, \"use_dns_error_handling\": true, \"set_search_box\": true, \"set_home_page_to\": \"http://www.mysearchresults.com/?c=0000&t=01\", \"enable_third_party_content\": true, \"country\": \"US\", \"search_engines\": [{\"search_engine\": \"Search Here|Search Here\", \"search_query_string\": \"&c=0000&t=01&q={searchTerms}\", \"toolbar_search_engine_config_id\": 583, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"<!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.1//EN\\\" \\\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\\\">\\r\\n<html xmlns=\\\"http://www.w3.org/1999/xhtml\\\">\\r\\n<head>\\r\\n\\t<meta http-equiv=\\\"Content-Type\\\" content=\\\"application/xhtml+xml; charset=utf-8\\\" />\\r\\n\\t<title>Internet Search</title>\\r\\n <link rel=\\\"shortcut icon\\\" type=\\\"image/ico\\\" href=\\\"http://assets.defaulttab.com/favicon.ico\\\">\\r\\n <style type=\\\"text/css\\\">\\r\\n * { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }\\r\\n\\t\\thtml, body{\\r\\n\\t\\t\\theight:100%;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.none{display:none;}\\r\\n\\t\\t.top-bar{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\ttop:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:30px;\\r\\n\\t\\t\\tbackground:#0342B7;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tpadding:0 3px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tpadding:6px 7px;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a{\\r\\n\\t\\t\\tcolor:#7DA7F4;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a:hover,\\r\\n\\t\\t.top-bar ul li a.active{color:#fff;}\\r\\n\\t\\t.top-bar .lang{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\tpadding:6px 10px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#9cf;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar span{float:right;}\\r\\n\\t\\t.top-bar .choose{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\twidth:16px;\\r\\n\\t\\t\\theight:16px;\\t\\r\\n\\t\\t\\tmargin:1px 0 1px 8px;\\r\\n\\t\\t\\tbackground:#1885f2;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar .choose em{\\r\\n\\t\\t\\tdisplay:block;\\r\\n\\t\\t\\twidth:0;\\r\\n\\t\\t\\theight:0;\\r\\n\\t\\t\\tmargin:6px auto 0;\\r\\n\\t\\t\\toverflow:hidden;\\r\\n\\t\\t\\tborder-top: 5px solid #fff;\\r\\n \\t\\tborder-left: 5px solid transparent;\\r\\n \\t\\tborder-right: 5px solid transparent;\\r\\n\\t\\t}\\r\\n\\t\\t.container{\\r\\n\\t\\t\\tdisplay:table;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:100%;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper{\\r\\n\\t\\t\\tdisplay:table-cell;\\t\\r\\n\\t\\t\\tpadding-top: 250px;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .logo,\\r\\n\\t\\t.wrapper img,\\r\\n\\t\\t.wrapper dl,\\r\\n\\t\\t.wrapper dt,\\r\\n\\t\\t.wrapper dd{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tpadding:0;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .search{\\r\\n\\t\\t\\tmargin:0 auto;\\t\\r\\n\\t\\t\\twidth:710px;\\r\\n }\\r\\n .wrapper .logo {\\r\\n padding-top: 4px;\\r\\n }\\r\\n\\t\\t*+ html .wrapper .search{margin-top:expression(this.parentNode.offsetHeight > this.offsetHeight ? ((this.parentNode.offsetHeight-this.offsetHeight)/2 + \\\"px\\\") : \\\"0\\\");}\\r\\n\\t\\t.search dl{\\r\\n\\t\\t\\tmargin:9px 0 9px 15px;\\t\\r\\n\\t\\t}\\r\\n .search dt input{\\r\\n \\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tpadding:2px 7px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:15px/27px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tbox-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-moz-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\twidth:500px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.search dd button{\\r\\n\\t\\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tbackground:#e5e3e3;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t\\tpadding:0px 40px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tmargin-left:-1px;\\r\\n\\t\\t}\\r\\n\\t\\t*+ html .wrapper .search dd button{\\r\\n\\t\\t\\tpadding-left:20px;\\r\\n\\t\\t\\tpadding-right:20px;\\r\\n\\t\\t\\tmargin-top:1px;\\r\\n\\t\\t}\\r\\n\\t\\t.search dt input:focus,\\r\\n\\t\\t.search dd button:focus{position:relative;}\\r\\n\\t\\t.search dd button::-moz-focus-inner{border:0;}\\r\\n\\t\\t.footer{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\tbottom:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\t\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul{\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tmargin:0 