Jump to content


Photo
- - - - -

infected with cozi.exe, MBAM/avg unable to remove


  • This topic is locked This topic is locked
15 replies to this topic

#1 saque

saque

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 November 2012 - 01:26 AM

Hi, I've been trying to get rid of this nasty program cozi.exe and it doesn't seem to want to go away. Any help is appreciated!! Hope the following are the right logs:


DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by rainbow shine at 20:19:22 on 2012-11-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8059.5729 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Users\rainbow shine\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\taskmgr.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\rainbow shine\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0D7D30DE-FCC5-45FC-936D-7D0D5783C0F0} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A802D9B1-A27C-4039-B75E-2F084979DAC6} : DHCPNameServer = 13.36.0.103
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20121042,16900,0,54,0
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B9cb1ba8f-e57d-46b8-9a51-759a3b962154%7D&mid=e7b5bae0070b47d0a890b91405fff85c-198e8c780b736989ed6d572bb6e684ae4c8f3c03&ds=AVG&v=12.2.5.34&lang=en&pr=fr&d=2012-10-07%2021%3A37%3A33&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-10-07 21:34; firefox@ghostery.com; C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-10-07 21:37; avg@toolbar; C:\ProgramData\AVG Secure Search\12.2.5.34
FF - ExtSQL: 2012-10-18 17:14; ConsumerInput@Compete; C:\Program Files (x86)\Consumer Input\Firefox\src
FF - ExtSQL: 2012-10-18 17:14; addon@defaulttab.com; C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2012-10-18 17:14; wecarereminder@bryan; C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions\wecarereminder@bryan
FF - ExtSQL: 2012-10-22 21:06; {1266764D-FC4F-4FA7-B63B-884D53B1680F}; C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-23 16152]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-7 31080]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-21 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-21 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\rainbow shine\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-10-18 107520]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-23 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-5-23 1695040]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-23 363800]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-10-7 722528]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-21 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-5-23 176096]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-23 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-23 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-23 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-23 685160]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-5-23 313448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-30 15:11:53 -------- d-----w- C:\Users\rainbow shine\AppData\Local\Diagnostics
2012-10-24 01:13:37 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-10-24 01:13:37 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-10-24 00:52:13 -------- d-----w- C:\Users\rainbow shine\AppData\Roaming\Malwarebytes
2012-10-24 00:52:06 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-24 00:52:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-23 03:11:59 -------- d-----w- C:\Users\rainbow shine\AppData\Local\Opera
2012-10-23 03:11:50 -------- d-----w- C:\Program Files\Opera x64
2012-10-18 23:14:31 -------- d-----w- C:\Program Files (x86)\Playalot Games
2012-10-18 23:14:28 -------- d-----w- C:\Program Files (x86)\Consumer Input
2012-10-18 23:14:24 -------- d-----w- C:\Users\rainbow shine\AppData\Roaming\DefaultTab
2012-10-18 23:14:19 -------- d-----w- C:\ProgramData\WeCareReminder
2012-10-18 23:06:57 -------- d-----w- C:\Users\rainbow shine\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
2012-10-18 23:06:54 -------- d-----w- C:\Program Files (x86)\Zoodles
2012-10-12 14:44:12 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC4BE93C-0F1F-4403-8056-8F9AFEC9FA51}\mpengine.dll
2012-10-08 17:20:12 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-10-08 03:38:34 -------- d-----w- C:\Users\rainbow shine\AppData\Roaming\AVG2013
2012-10-08 03:37:47 -------- d-----w- C:\Users\rainbow shine\AppData\Roaming\TuneUp Software
2012-10-08 03:37:46 -------- d-----w- C:\Users\rainbow shine\AppData\Local\AVG Secure Search
2012-10-08 03:37:39 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-10-08 03:37:33 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-08 03:37:31 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-10-08 03:37:31 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-10-08 03:36:56 -------- d--h--w- C:\$AVG
2012-10-08 03:36:56 -------- d-----w- C:\ProgramData\AVG2013
2012-10-08 03:36:27 -------- d-----w- C:\Program Files (x86)\AVG
2012-10-08 03:31:48 -------- d--h--w- C:\ProgramData\Common Files
2012-10-08 03:31:48 -------- d-----w- C:\Users\rainbow shine\AppData\Local\MFAData
2012-10-08 03:31:48 -------- d-----w- C:\Users\rainbow shine\AppData\Local\Avg2013
2012-10-08 03:31:48 -------- d-----w- C:\ProgramData\MFAData
.
==================== Find3M ====================
.
2012-10-09 21:36:29 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 21:36:29 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-05 09:26:22 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-02 09:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-21 09:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 09:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-21 09:45:50 61792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 09:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-13 09:11:18 151904 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust(82).dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust(90).dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase(89).dll
2012-08-20 17:37:18 1114112 ----a-w- C:\Windows\SysWow64\kernel32(88).dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos(72).dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 20:19:46.35 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-05.02)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/24/2012 7:56:15 PM
System Uptime: 11/6/2012 7:56:32 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 023HTX
Processor: Intel® Core™ i7-3612QM CPU @ 2.10GHz | CPU Socket - U3E1 | 1197/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 852.719 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP40: 10/18/2012 5:41:45 PM - Removed Adobe Reader X (10.1.4) MUI.
RP41: 10/18/2012 5:42:15 PM - Removed Adobe Reader X (10.1.4) MUI.
RP42: 10/20/2012 11:30:50 PM - Removed Skype™ 5.10
RP43: 10/20/2012 11:31:13 PM - Removed Skype™ 5.10
RP44: 10/21/2012 10:00:51 PM - Removed Zoodles
RP45: 10/22/2012 9:08:51 PM - Removed Cozi
RP46: 11/1/2012 10:07:16 PM - Removed Skype Click to Call
RP47: 11/1/2012 10:08:47 PM - Removed Playalot Games
RP48: 11/6/2012 9:58:09 PM - Restore Operation
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.19.1
AVG 2013
Banctec Service Agreement
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Blio
Bonjour
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Consumer Input Firefox Extension (remove only)
Cozi
D3DX10
DefaultTab
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Stage Remote
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay
Escape Whisper Valley ™
EXP Viewer 6.0
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
High-Definition Video Playback
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® WiDi
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Luxor
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Namco All-Stars PAC-MAN
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Penguins!
Plants vs. Zombies - Game of the Year
Playalot Games
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Premium Service Agreement
QualxServ Service Agreement
Quickset64
Samantha Swift
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
SyncUP
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.3
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zoodles
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/6/2012 9:04:53 PM, Error: Service Control Manager [7023] - The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error: %%-2147196306
11/6/2012 8:31:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user sparklerainbow\rainbow shine SID (S-1-5-21-2446809276-4078469189-198621184-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/6/2012 8:31:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user sparklerainbow\rainbow shine SID (S-1-5-21-2446809276-4078469189-198621184-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/6/2012 7:57:36 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
11/6/2012 7:55:12 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
10/30/2012 8:25:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xdeaddead (0x000000000f00004b, 0x000000000023002c, 0x0000000012a60000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 103012-30420-01.
.
==== End Of File ===========================

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 November 2012 - 07:26 AM

Hello saque and :welcome:!