auto;\\r\\n\\t\\t\\tpadding:15px 0;\\r\\n\\t\\t\\tfont:11px Arial, Helvetica, sans-serif;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li{\\r\\n\\t\\t\\tdisplay:inline;\\r\\n\\t\\t\\tpadding:0 10px;\\r\\n\\t\\t\\tborder-left:1px solid #c2bfbf;\\r\\n\\t\\t\\tcolor:#555;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li:first-child{border:0;}\\r\\n\\t\\t*+ html #navigation li{border-left: expression( (this===this.parentNode.childNodes[0]) ? \\\"none\\\" : \\\"auto\\\");}\\r\\n\\t\\t.footer ul li a{\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li em a{color:#aca8a8;}\\r\\n\\t\\t.footer ul li a:hover{text-decoration:underline;}\\r\\n\\t</style>\\r\\n</head>\\r\\n<body>\\r\\n<div class=\\\"top-bar\\\">\\r\\n\\t<ul>\\r\\n \\t<li><a class=\\\"active\\\" href=\\\"#\\\">Web</a></li>\\r\\n\\r\\n <li><a href=\\\"http://www.google.com/images\\\">Images</a></li>\\r\\n <li><a href=\\\"http://news.google.com\\\">News</a></li>\\r\\n <!-- <li><a href=\\\"#\\\">Games</a></li> -->\\r\\n <li><a href=\\\"http://www.youtube.com\\\">Video</a></li>\\r\\n <li><a href=\\\"http://www.facebook.com\\\">Facebook</a></li>\\r\\n <li><a href=\\\"http://www.twitter.com\\\">Twitter</a></li>\\r\\n\\r\\n </ul>\\r\\n <!--\\r\\n <div class=\\\"lang\\\">\\r\\n \\t<a class=\\\"choose\\\" href=\\\"#\\\"><em> </em></a>\\r\\n <span>English</span>\\r\\n </div>\\r\\n -->\\r\\n</div>\\r\\n<div class=\\\"container\\\">\\r\\n\\t<div class=\\\"wrapper\\\">\\r\\n\\t\\t<form class=\\\"search\\\" method=\\\"get\\\" action=\\\"http://www.mysearchresults.com/search\\\">\\r\\n <div class=\\\"none\\\">\\r\\n <input type=\\\"hidden\\\" name=\\\"ei\\\" value=\\\"utf-8\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"c\\\" value=\\\"0000\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"t\\\" value=\\\"01\\\" />\\r\\n\\r\\n </div><!--/.none-->\\r\\n\\t\\t\\t<div class=\\\"logo\\\">\\r\\n\\t\\t\\t\\t<img src=\\\"http://assets.defaulttab.com/sr_logo.png\\\" />\\r\\n\\t\\t\\t</div><!--/.logo-->\\r\\n <dl>\\r\\n\\t <dt>\\r\\n \\t\\t <input type=\\\"text\\\" name=\\\"q\\\" />\\r\\n \\t</dt>\\r\\n \\t<dd>\\r\\n\\r\\n\\t\\t <button type=\\\"submit\\\" class=\\\"y_go\\\">Search</button>\\r\\n \\t </dd>\\r\\n </dl>\\r\\n\\t\\t</form><!--/.search-->\\r\\n\\t</div><!--/.wrapper-->\\r\\n\\t<div class=\\\"footer\\\">\\r\\n <ul>\\r\\n <li>© 2012 Search Results, LLC</li>\\r\\n\\r\\n <li>\\r\\n \\t <a href=\\\"http://corp.mysearchresults.com/about-us/privacy-policy/\\\">Privacy & Terms</a>\\r\\n </li>\\r\\n <!-- <li id=\\\"disablenewtab\\\" style=\\\"display: none\\\">Disable New Tab Search</li> -->\\r\\n </ul>\\r\\n\\t</div><!--/.footer-->\\r\\n</div><!--/.container-->\\r\\n</body>\\r\\n</html>\", \"base_url\": \"http://www.mysearchresults.com/search\", \"search_engine_id\": 99}, {\"search_engine\": \"Facebook\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 585, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.facebook.com/search.php?q={searchTerms}\", \"search_engine_id\": 88}, {\"search_engine\": \"YouTube\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 586, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.youtube.com/results?search_query={searchTerms}\", \"search_engine_id\": 90}, {\"search_engine\": \"Amazon\", \"search_query_string\": \"&tag=inline3-20&linkCode=ur2&camp=1789&field-keywords={searchTerms}\", \"toolbar_search_engine_config_id\": 587, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.amazon.com/mn/search/?encoding=UTF8\", \"search_engine_id\": 85}, {\"search_engine\": \"Wikipedia\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1077, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://en.wikipedia.org/wiki/{searchTerms}\", \"search_engine_id\": 86}, {\"search_engine\": \"Twitter\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1078, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"https://twitter.com/#!/search?q={searchTerms}\", \"search_engine_id\": 87}, {\"search_engine\": \"eBay\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1079, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.ebay.com/sch/?_nkw={searchTerms}\", \"search_engine_id\": 92}], \"set_home_page_on_update\": true, \"channel\": null, \"revision\": 1}}");

user_pref("extensions.defaulttab.firstrun", false);

user_pref("extensions.defaulttab.installedVersion", "1.4.2");

user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"td\":1.5},\"1-Stop-Florists\":{\"name\":\"1 Stop Florists\",\"autordr\":1,\"td\":6},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\"autordr\":1},\"1and1internet-Canada\":{\"name\":\"1&1 Internet Inc. Canada\",\"autordr\":1},\"1-800-Bakery.com\":{\"name\":\"1-800-Bakery.com\",\"autordr\":1,\"td\":5},\"1-800-Baskets.com\":{\"name\":\"1-800-Baskets.com\",\"autordr\":1,\"td\":5},\"1-800-FLORALS\":{\"name\":\"1-800-FLORALS\",\"autordr\":1,\"td\":10},\"1-800Flowers.com\":{\"name\":\"1-800-Flowers.com\",\"autordr\":1,\"td\":10,\"ctxt\":\"5% off!\",\"ccode\":\"WECAREFIVE\"},\"1-800-Get-Lens\":{\"name\":\"1-800-Get-Lens\",\"autordr\":1,\"td\":4},\"1-800-GOT-JUNK\":{\"name\":\"1-800-GOT-JUNK?\",\"autordr\":1,\"td\":1.5},\"100-Day-Loans\":{\"name\":\"100 Day Loans\",\"autordr\":1},\"101-Phones\":{\"name\":\"101Phones.com\",\"autordr\":1,\"td\":3},\"123inkjets.com\":{\"name\":\"123Inkjets.com\",\"autordr\":1,\"td\":14},\"123Print\":{\"name\":\"123Print\",\"autordr\":1,\"td\":5},\"1800CarDonations.org\":{\"name\":\"1800CarDonations.org\",\"autordr\":1},\"1800Treadmill\":{\"name\":\"1800Treadmill\",\"autordr\":1,\"td\":4.5},\"1928-Jewelry\":{\"name\":\"1928 Jewelry\",\"autordr\":1,\"td\":7.5},\"1928-Jewelry-Bridal\":{\"name\":\"1928 Jewelry Bridal\",\"autordr\":1,\"td\":7.5},\"1ink.com\":{\"name\":\"1ink.com\",\"autordr\":1,\"td\":14},\"1ShoppingCart\":{\"name\":\"1ShoppingCart\",\"autordr\":1},\"1STOPLighting\":{\"name\":\"1STOPLighting\",\"autordr\":0,\"td\":3.5},\"23andMe\":{\"name\":\"23andMe\",\"autordr\":1,\"td\":2.5},\"24-Hour-Fitness\":{\"name\":\"24 Hour Fitness\",\"autordr\":1,\"td\":5},\"2b-Store\":{\"name\":\"2b Store\",\"autordr\":0,\"td\":2.5},\"2xist\":{\"name\":\"2xist\",\"autordr\":1,\"td\":3},\"3Balls\":{\"name\":\"3 Balls\",\"autordr\":1,\"td\":2},\"360training\":{\"name\":\"360training\",\"autordr\":1,\"td\":7.5},\"39DollarGlasses.com\":{\"name\":\"39DollarGlasses.com\",\"autordr\":1,\"td\":4},\"3lab\":{\"name\":\"3lab\",\"autordr\":1,\"td\":6},\"4-Inkjets\":{\"name\":\"4 Inkjets\",\"autordr\":1},\"4seasonswine\":{\"name\":\"4 Seasons Wine\",\"autordr\":1},\"4-Wheel-Drive\":{\"name\":\"4 Wheel Drive\",\"autordr\":1,\"td\":3},\"4WheelParts\":{\"name\":\"4 Wheel Parts\",\"autordr\":1,\"td\":3},\"48HourPrint.com\":{\"name\":\"48HourPrint.com\",\"autordr\":1,\"td\":7.5},\"5.11-Tactical-Series\":{\"name\":\"5.11 Tactical Series\",\"autordr\":1,\"td\":3},\"525-America\":{\"name\":\"525 America\",\"autordr\":1,\"td\":3},\"599fashion.com\":{\"name\":\"599fashion.com\",\"autordr\":1,\"td\":1.5},\"6DollarShirts.com\":{\"name\":\"6DollarShirts.com\",\"autordr\":1,\"td\":5},\"7-For-All-Mankind\":{\"name\":\"7 For All Mankind\",\"autordr\":1,\"td\":2},\"80s-Purple\":{\"name\":\"80's Purple\",\"autordr\":1,\"td\":3.5},\"8x8\":{\"name\":\"8x8\",\"autordr\":1},\"911-Health\":{\"name\":\"911 Health\",\"autordr\":1,\"td\":5},\"99Designs\":{\"name\":\"99designs\",\"autordr\":1},\"AARP-Auto-Insurance-Program-from-The-Hartford\":{\"name\":\"The AARP Auto Insurance Program from