This is not malware, but legitimate application. If you want to get rid of it. Just uninstall Cozi and should be gone.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 saque

saque

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 November 2012 - 09:07 AM

Hello saque and :welcome:!

This is not malware, but legitimate application. If you want to get rid of it. Just uninstall Cozi and should be gone.


Hi Maniac,

Uninstaller doesn't remove it, acts like it works, but cozi (or at least that's the program I think it is) has modified my IE and firefox search bars, and it stll shows up on both of them. Also, AVG keeps telling me it has 'protected from multiple threats,' even when Im not even browsing. Uninstaller cannot remove firefox, system restore keeps crashing when I try it too.

Is there another malware listed on my data that I have?

Thank you.

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 November 2012 - 09:21 AM

No and that's strange.

Step 1

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


In your next reply, post the following log files:

  • JunkWare Removal Tool log
  • Malwarebytes' Anti-Malware log
  • aswMBR log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 saque

saque

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 November 2012 - 02:30 PM

<p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.8.4 (11.07.2012)
OS: Windows 7 Home Premium x64
Ran by rainbow shine on Wed 11/07/2012 at 5:03:52.29
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



%

#6 saque

saque

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 November 2012 - 02:53 PM

somehow the last post messed up:
<p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.8.4 (11.07.2012)
OS: Windows 7 Home Premium x64
Ran by rainbow shine on Wed 11/07/2012 at 5:03:52.29
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox detected and repaired

Successfully deleted: [File] C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\searchplugins\search-here.xml
Successfully deleted: [addon@defaulttab.com.xpi] from C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions
user_pref("browser.startup.homepage", "http://us.yhs4.searc...2,16900,0,54,0");
user_pref("extensions.defaulttab.active.affiliate", 2642);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20121042,18175,0,0,0");
user_pref("extensions.defaulttab.browserID", "8CEFE2C5547301934C33B150865117D8");
user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search Here\", \"window_content\": \"<html>\\r\\n<head>\\r\\n<style type=\\\"text/css\\\">\\r\\nhtml,\\r\\n\\r\\n.content {\\r\\n position: absolute;\\r\\n top: 0;\\r\\n right: 0;\\r\\n}\\r\\n.content1 {\\r\\n\\tpadding-left: 0px;\\r\\n\\tpadding-top: 0px;\\r\\n\\tpadding-right: 0px;\\r\\n\\tpadding-bottom: 0px;\\r\\n}\\r\\n\\r\\n</style>\\r\\n</head>\\r\\n<body>\\r\\n <div class=\\\"content\\\">\\r\\n <img src=\\\"http://assets.defaul....png\\\">\\r\\n </div>\\r\\n \\r\\n</body>\\r\\n</html>\", \"version\": 1, \"search_box_default\": \"Search Here|Search Here\", \"third_party_reporting_partner\": null, \"change_home_page\": true, \"set_default_search_on_update\": true, \"change_default_search\": true, \"icon_image_file\": \"http://assets.mysear...lue-16x16.ico\", \"change_dns_error_handling_on_update\": false, \"use_dns_error_handling\": true, \"set_search_box\": true, \"set_home_page_to\": \"http://www.mysearchr.../?c=0000&t=01\", \"enable_third_party_content\": true, \"country\": \"US\", \"search_engines\": [{\"search_engine\": \"Search Here|Search Here\", \"search_query_string\": \"&c=0000&t=01&q={searchTerms}\", \"toolbar_search_engine_config_id\": 583, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"<!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.1//EN\\\" \\\"http://www.w3.org/TR...\\">\\r\\n<html xmlns=\\\"http://www.w3.org/19...>\\r\\n\\t<meta http-equiv=\\\"Content-Type\\\" content=\\\"application/xhtml+xml; charset=utf-8\\\" />\\r\\n\\t<title>Internet Search</title>\\r\\n <link rel=\\\"shortcut icon\\\" type=\\\"image/ico\\\" href=\\\"http://assets.defaul....ico\\\">\\r\\n <style type=\\\"text/css\\\">\\r\\n * { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }\\r\\n\\t\\thtml, body{\\r\\n\\t\\t\\theight:100%;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.none{display:none;}\\r\\n\\t\\t.top-bar{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\ttop:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:30px;\\r\\n\\t\\t\\tbackground:#0342B7;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tpadding:0 3px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tpadding:6px 7px;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a{\\r\\n\\t\\t\\tcolor:#7DA7F4;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a:hover,\\r\\n\\t\\t.top-bar ul li a.active{color:#fff;}\\r\\n\\t\\t.top-bar .lang{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\tpadding:6px 10px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#9cf;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar span{float:right;}\\r\\n\\t\\t.top-bar .choose{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\twidth:16px;\\r\\n\\t\\t\\theight:16px;\\t\\r\\n\\t\\t\\tmargin:1px 0 1px 8px;\\r\\n\\t\\t\\tbackground:#1885f2;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar .choose em{\\r\\n\\t\\t\\tdisplay:block;\\r\\n\\t\\t\\twidth:0;\\r\\n\\t\\t\\theight:0;\\r\\n\\t\\t\\tmargin:6px auto 0;\\r\\n\\t\\t\\toverflow:hidden;\\r\\n\\t\\t\\tborder-top: 5px solid #fff;\\r\\n \\t\\tborder-left: 5px solid transparent;\\r\\n \\t\\tborder-right: 5px solid transparent;\\r\\n\\t\\t}\\r\\n\\t\\t.container{\\r\\n\\t\\t\\tdisplay:table;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:100%;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper{\\r\\n\\t\\t\\tdisplay:table-cell;\\t\\r\\n\\t\\t\\tpadding-top: 250px;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .logo,\\r\\n\\t\\t.wrapper img,\\r\\n\\t\\t.wrapper dl,\\r\\n\\t\\t.wrapper dt,\\r\\n\\t\\t.wrapper dd{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tpadding:0;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .search{\\r\\n\\t\\t\\tmargin:0 auto;\\t\\r\\n\\t\\t\\twidth:710px;\\r\\n }\\r\\n .wrapper .logo {\\r\\n padding-top: 4px;\\r\\n }\\r\\n\\t\\t*+ html .wrapper .search{margin-top:expression(this.parentNode.offsetHeight > this.offsetHeight ? ((this.parentNode.offsetHeight-this.offsetHeight)/2 + \\\"px\\\") : \\\"0\\\");}\\r\\n\\t\\t.search dl{\\r\\n\\t\\t\\tmargin:9px 0 9px 15px;\\t\\r\\n\\t\\t}\\r\\n .search dt input{\\r\\n \\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tpadding:2px 7px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:15px/27px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tbox-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-moz-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\twidth:500px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.search dd button{\\r\\n\\t\\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tbackground:#e5e3e3;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t\\tpadding:0px 40px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tmargin-left:-1px;\\r\\n\\t\\t}\\r\\n\\t\\t*+ html .wrapper .search dd button{\\r\\n\\t\\t\\tpadding-left:20px;\\r\\n\\t\\t\\tpadding-right:20px;\\r\\n\\t\\t\\tmargin-top:1px;\\r\\n\\t\\t}\\r\\n\\t\\t.search dt input:focus,\\r\\n\\t\\t.search dd button:focus{position:relative;}\\r\\n\\t\\t.search dd button::-moz-focus-inner{border:0;}\\r\\n\\t\\t.footer{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\tbottom:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\t\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul{\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tmargin:0 auto;\\r\\n\\t\\t\\tpadding:15px 0;\\r\\n\\t\\t\\tfont:11px Arial, Helvetica, sans-serif;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li{\\r\\n\\t\\t\\tdisplay:inline;\\r\\n\\t\\t\\tpadding:0 10px;\\r\\n\\t\\t\\tborder-left:1px solid #c2bfbf;\\r\\n\\t\\t\\tcolor:#555;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li:first-child{border:0;}\\r\\n\\t\\t*+ html #navigation li{border-left: expression( (this===this.parentNode.childNodes[0]) ? \\\"none\\\" : \\\"auto\\\");}\\r\\n\\t\\t.footer ul li a{\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li em a{color:#aca8a8;}\\r\\n\\t\\t.footer ul li a:hover{text-decoration:underline;}\\r\\n\\t</style>\\r\\n</head>\\r\\n<body>\\r\\n<div class=\\\"top-bar\\\">\\r\\n\\t<ul>\\r\\n \\t<li><a class=\\\"active\\\" href=\\\"#\\\">Web</a></li>\\r\\n\\r\\n <li><a href=\\\"http://www.google.co...</a></li>\\r\\n <li><a href=\\\"http://news.google.c...</a></li>\\r\\n <!-- <li><a href=\\\"#\\\">Games</a></li> -->\\r\\n <li><a href=\\\"http://www.youtube.c...</a></li>\\r\\n <li><a href=\\\"http://www.facebook....</a></li>\\r\\n <li><a href=\\\"http://www.twitter.c...li>\\r\\n\\r\\n </ul>\\r\\n <!--\\r\\n <div class=\\\"lang\\\">\\r\\n \\t<a class=\\\"choose\\\" href=\\\"#\\\"><em>&nbsp;</em></a>\\r\\n <span>English</span>\\r\\n </div>\\r\\n -->\\r\\n</div>\\r\\n<div class=\\\"container\\\">\\r\\n\\t<div class=\\\"wrapper\\\">\\r\\n\\t\\t<form class=\\\"search\\\" method=\\\"get\\\" action=\\\"http://www.mysearchr...arch\\\">\\r\\n <div class=\\\"none\\\">\\r\\n <input type=\\\"hidden\\\" name=\\\"ei\\\" value=\\\"utf-8\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"c\\\" value=\\\"0000\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"t\\\" value=\\\"01\\\" />\\r\\n\\r\\n </div><!--/.none-->\\r\\n\\t\\t\\t<div class=\\\"logo\\\">\\r\\n\\t\\t\\t\\t<img src=\\\"http://assets.defaul...sr_logo.png\\\" />\\r\\n\\t\\t\\t</div><!--/.logo-->\\r\\n <dl>\\r\\n\\t <dt>\\r\\n \\t\\t <input type=\\\"text\\\" name=\\\"q\\\" />\\r\\n \\t</dt>\\r\\n \\t<dd>\\r\\n\\r\\n\\t\\t <button type=\\\"submit\\\" class=\\\"y_go\\\">Search</button>\\r\\n \\t </dd>\\r\\n </dl>\\r\\n\\t\\t</form><!--/.search-->\\r\\n\\t</div><!--/.wrapper-->\\r\\n\\t<div class=\\\"footer\\\">\\r\\n <ul>\\r\\n <li>&copy; 2012 Search Results, LLC</li>\\r\\n\\r\\n <li>\\r\\n \\t <a href=\\\"http://corp.mysearch...cy/\\\">Privacy & Terms</a>\\r\\n </li>\\r\\n <!-- <li id=\\\"disablenewtab\\\" style=\\\"display: none\\\">Disable New Tab Search</li> -->\\r\\n </ul>\\r\\n\\t</div><!--/.footer-->\\r\\n</div><!--/.container-->\\r\\n</body>\\r\\n</html>\", \"base_url\": \"http://www.mysearchr...ts.com/search\", \"search_engine_id\": 99}, {\"search_engine\": \"Facebook\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 585, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.facebook....{searchTerms}\", \"search_engine_id\": 88}, {\"search_engine\": \"YouTube\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 586, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.youtube.c...{searchTerms}\", \"search_engine_id\": 90}, {\"search_engine\": \"Amazon\", \"search_query_string\": \"&tag=inline3-20&linkCode=ur2&camp=1789&field-keywords={searchTerms}\", \"toolbar_search_engine_config_id\": 587, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.amazon.co...encoding=UTF8\", \"search_engine_id\": 85}, {\"search_engine\": \"Wikipedia\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1077, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://en.wikipedia....{searchTerms}\", \"search_engine_id\": 86}, {\"search_engine\": \"Twitter\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1078, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"https://twitter.com/#!/search?q={searchTerms}\", \"search_engine_id\": 87}, {\"search_engine\": \"eBay\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1079, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.ebay.com/...{searchTerms}\", \"search_engine_id\": 92}], \"set_home_page_on_update\": true, \"channel\": null, \"revision\": 1}}");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4.2");
user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"td\":1.5},\"1-Stop-Florists\":{\"name\":\"1 Stop Florists\",\"autordr\":1,\"td\":6},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\"autordr\":1},\"1and1internet-Canada\":{\"name\":\"1&1 Internet Inc. Canada\",\"autordr\":1},\"1-800-Bakery.com\":{\"name\":\"1-800-Bakery.com\",\"autordr\":1,\"td\":5},\"1-800-Baskets.com\":{\"name\":\"1-800-Baskets.com\",\"autordr\":1,\"td\":5},\"1-800-FLORALS\":{\"name\":\"1-800-FLORALS\",\"autordr\":1,\"td\":10},\"1-800Flowers.com\":{\"name\":\"1-800-Flowers.com\",\"autordr\":1,\"td\":10,\"ctxt\":\"5% off!\",\"ccode\":\"WECAREFIVE\"},\"1-800-Get-Lens\":{\"name\":\"1-800-Get-Lens\",\"autordr\":1,\"td\":4},\"1-800-GOT-JUNK\":{\"name\":\"1-800-GOT-JUNK?\",\"autordr\":1,\"td\":1.5},%5