The Hartford\",\"autordr\":1},\"ababy.com\":{\"name\":\"ababy.com\",\"autordr\":1,\"td\":4},\"Abacus24-7.com\":{\"name\":\"Abacus24-7.com\",\"autordr\":1,\"td\":15},\"ABCmouse.com\":{\"name\":\"ABCmouse.com\",\"autordr\":1},\"Abes-of-Maine\":{\"name\":\"Abe's of Maine\",\"autordr\":1,\"td\":3},\"AbleNet\":{\"name\":\"AbleNet\",\"autordr\":0,\"td\":3},\"AboutAirportParking\":{\"name\":\"About Airport Parking\",\"autordr\":1,\"td\":25},\"Abt-Electronics\":{\"name\":\"Abt Electronics\",\"autordr\":0},\"Academic-Superstore\":{\"name\":\"Academic Superstore\",\"autordr\":1,\"td\":2.5},\"Accessorize\":{\"name\":\"Accessorize\",\"autordr\":1,\"td\":2.5},\"ACDSee\":{\"name\":\"ACDSee\",\"autordr\":1,\"td\":7.5},\"ACE-Hardware\":{\"name\":\"ACE Hardware\",\"autordr\":1,\"td\":2.5},\"Ace-Ticket\":{\"name\":\"AceTicket\",\"autordr\":1,\"td\":3.5},\"Acnecomplexcanada.com\":{\"name\":\"Acnecomplexcanada.com\",\"autordr\":1},\"Acronis\":{\"name\":\"Acronis\",\"autordr\":1},\"Action-Alert\":{\"name\":\"Action Alert\",\"autordr\":1,\"td\":12.5},\"ActiveForever\":{\"name\":\"ActiveForever\",\"autordr\":1,\"td\":3},\"ActivewearUSA.com\":{\"name\":\"ActivewearUSA.com\",\"autordr\":1,\"td\":5},\"Adagio-Teas\":{\"name\":\"Adagio Teas\",\"autordr\":1,\"td\":5},\"adameveToys.com\":{\"name\":\"Adam and Eve Toys\",\"autordr\":1,\"td\":10},\"Adirondack-Chair-Superstore\":{\"name\":\"Adirondack Chair Superstore\",\"autordr\":1,\"td\":2.5},\"Adonit\":{\"name\":\"Adonit\",\"autordr\":1,\"td\":5},\"Adorama\":{\"name\":\"Adorama\",\"autordr\":1,\"td\":2},\"Adorama-Pix\":{\"name\":\"Adorama Pix\",\"autordr\":1,\"td\":5},\"Adore-Me\":{\"name\":\"Adore Me\",\"autordr\":1},\"Adorn.com\":{\"name\":\"Adorn.com\",\"autordr\":1,\"td\":7.5},\"Advance-Auto-Parts\":{\"name\":\"Advance Auto Parts\",\"autordr\":1,\"td\":4},\"AeroGrow\":{\"name\":\"AeroGarden\",\"autordr\":1},\"Aeropostale\":{\"name\":\"Aeropostale\",\"autordr\":1,\"td\":2},\"AFG\":{\"name\":\"AFG\",\"autordr\":1,\"td\":4.5},\"Afterglow-Cosmetics\":{\"name\":\"Afterglow Cosmetics\",\"autordr\":1,\"td\":4},\"AHAlife\":{\"name\":\"AHAlife\",\"autordr\":1,\"td\":3.5},\"Air-France-Canada\":{\"name\":\"Air France Canada\",\"autordr\":1,\"td\":0.5},\"Air-France\":{\"name\":\"Air France USA\",\"autordr\":1,\"td\":0.5},\"Airfare.com\":{\"name\":\"Airfare.com\",\"autordr\":0},\"AirportParkingReservations.com\":{\"name\":\"AirportParkingReservations.com\",\"autordr\":1,\"td\":20},\"AJ-Madison\":{\"name\":\"AJ Madison\",\"autordr\":1},\"Akademiks\":{\"name\":\"Akademiks\",\"autordr\":0,\"td\":3},\"Alamo-Rent-A-Car\":{\"name\":\"Alamo Rent A Car\",\"autordr\":0,\"td\":2.5},\"Alessi\":{\"name\":\"Alessi\",\"autordr\":1,\"td\":3.5},\"Alex-Ani\":{\"name\":\"Alex & Ani\",\"autordr\":1,\"td\":3.5},\"Alexandalexa\":{\"name\":\"Alexandalexa\",\"autordr\":1,\"td\":5},\"Alibris\":{\"name\":\"Alibris\",\"autordr\":1,\"td\":2.5},\"Alice-and-Trixie\":{\"name\":\"Alice and Trixie\",\"autordr\":1,\"td\":3.5},\"Alight.com\":{\"name\":\"Alight.com\",\"autordr\":1,\"td\":2.5},\"All4Cellular\":{\"name\":\"All4Cellular\",\"autordr\":1,\"td\":3.5},\"ALLDATAdiy.com\":{\"name\":\"ALLDATAdiy.com\",\"autordr\":0,\"td\":12.5},\"Allen-Edmonds\":{\"name\":\"Allen