#7 saque

saque

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 November 2012 - 02:58 PM

<p>user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4.2");
user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"td\":1.5},\"1-Stop-Florists\":{\"name\":\"1 Stop Florists\",\"autordr\":1,\"td\":6},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\"autordr\":1},\"1and1internet-Canada\":{\"name\":\"1&1 Internet Inc. Canada\",\"autordr\":1},\"1-800-Bakery.com\":{\"name\":\"1-800-Bakery.com\",\"autordr\":1,\"td\":5},\"1-800-Baskets.com\":{\"name\":\"1-800-Baskets.com\",\"autordr\":1,\"td\":5},\"1-800-FLORALS\":{\"name\":\"1-800-FLORALS\",\"autordr\":1,\"td\":10},\"1-800Flowers.com\":{\"name\":\"1-800-Flowers.com\",\"autordr\":1,\"td\":10,\"ctxt\":\"5% off!\",\"ccode\":\"WECAREFIVE\"},\"1-800-Get-Lens\":{\"name\":\"1-800-Get-Lens\",\"autordr\":1,\"td\":4},\"1-800-GOT-JUNK\":{\"name\":\"1-800-GOT-JUNK?\",\"autordr\":1,\"td\":1.5},\"100-Day-Loans\":{\"name\":\"100 Day Loans\",\"autordr\":1},\"101-Phones\":{\"name\":\"101Phones.com\",\"autordr\":1,\"td\":3},\"123inkjets.com\":{\"name\":\"123Inkjets.com\",\"autordr\":1,\"td\":14},\"123Print\":{\"name\":\"123Print\",\"autordr\":1,\"td\":5},\"1800CarDonations.org\":{\"name\":\"1800CarDonations.org\",\"autordr\":1},\"1800Treadmill\":{\"name\":\"1800Treadmill\",\"autordr\":1,\"td\":4.5},\"1928-Jewelry\":{\"name\":\"1928 Jewelry\",\"autordr\":1,\"td\":7.5},\"1928-Jewelry-Bridal\":{\"name\":%2

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 November 2012 - 04:14 PM

There was a problem with the log file. Could you please try to post it again (JRT.txt on your Desktop).
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 saque

saque

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 November 2012 - 04:19 PM

Yes, I'm sorry, it seems the forum kept glitching and would not post all of my text. I will try it again now:
<p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.8.4 (11.07.2012)
OS: Windows 7 Home Premium x64
Ran by rainbow shine on Wed 11/07/2012 at 5:03:52.29
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox detected and repaired

Successfully deleted: [File] C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\searchplugins\search-here.xml
Successfully deleted: [addon@defaulttab.com.xpi] from C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions
user_pref("browser.startup.homepage", "http://us.yhs4.searc...2,16900,0,54,0");
user_pref("extensions.defaulttab.active.affiliate", 2642);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20121042,18175,0,0,0");
user_pref("extensions.defaulttab.browserID", "8CEFE2C5547301934C33B150865117D8");
user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search Here\", \"window_content\": \"<html>\\r\\n<head>\\r\\n<style type=\\\"text/css\\\">\\r\\nhtml,\\r\\n\\r\\n.content {\\r\\n position: absolute;\\r\\n top: 0;\\r\\n right: 0;\\r\\n}\\r\\n.content1 {\\r\\n\\tpadding-left: 0px;\\r\\n\\tpadding-top: 0px;\\r\\n\\tpadding-right: 0px;\\r\\n\\tpadding-bottom: 0px;\\r\\n}\\r\\n\\r\\n</style>\\r\\n</head>\\r\\n<body>\\r\\n <div class=\\\"content\\\">\\r\\n <img src=\\\"http://assets.defaul....png\\\">\\r\\n </div>\\r\\n \\r\\n</body>\\r\\n</html>\", \"version\": 1, \"search_box_default\": \"Search Here|Search Here\", \"third_party_reporting_partner\": null, \"change_home_page\": true, \"set_default_search_on_update\": true, \"change_default_search\": true, \"icon_image_file\": \"http://assets.mysear...lue-16x16.ico\", \"change_dns_error_handling_on_update\": false, \"use_dns_error_handling\": true, \"set_search_box\": true, \"set_home_page_to\": \"http://www.mysearchr.../?c=0000&t=01\", \"enable_third_party_content\": true, \"country\": \"US\", \"search_engines\": [{\"search_engine\": \"Search Here|Search Here\", \"search_query_string\": \"&c=0000&t=01&q={searchTerms}\", \"toolbar_search_engine_config_id\": 583, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"<!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.1//EN\\\" \\\"http://www.w3.org/TR...\\">\\r\\n<html xmlns=\\\"http://www.w3.org/19...>\\r\\n\\t<meta http-equiv=\\\"Content-Type\\\" content=\\\"application/xhtml+xml; charset=utf-8\\\" />\\r\\n\\t<title>Internet Search</title>\\r\\n <link rel=\\\"shortcut icon\\\" type=\\\"image/ico\\\" href=\\\"http://assets.defaul....ico\\\">\\r\\n <style type=\\\"text/css\\\">\\r\\n * { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }\\r\\n\\t\\thtml, body{\\r\\n\\t\\t\\theight:100%;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.none{display:none;}\\r\\n\\t\\t.top-bar{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\ttop:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:30px;\\r\\n\\t\\t\\tbackground:#0342B7;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tpadding:0 3px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tpadding:6px 7px;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a{\\r\\n\\t\\t\\tcolor:#7DA7F4;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a:hover,\\r\\n\\t\\t.top-bar ul li a.active{color:#fff;}\\r\\n\\t\\t.top-bar .lang{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\tpadding:6px 10px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#9cf;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar span{float:right;}\\r\\n\\t\\t.top-bar .choose{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\twidth:16px;\\r\\n\\t\\t\\theight:16px;\\t\\r\\n\\t\\t\\tmargin:1px 0 1px 8px;\\r\\n\\t\\t\\tbackground:#1885f2;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar .choose em{\\r\\n\\t\\t\\tdisplay:block;\\r\\n\\t\\t\\twidth:0;\\r\\n\\t\\t\\theight:0;\\r\\n\\t\\t\\tmargin:6px auto 0;\\r\\n\\t\\t\\toverflow:hidden;\\r\\n\\t\\t\\tborder-top: 5px solid #fff;\\r\\n \\t\\tborder-left: 5px solid transparent;\\r\\n \\t\\tborder-right: 5px solid transparent;\\r\\n\\t\\t}\\r\\n\\t\\t.container{\\r\\n\\t\\t\\tdisplay:table;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:100%;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper{\\r\\n\\t\\t\\tdisplay:table-cell;\\t\\r\\n\\t\\t\\tpadding-top: 250px;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .logo,\\r\\n\\t\\t.wrapper img,\\r\\n\\t\\t.wrapper dl,\\r\\n\\t\\t.wrapper dt,\\r\\n\\t\\t.wrapper dd{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tpadding:0;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .search{\\r\\n\\t\\t\\tmargin:0 auto;\\t\\r\\n\\t\\t\\twidth:710px;\\r\\n }\\r\\n .wrapper .logo {\\r\\n padding-top: 4px;\\r\\n }\\r\\n\\t\\t*+ html .wrapper .search{margin-top:expression(this.parentNode.offsetHeight > this.offsetHeight ? ((this.parentNode.offsetHeight-this.offsetHeight)/2 + \\\"px\\\") : \\\"0\\\");}\\r\\n\\t\\t.search dl{\\r\\n\\t\\t\\tmargin:9px 0 9px 15px;\\t\\r\\n\\t\\t}\\r\\n .search dt input{\\r\\n \\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tpadding:2px 7px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:15px/27px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tbox-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-moz-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\twidth:500px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.search dd button{\\r\\n\\t\\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tbackground:#e5e3e3;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t\\tpadding:0px 40px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tmargin-left:-1px;\\r\\n\\t\\t}\\r\\n\\t\\t*+ html .wrapper .search dd button{\\r\\n\\t\\t\\tpadding-left:20px;\\r\\n\\t\\t\\tpadding-right:20px;\\r\\n\\t\\t\\tmargin-top:1px;\\r\\n\\t\\t}\\r\\n\\t\\t.search dt input:focus,\\r\\n\\t\\t.search dd button:focus{position:relative;}\\r\\n\\t\\t.search dd button::-moz-focus-inner{border:0;}\\r\\n\\t\\t.footer{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\tbottom:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\t\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul{\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tmargin:0 auto;\\r\\n\\t\\t\\tpadding:15px 0;\\r\\n\\t\\t\\tfont:11px Arial, Helvetica, sans-serif;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li{\\r\\n\\t\\t\\tdisplay:inline;\\r\\n\\t\\t\\tpadding:0 10px;\\r\\n\\t\\t\\tborder-left:1px solid #c2bfbf;\\r\\n\\t\\t\\tcolor:#555;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li:first-child{border:0;}\\r\\n\\t\\t*+ html #navigation li{border-left: expression( (this===this.parentNode.childNodes[0]) ? \\\"none\\\" : \\\"auto\\\");}\\r\\n\\t\\t.footer ul li a{\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li em a{color:#aca8a8;}\\r\\n\\t\\t.footer ul li a:hover{text-decoration:underline;}\\r\\n\\t</style>\\r\\n</head>\\r\\n<body>\\r\\n<div class=\\\"top-bar\\\">\\r\\n\\t<ul>\\r\\n \\t<li><a class=\\\"active\\\" href=\\\"#\\\">Web</a></li>\\r\\n\\r\\n <li><a href=\\\"http://www.google.co...</a></li>\\r\\n <li><a href=\\\"http://news.google.c...</a></li>\\r\\n <!-- <li><a href=\\\"#\\\">Games</a></li> -->\\r\\n <li><a href=\\\"http://www.youtube.c...</a></li>\\r\\n <li><a href=\\\"http://www.facebook....</a></li>\\r\\n <li><a href=\\\"http://www.twitter.c...li>\\r\\n\\r\\n </ul>\\r\\n <!--\\r\\n <div class=\\\"lang\\\">\\r\\n \\t<a class=\\\"choose\\\" href=\\\"#\\\"><em>&nbsp;</em></a>\\r\\n <span>English</span>\\r\\n </div>\\r\\n -->\\r\\n</div>\\r\\n<div class=\\\"container\\\">\\r\\n\\t<div class=\\\"wrapper\\\">\\r\\n\\t\\t<form class=\\\"search\\\" method=\\\"get\\\" action=\\\"http://www.mysearchr...arch\\\">\\r\\n <div class=\\\"none\\\">\\r\\n <input type=\\\"hidden\\\" name=\\\"ei\\\" value=\\\"utf-8\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"c\\\" value=\\\"0000\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"t\\\" value=\\\"01\\\" />\\r\\n\\r\\n </div><!