Edmonds\",\"autordr\":0,\"td\":3.5},\"Allergy-Be-Gone\":{\"name\":\"Allergy Be Gone\",\"autordr\":1,\"td\":4},\"AllergyBuyersClub.com\":{\"name\":\"AllergyBuyersClub.com\",\"autordr\":1,\"td\":3.5},\"Alliance-Tickets\":{\"name\":\"Alliance Tickets\",\"autordr\":1,\"td\":5},\"Allianz-Travel-Insurance\":{\"name\":\"Allianz Travel Insurance\",\"autordr\":1},\"Alloy\":{\"name\":\"Alloy\",\"autordr\":1,\"td\":3.5},\"AllPosters.com\":{\"name\":\"AllPosters.com\",\"autordr\":1,\"td\":7.5},\"AllSaints-Spitalfields\":{\"name\":\"Allsaints Spitalfields\",\"autordr\":1,\"td\":2},\"Allstate-Motor-Club\":{\"name\":\"Allstate Motor Club\",\"autordr\":1},\"Allurez\":{\"name\":\"Allurez\",\"autordr\":1,\"td\":4},\"Aloft-Hotels\":{\"name\":\"Aloft Hotels\",\"autordr\":1,\"td\":1.5},\"Alpha-Industries\":{\"name\":\"Alpha Industries\",\"autordr\":1,\"td\":4},\"Alpha-Omega-Publications\":{\"name\":\"Alpha Omega Publications\",\"autordr\":1,\"td\":2},\"AmazingSocks\":{\"name\":\"Amazing Socks\",\"autordr\":0,\"td\":3},\"American-Airlines\":{\"name\":\"American Airlines\",\"autordr\":1},\"American-Airlines-Vacations\":{\"name\":\"American Airlines Vacations\",\"autordr\":1,\"td\":2},\"American-Bridal\":{\"name\":\"American Bridal\",\"autordr\":1,\"td\":6},\"American-Express-Travel\":{\"name\":\"American Express Travel\",\"autordr\":1},\"American-Meadows\":{\"name\":\"American Meadows\",\"autordr\":1,\"td\":4},\"AmericanEssays.com\":{\"name\":\"AmericanEssays.com\",\"autordr\":1,\"td\":5},\"Amiclubwear\":{\"name\":\"Amiclubwear\",\"autordr\":1,\"td\":3.5},\"Amor.com\":{\"name\":\"Amor.com\",\"autordr\":1},\"Amoro-Fine-Jewelry\":{\"name\":\"Amoro Fine Jewelry\",\"autordr\":1,\"td\":2.5},\"Amrita-Singh-Jewelry\":{\"name\":\"Amrita Singh Jewelry\",\"autordr\":1,\"td\":3.5},\"AN-Hosting\":{\"name\":\"AN Hosting\",\"autordr\":1},\"Anaconda-Sports\":{\"name\":\"Anaconda Sports\",\"autordr\":1,\"td\":3},\"Ancestry.ca\":{\"name\":\"Ancestry.ca\",\"autordr\":1,\"td\":12.5},\"Andys-Auto-Sport\":{\"name\":\"Andy's Auto Sport\",\"autordr\":1,\"td\":3},\"Angara\":{\"name\":\"Angara\",\"autordr\":1,\"td\":5},\"Angies-List\":{\"name\":\"Angie's List\",\"autordr\":1,\"td\":27.5},\"Animal-Den\":{\"name\":\"Animal Den\",\"autordr\":1,\"td\":6},\"Animal-Jam\":{\"name\":\"Animal Jam\",\"autordr\":1,\"td\":5},\"Animal-Jam-Shop\":{\"name\":\"Animal Jam Shop\",\"autordr\":1,\"td\":5},\"Ann-Taylor\":{\"name\":\"Ann Taylor\",\"autordr\":1,\"td\":2.5,\"ctxt\":\"Friends and Family!\",\"ccode\":\"FRIENDSNOV\"},\"Anns-Bridal-Bargains\":{\"name\":\"Ann's Bridal Bargains\",\"autordr\":1,\"td\":5},\"Annas-Linens\":{\"name\":\"Anna's Linens\",\"autordr\":1,\"td\":3},\"anne-klein\":{\"name\":\"Anne Klein\",\"autordr\":1,\"td\":2.5},\"Annies-Attic\":{\"name\":\"Annie's\",\"autordr\":1,\"td\":5},\"AnnuityFYI\":{\"name\":\"AnnuityFYI\",\"autordr\":1},\"Anolon\":{\"name\":\"Anolon\",\"autordr\":1,\"td\":4},\"Anonymizer\":{\"name\":\"Anonymizer\",\"autordr\":1,\"td\":12.5},\"Anthropologie\":{\"name\":\"Anthropologie\",\"autordr\":1,\"td\":2.5},\"Anypromo.com\":{\"name\":\"Anypromo.com\",\"autordr\":1,\"td\":4},\"Anytime-Costumes\":{\"name\":\"Anytime Costumes\",\"autordr\":1},\"AOL\":{\"name\":\"AOL Lifestore\",\"autordr\":0,\"td\":5},\"AOL-TechGuru\":{\"name\":\"AOL TechGuru\",\"autordr\":0},\"Apothica\":{\"name\":\"Apothica\",\"autordr\":1,\"td\":7.5},\"Apparel-Zoo\":{\"name\":\"Apparel Zoo\",\"autordr\":1,\"td\":4},\"Apple-Store\":{\"name\":\"Apple Store\",\"autordr\":1,\"td\":0.75},\"Apple-Vacations\":{\"name\":\"Apple Vacations\",\"autordr\":1},\"ApplesOfGoldJewelry\":{\"name\":\"Apples Of Gold Jewelry\",\"autordr\":0,\"td\":3},\"Applian-Technologies\":{\"name\":\"Applian Technologies\",\"autordr\":1,\"td\":2},\"AppliancePartsPros.com\":{\"name\":\"AppliancePartsPros.com\",\"autordr\":1,\"td\":3.5},\"AppliancesConnection\":{\"name\":\"Appliances Connection\",\"autordr\":1,\"td\":1.5},\"Apy-60\":{\"name\":\"Apy 60\",\"autordr\":1},\"Aqua-Superstore\":{\"name\":\"Aqua Supercenter\",\"autordr\":1,\"td\":2.5},\"Aquasana\":{\"name\":\"Aquasana\",\"autordr\":1,\"td\":5},\"Archives\":{\"name\":\"Archives\",\"autordr\":1,\"td\":25},\"Arden-B\":{\"name\":\"Arden B.\",\"autordr\":0,\"td\":2.5},\"ArhausJewels\":{\"name\":\"Arhaus Jewels\",\"autordr\":1,\"td\":3},\"Ariama\":{\"name\":\"Ariama\",\"autordr\":1,\"td\":4.5},\"Art.com\":{\"name\":\"Art.com\",\"autordr\":1,\"td\":7.5},\"Artisteer\":{\"name\":\"Artisteer\",\"autordr\":1,\"td\":5},\"ArtisticLabels\":{\"name\":\"Artistic Labels\",\"autordr\":1,\"td\":5},\"ArtistWorks\":{\"name\":\"ArtistWorks\",\"autordr\":1,\"td\":15},\"Ashford.com\":{\"name\":\"Ashford.com\",\"autordr\":1,\"td\":3},\"Ashley-Stewart\":{\"name\":\"Ashley Stewart\",\"autordr\":1,\"td\":6},\"Aspinal-of-London-US\":{\"name\":\"Aspinal of London US\",\"autordr\":1,\"td\":4},\"Astro-Gaming\":{\"name\":\"Astro Gaming\",\"autordr\":1,\"td\":2.5},\"Astrology.com\":{\"name\":\"Astrology.com\",\"autordr\":1,\"td\":10},\"ATT-Wireless\":{\"name\":\"AT&T Wireless\",\"autordr\":0},\"Atlantis-Bahamas\":{\"name\":\"Atlantis Bahamas\",\"autordr\":1,\"td\":2},\"Audible.com\":{\"name\":\"Audible.com\",\"autordr\":1},\"Audiobooks.com\":{\"name\":\"Audiobooks.com\",\"autordr\":1},\"Auto-Parts-EXPRESS\":{\"name\":\"Auto Parts EXPRESS\",\"autordr\":1,\"td\":3},\"Auto-Parts-Train\":{\"name\":\"Auto Parts Train\",\"autordr\":1},\"Auto-Parts-Warehouse\":{\"name\":\"Auto Parts Warehouse\",\"autordr\":1},\"AutoDesk\":{\"name\":\"AutoDesk\",\"autordr\":1},\"Automotix\":{\"name\":\"Automotix\",\"autordr\":1,\"td\":3},\"Autoparts123.com\":{\"name\":\"Autoparts123.com\",\"autordr\":1,\"td\":4.5},\"AutoPartsGIANT.com\":{\"name\":\"AutoPartsGIANT.com\",\"autordr\":1,\"td\":5},\"AutopiaCarCare\":{\"name\":\"Autopia Car Care\",\"autordr\":1,\"td\":3.5},\"AutoTrader.com\":{\"name\":\"Autotrader.com\",\"autordr\":1,\"td\":5},\"AutoTraderClassics.com\":{\"name\":\"AutoTraderClassics.com\",\"autordr\":1,\"td\":5},\"Avenue\":{\"name\":\"Avenue\",\"autordr\":1,\"td\":2.5},\"Avianca\":{\"name\":\"Avianca\",\"autordr\":1},\"Avira\":{\"name\":\"Avira\",\"autordr\":1,\"td\":12.5},\"Avis\":{\"name\":\"Avis Rent A Car\",\"autordr\":1,\"td\":1.5},\"Avon\":{\"name\":\"Avon\",\"autordr\":1,\"td\":3},\"Avon-Canada\":{\"name\":\"Avon Canada\",\"autordr\":1,\"td\":4},\"AxlsCloset\":{\"name\":\"Axl's