--/.none-->\\r\\n\\t\\t\\t<div class=\\\"logo\\\">\\r\\n\\t\\t\\t\\t<img src=\\\"http://assets.defaul...sr_logo.png\\\" />\\r\\n\\t\\t\\t</div><!--/.logo-->\\r\\n <dl>\\r\\n\\t <dt>\\r\\n \\t\\t <input type=\\\"text\\\" name=\\\"q\\\" />\\r\\n \\t</dt>\\r\\n \\t<dd>\\r\\n\\r\\n\\t\\t <button type=\\\"submit\\\" class=\\\"y_go\\\">Search</button>\\r\\n \\t </dd>\\r\\n </dl>\\r\\n\\t\\t</form><!--/.search-->\\r\\n\\t</div><!--/.wrapper-->\\r\\n\\t<div class=\\\"footer\\\">\\r\\n <ul>\\r\\n <li>&copy; 2012 Search Results, LLC</li>\\r\\n\\r\\n <li>\\r\\n \\t <a href=\\\"http://corp.mysearch...cy/\\\">Privacy & Terms</a>\\r\\n </li>\\r\\n <!-- <li id=\\\"disablenewtab\\\" style=\\\"display: none\\\">Disable New Tab Search</li> -->\\r\\n </ul>\\r\\n\\t</div><!--/.footer-->\\r\\n</div><!--/.container-->\\r\\n</body>\\r\\n</html>\", \"base_url\": \"http://www.mysearchr...ts.com/search\", \"search_engine_id\": 99}, {\"search_engine\": \"Facebook\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 585, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.facebook....{searchTerms}\", \"search_engine_id\": 88}, {\"search_engine\": \"YouTube\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 586, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.youtube.c...{searchTerms}\", \"search_engine_id\": 90}, {\"search_engine\": \"Amazon\", \"search_query_string\": \"&tag=inline3-20&linkCode=ur2&camp=1789&field-keywords={searchTerms}\", \"toolbar_search_engine_config_id\": 587, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.amazon.co...encoding=UTF8\", \"search_engine_id\": 85}, {\"search_engine\": \"Wikipedia\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1077, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://en.wikipedia....{searchTerms}\", \"search_engine_id\": 86}, {\"search_engine\": \"Twitter\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1078, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"https://twitter.com/#!/search?q={searchTerms}\", \"search_engine_id\": 87}, {\"search_engine\": \"eBay\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1079, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.ebay.com/...{searchTerms}\", \"search_engine_id\": 92}], \"set_home_page_on_update\": true, \"channel\": null, \"revision\": 1}}");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4.2");
user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"td\":1.5},\"1-Stop-Florists\":{\"name\":\"1 Stop Florists\",\"autordr\":1,\"td\":6},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\"autordr\":1},\"1and1internet-Canada\":{\"name\":\"1&1 Internet Inc. Canada\",\"autordr\":1},\"1-800-Bakery.com\":{\"name\":\"1-800-Bakery.com\",\"autordr\":1,\"td\":5},\"1-800-Baskets.com\":{\"name\":\"1-800-Baskets.com\",\"autordr\":1,\"td\":5},\"1-800-FLORALS\":{\"name\":\"1-800-FLORALS\",\"autordr\":1,\"td\":10},\"1-800Flowers.com\":{\"name\":\"1-800-Flowers.com\",\"autordr\":1,\"td\":10,\"ctxt\":\"5% off!\",\"ccode\":\"WECAREFIVE\"},\"1-800-Get-Lens\":{\"name\":\"1-800-Get-Lens\",\"autordr\":1,\"td\":4},\"1-800-GOT-JUNK\":{\"name\":\"1-800-GOT-JUNK?\",\"autordr\":1,\"td\":1.5},\"100-Day-Loans\":{\"name\":\"100 Day Loans\",\"autordr\":1},\"101-Phones\":{\"name\":\"101Phones.com\",\"autordr\":1,\"td\":3},\"123inkjets.com\":{\"name\":\"123Inkjets.com\",\"autordr\":1,\"td\":14},\"123Print\":{\"name\":\"123Print\",\"autordr\":1,\"td\":5},\"1800CarDonations.org\":{\"name\":\"1800CarDonations.org\",\"autordr\":1},\"1800Treadmill\":{\"name\":\"1800Treadmill\",\"autordr\":1,\"td\":4.5},\"1928-Jewelry\":{\"name\":\"1928 Jewelry\",\"autordr\":1,\"td\":7.5},\"1928-Jewelry-Bridal\":{\"name\":\"1928 Jewelry Bridal\",\"autordr\":1,\"td\":7.5},\"1ink.com\":{\"name\":\"1ink.com\",\"autordr\":1,\"td\":14},\"1ShoppingCart\":{\"name\":\"1ShoppingCart\",\"autordr\":1},\"1STOPLighting\":{\"name\":\"1STOPLighting\",\"autordr\":0,\"td\":3.5},\"23andMe\":{\"name\":\"23andMe\",\"autordr\":1,\"td\":2.5},\"24-Hour-Fitness\":{\"name\":\"24 Hour Fitness\",\"autordr\":1,\"td\":5},\"2b-Store\":{\"name\":\"2b Store\",\"autordr\":0,\"td\":2.5},\"2xist\":{\"name\":\"2xist\",\"autordr\":1,\"td\":3},\"3Balls\":{\"name\":\"3 Balls\",\"autordr\":1,\"td\":2},\"360training\":{\"name\":\"360training\",\"autordr\":1,\"td\":7.5},\"39DollarGlasses.com\":{\"name\":\"39DollarGlasses.com\",\"autordr\":1,\"td\":4},\"3lab\":{\"name\":\"3lab\",\"autordr\":1,\"td\":6},\"4-Inkjets\":{\"name\":\"4 Inkjets\",\"autordr\":1},\"4seasonswine\":{\"name\":\"4 Seasons Wine\",\"autordr\":1},\"4-Wheel-Drive\":{\"name\":\"4 Wheel Drive\",\"autordr\":1,\"td\":3},\"4WheelParts\":{\"name\":\"4 Wheel Parts\",\"autordr\":1,\"td\":3},\"48HourPrint.com\":{\"name\":\"48HourPrint.com\",\"autordr\":1,\"td\":7.5},\"5.11-Tactical-Series\":{\"name\":\"5.11 Tactical Series\",\"autordr\":1,\"td\":3},\"525-America\":{\"name\":\"525 America\",\"autordr\":1,\"td\":3},\"599fashion.com\":{\"name\":\"599fashion.com\",\"autordr\":1,\"td\":1.5},\"6DollarShirts.com\":{\"name\":\"6DollarShirts.com\",\"autordr\":1,\"td\":5},\"7-For-All-Mankind\":{\"name\":\"7 For All Mankind\",\"autordr\":1,\"td\":2},\"80s-Purple\":{\"name\":\"80's Purple\",\"autordr\":1,\"td\":3.5},\"8x8\":{\"name\":\"8x8\",\"autordr\":1},\"911-Health\":{\"name\":\"911 Health\",\"autordr\":1,\"td\":5},\"99Designs\":{\"name\":\"99designs\",\"autordr\":1},\"AARP-Auto-Insurance-Program-from-The-Hartford\":{\"name\":\"The AARP Auto Insurance Program from The Hartford\",\"autordr\":1},\"ababy.com\":{\"name\":\"ababy.com\",\"autordr\":1,\"td\":4},\"Abacus24-7.com\":{\"name\":\"Abacus24-7.com\",\"autordr\":1,\"td\":15},\"ABCmouse.com\":{\"name\":\"ABCmouse.com\",\"autordr\":1},\"Abes-of-Maine\":{\"name\":\"Abe's of Maine\",\"autordr\":1,\"td\":3},\"AbleNet\":{\"name\":\"AbleNet\",\"autordr\":0,\"td\":3},\"AboutAirportParking\":{\"name\":\"About Airport Parking\",\"autordr\":1,\"td\":25},\"Abt-Electronics\":{\"name\":\"Abt Electronics\",\"autordr\":0},\"Academic-Superstore\":{\"name\":\"Academic Superstore\",\"autordr\":1,\"td\":2.5},\"Accessorize\":{\"name\":\"Accessorize\",\"autordr\":1,\"td\":2.5},\"ACDSee\":{\"name\":\"ACDSee\",\"autordr\":1,\"td\":7.5},\"ACE-Hardware\":{\"name\":\"ACE Hardware\",\"autordr\":1,\"td\":2.5},\"Ace-Ticket\":{\"name\":\"AceTicket\",\"autordr\":1,\"td\":3.5},\"Acnecomplexcanada.com\":{\"name\":\"Acnecomplexcanada.com\",\"autordr\":1},\"Acronis\":{\"name\":\"Acronis\",\"autordr\":1},\"Action-Alert\":{\"name\":\"Action Alert\",\"autordr\":1,\"td\":12.5},\"ActiveForever\":{\"name\":\"ActiveForever\",\"autordr\":1,\"td\":3},\"ActivewearUSA.com\":{\"name\":\"ActivewearUSA.com\",\"autordr\":1,\"td\":5},\"Adagio-Teas\":{\"name\":\"Adagio Teas\",\"autordr\":1,\"td\":5},\"adameveToys.com\":{\"name\":\"Adam and Eve Toys\",\"autordr\":1,\"td\":10},\"Adirondack-Chair-Superstore\":{\"name\":\"Adirondack Chair Superstore\",\"autordr\":1,\"td\":2.5},\"Adonit\":{\"name\":\"Adonit\",\"autordr\":1,\"td\":5},\"Adorama\":{\"name\":\"Adorama\",\"autordr\":1,\"td\":2},\"Adorama-Pix\":{\"name\":\"Adorama Pix\",\"autordr\":1,\"td\":5},\"Adore-Me\":{\"name\":\"Adore Me\",\"autordr\":1},\"Adorn.com\":{\"name\":\"Adorn.com\",\"%3

#10 saque

saque

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 November 2012 - 04:23 PM

Yes, I'm sorry, it seems the forum kept glitching and would not post all of my text. I will try it again now:
<p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.8.4 (11.07.2012)
OS: Windows 7 Home Premium x64
Ran by rainbow shine on Wed 11/07/2012 at 5:03:52.29
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox detected and repaired

Successfully deleted: [File] C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\searchplugins\search-here.xml
Successfully deleted: [addon@defaulttab.com.xpi] from C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions
user_pref("browser.startup.homepage", "http://us.yhs4.searc...2,16900,0,54,0");
user_pref("extensions.defaulttab.active.affiliate", 2642);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20121042,18175,0,0,0");
user_pref("extensions.defaulttab.browserID", "8CEFE2C5547301934C33B150865117D8");
user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search Here\", \"window_content\": \"<html>\\r\\n<head>\\r\\n<style type=\\\"text/css\\\">\\r\\nhtml,\\r\\n\\r\\n.content {\\r\\n position: absolute;\\r\\n top: 0;\\r\\n right: 0;\\r\\n}\\r\\n.content1 {\\r\\n\\tpadding-left: 0px;\\r\\n\\tpadding-top: 0px;\\r\\n\\tpadding-right: 0px;\\r\\n\\tpadding-bottom: 0px;\\r\\n}\\r\\n\\r\\n</style>\\r\\n</head>\\r\\n<body>\\r\\n <div class=\\\"content\\\">\\r\\n <img src=\\\"http://assets.defaul....png\\\">\\r\\n </div>\\r\\n \\r\\n</body>\\r\\n</html>\", \"version\": 1, \"search_box_default\": \"Search Here|Search Here\", \"third_party_reporting_partner\": null, \"change_home_page\": true, \"set_default_search_on_update\": true, \"change_default_search\": true, \"icon_image_file\": \"http://assets.mysear...lue-16x16.ico\", \"change_dns_error_handling_on_update\": false, \"use_dns_error_handling\": true, \"set_search_box\": true, \"set_home_page_to\": \"http://www.mysearchr.../?c=0000&t=01\", \"enable_third_party_content\": true, \"country\": \"US\", \"search_engines\": [{\"search_engine\": \"Search Here|Search Here\", \"search_query_string\": \"&c=0000&t=01&q={searchTerms}\", \"toolbar_search_engine_config_id\": 583, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"<!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.1//EN\\\" \\\"http://www.w3.org/TR...\\">\\r\\n<html xmlns=\\\"http://www.w3.org/19...>\\r\\n\\t<meta http-equiv=\\\"Content-Type\\\" content=\\\"application/xhtml+xml; charset=utf-8\\\" />\\r\\n\\t<title>Internet Search</title>\\r\\n <link rel=\\\"shortcut icon\\\" type=\\\"image/ico\\\" href=\\\"http://assets.defaul....ico\\\">\\r\\n <style type=\\\"text/css\\\">\\r\\n * { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }\\r\\n\\t\\thtml, body{\\r\\n\\t\\t\\theight:100%;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.none{display:none;}\\r\\n\\t\\t.top-bar{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\ttop:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:30px;\\r\\n\\t\\t\\tbackground:#0342B7;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tpadding:0 3px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tpadding:6px 7px;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a{\\r\\n\\t\\t\\tcolor:#7DA7F4;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a:hover,\\r\\n\\t\\t.top-bar ul li a.active{color:#fff;}\\r\\n\\t\\t.top-bar .lang{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\tpadding:6px 10px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#9cf;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar span{float:right;}\\r\\n\\t\\t.top-bar .choose{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\twidth:16px;\\r\\n\\t\\t\\theight:16px;\\t\\r\\n\\t\\t\\tmargin:1px 0 1px 8px;\\r\\n\\t\\t\\tbackground:%