Closet\",\"autordr\":1,\"td\":5},\"Babakul\":{\"name\":\"Babakul\",\"autordr\":1,\"td\":3},\"BabiesOnline.com\":{\"name\":\"BabiesOnline.com\",\"autordr\":1},\"Baboosh\":{\"name\":\"Baboosh\",\"autordr\":0,\"td\":5},\"Baby-First-TV\":{\"name\":\"Baby First TV\",\"autordr\":1,\"td\":10},\"Baby-Signs\":{\"name\":\"Baby Signs\",\"autordr\":1,\"td\":7.5},\"Babybasket.com\":{\"name\":\"Babybasket.com\",\"autordr\":1,\"td\":3.5},\"BabyEarth\":{\"name\":\"BabyEarth\",\"autordr\":1,\"td\":4},\"BabyShowerGamesAtoZ.com\":{\"name\":\"BabyShowerGamesAtoZ.com\",\"autordr\":1,\"td\":15},\"Backup-Genie\":{\"name\":\"Backup Genie\",\"autordr\":1},\"Avelle\":{\"name\":\"New Bag Borrow or Steal\",\"autordr\":0},\"BagsBuy.com\":{\"name\":\"BagsBuy.com\",\"autordr\":1,\"td\":8.5},\"Bake-Me-a-Wish\":{\"name\":\"Bake Me A Wish!\",\"autordr\":1,\"td\":4},\"Bambeco\":{\"name\":\"bambeco\",\"autordr\":1,\"td\":4},\"Barco-Products\":{\"name\":\"Barco Products\",\"autordr\":1,\"td\":6.25},\"Bare-Necessities\":{\"name\":\"Bare Necessities\",\"autordr\":1,\"td\":2.5},\"Barewalls\":{\"name\":\"Barewalls\",\"autordr\":1,\"td\":6.25},\"Bargain-Catalog-Outlet\":{\"name\":\"Bargain Catalog Outlet\",\"autordr\":0,\"td\":2.5},\"BargainStation.com\":{\"name\":\"BargainStation.com\",\"autordr\":1},\"Barkbox\":{\"name\":\"Barkbox\",\"autordr\":1},\"Barneys-New-York\":{\"name\":\"Barneys New York\",\"autordr\":0,\"td\":2.5},\"Barrons-Online-Magazine\":{\"name\":\"Barron's Online Magazine\",\"autordr\":1,\"td\":17.5},\"Baseball-Express\":{\"name\":\"Baseball Express\",\"autordr\":0,\"td\":2},\"Bass-Pro-Shops\":{\"name\":\"Bass Pro Shops\",\"autordr\":1,\"td\":2.5},\"Bates\":{\"name\":\"Bates\",\"autordr\":0,\"td\":5},\"Battery-Technology-Inc\":{\"name\":\"Battery Technology, Inc.\",\"autordr\":1,\"td\":10},\"BaubleBar\":{\"name\":\"BaubleBar\",\"autordr\":1,\"td\":3},\"The-Bay\":{\"name\":\"The Bay\",\"autordr\":1,\"td\":2.5},\"Baymont-Inn-and-Suites\":{\"name\":\"Baymont Inn & Suites\",\"autordr\":1,\"td\":1.5},\"BCBG.com\":{\"name\":\"BCBG.com\",\"autordr\":1,\"td\":2.5},\"BeBeautiful\":{\"name\":\"Be Beautiful\",\"autordr\":0,\"td\":5},\"Beach-Body\":{\"name\":\"Beach Body\",\"autordr\":1,\"td\":5},\"Beacon-Hotel\":{\"name\":\"Beacon Hotel\",\"autordr\":0,\"td\":5},\"Beadroom.com\":{\"name\":\"Beadroom.com\",\"autordr\":1,\"td\":5},\"Bearshare\":{\"name\":\"Bearshare\",\"autordr\":1},\"Beau-Ties-Ltd-of-Vermont\":{\"name\":\"Beau Ties Ltd. of Vermont\",\"autordr\":0,\"td\":3},\"Beaucoup-Favors\":{\"name\":\"Beau-coup Favors\",\"autordr\":1,\"td\":5},\"Beautorium\":{\"name\":\"Beautorium\",\"autordr\":1,\"td\":5},\"Beauty-Bridge\":{\"name\":\"Beauty Bridge\",\"autordr\":1,\"td\":7.5},\"Beauty-of-a-Site\":{\"name\":\"Beauty of a Site\",\"autordr\":1,\"td\":4},\"BeautyCollection.com\":{\"name\":\"BeautyCollection.com\",\"autordr\":1,\"td\":5},\"Beautyhabit\":{\"name\":\"Beautyhabit\",\"autordr\":1,\"td\":5},\"BeautySage\":{\"name\":\"BeautySage\",\"autordr\":1,\"td\":3.5},\"BeautyTrends\":{\"name\":\"BeautyTrends\",\"autordr\":1,\"td\":3.5},\"Bebe\":{\"name\":\"bebe\",\"autordr\":1,\"td\":2.5},\"Becker-Surf-and-Sport\":{\"name\":\"Becker Surf and Sport\",\"autordr\":1,\"td\":4.5},\"Bed-Bath-and-Beyond\":{\"name\":\"Bed Bath & Beyond\",\"a

user_pref("keyword.URL", "https://isearch.avg.com/search?cid=%7B9cb1ba8f-e57d-46b8-9a51-759a3b962154%7D&mid=e7b5bae0070b47d0a890b91405fff85c-198e8c780b736989ed6d572bb6e684ae4c8f3c03&ds=AVG&v=12.2.5.34〈=en&pr=fr&d=2012-10-07%2021%3A37%3A33&sap=ku&q=");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 11/07/2012 at 5:07:03.69

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-11-07 08:41:38

-----------------------------

08:41:38.688 OS Version: Windows x64 6.1.7601 Service Pack 1

08:41:38.688 Number of processors: 8 586 0x3A09

08:41:38.688 ComputerName: SPARKLERAINBOW UserName: rainbow shine

08:41:39.936 Initialize success

08:44:19.874 AVAST engine defs: 12110700

08:44:45.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

08:44:45.302 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3

08:44:45.317 Disk 0 MBR read successfully

08:44:45.317 Disk 0 MBR scan

08:44:45.317 Disk 0 Windows VISTA default MBR code

08:44:45.333 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63

08:44:45.364 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14142 MB offset 81920

08:44:45.380 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939686 MB offset 29044736

08:44:45.426 Disk 0 scanning C:\Windows\system32\drivers

08:44:55.098 Service scanning

08:45:26.689 Modules scanning

08:45:26.689 Disk 0 trace - called modules:

08:45:26.720 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

08:45:27.219 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009f96790]

08:45:27.219 3 CLASSPNP.SYS[fffff880015cc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80078d5050]

08:45:28.623 AVAST engine scan C:\Windows

08:45:32.227 AVAST engine scan C:\Windows\system32

08:47:23.049 AVAST engine scan C:\Windows\system32\drivers

08:47:30.943 AVAST engine scan C:\Users\rainbow shine

08:56:19.972 AVAST engine scan C:\ProgramData

08:56:53.512 Scan finished successfully

09:27:04.941 Disk 0 MBR has been saved successfully to "C:\Users\rainbow shine\Desktop\MBR.dat"

09:27:04.941 The log file has been saved successfully to "C:\Users\rainbow shine\Desktop\aswMBR.txt"

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.07.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

rainbow shine :: SPARKLERAINBOW [administrator]

11/7/2012 8:34:11 AM

mbam-log-2012-11-07 (08-34-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202176

Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\rainbow shine\Downloads\playalotgames_d146490.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)

The browser is looking better already!!

Thanks Maniac!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.