#11 saque

saque

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 November 2012 - 07:17 PM

Yes, I'm sorry, it seems the forum kept glitching and would not post all of my text. I will try it again now:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.8.4 (11.07.2012)
OS: Windows 7 Home Premium x64
Ran by rainbow shine on Wed 11/07/2012 at 5:03:52.29
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox detected and repaired

Successfully deleted: [File] C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\searchplugins\search-here.xml
Successfully deleted: [addon@defaulttab.com.xpi] from C:\Users\rainbow shine\AppData\Roaming\Mozilla\Firefox\Profiles\wz4dqfdt.default\extensions
user_pref("browser.startup.homepage", "http://us.yhs4.searc...2,16900,0,54,0");
user_pref("extensions.defaulttab.active.affiliate", 2642);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20121042,18175,0,0,0");
user_pref("extensions.defaulttab.browserID", "8CEFE2C5547301934C33B150865117D8");
user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search Here\", \"window_content\": \"<html>\\r\\n<head>\\r\\n<style type=\\\"text/css\\\">\\r\\nhtml,\\r\\n\\r\\n.content {\\r\\n position: absolute;\\r\\n top: 0;\\r\\n right: 0;\\r\\n}\\r\\n.content1 {\\r\\n\\tpadding-left: 0px;\\r\\n\\tpadding-top: 0px;\\r\\n\\tpadding-right: 0px;\\r\\n\\tpadding-bottom: 0px;\\r\\n}\\r\\n\\r\\n</style>\\r\\n</head>\\r\\n<body>\\r\\n <div class=\\\"content\\\">\\r\\n <img src=\\\"http://assets.defaulttab.com/pop3.png\\\">\\r\\n </div>\\r\\n \\r\\n</body>\\r\\n</html>\", \"version\": 1, \"search_box_default\": \"Search Here|Search Here\", \"third_party_reporting_partner\": null, \"change_home_page\": true, \"set_default_search_on_update\": true, \"change_default_search\": true, \"icon_image_file\": \"http://assets.mysearchresults.com/information-blue-16x16.ico\", \"change_dns_error_handling_on_update\": false, \"use_dns_error_handling\": true, \"set_search_box\": true, \"set_home_page_to\": \"http://www.mysearchresults.com/?c=0000&t=01\", \"enable_third_party_content\": true, \"country\": \"US\", \"search_engines\": [{\"search_engine\": \"Search Here|Search Here\", \"search_query_string\": \"&c=0000&t=01&q={searchTerms}\", \"toolbar_search_engine_config_id\": 583, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"<!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.1//EN\\\" \\\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\\\">\\r\\n<html xmlns=\\\"http://www.w3.org/1999/xhtml\\\">\\r\\n<head>\\r\\n\\t<meta http-equiv=\\\"Content-Type\\\" content=\\\"application/xhtml+xml; charset=utf-8\\\" />\\r\\n\\t<title>Internet Search</title>\\r\\n <link rel=\\\"shortcut icon\\\" type=\\\"image/ico\\\" href=\\\"http://assets.defaulttab.com/favicon.ico\\\">\\r\\n <style type=\\\"text/css\\\">\\r\\n * { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }\\r\\n\\t\\thtml, body{\\r\\n\\t\\t\\theight:100%;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.none{display:none;}\\r\\n\\t\\t.top-bar{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\ttop:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:30px;\\r\\n\\t\\t\\tbackground:#0342B7;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tpadding:0 3px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tpadding:6px 7px;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a{\\r\\n\\t\\t\\tcolor:#7DA7F4;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar ul li a:hover,\\r\\n\\t\\t.top-bar ul li a.active{color:#fff;}\\r\\n\\t\\t.top-bar .lang{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\tpadding:6px 10px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#9cf;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar span{float:right;}\\r\\n\\t\\t.top-bar .choose{\\r\\n\\t\\t\\tfloat:right;\\r\\n\\t\\t\\twidth:16px;\\r\\n\\t\\t\\theight:16px;\\t\\r\\n\\t\\t\\tmargin:1px 0 1px 8px;\\r\\n\\t\\t\\tbackground:#1885f2;\\r\\n\\t\\t}\\r\\n\\t\\t.top-bar .choose em{\\r\\n\\t\\t\\tdisplay:block;\\r\\n\\t\\t\\twidth:0;\\r\\n\\t\\t\\theight:0;\\r\\n\\t\\t\\tmargin:6px auto 0;\\r\\n\\t\\t\\toverflow:hidden;\\r\\n\\t\\t\\tborder-top: 5px solid #fff;\\r\\n \\t\\tborder-left: 5px solid transparent;\\r\\n \\t\\tborder-right: 5px solid transparent;\\r\\n\\t\\t}\\r\\n\\t\\t.container{\\r\\n\\t\\t\\tdisplay:table;\\r\\n\\t\\t\\twidth:100%;\\r\\n\\t\\t\\theight:100%;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper{\\r\\n\\t\\t\\tdisplay:table-cell;\\t\\r\\n\\t\\t\\tpadding-top: 250px;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .logo,\\r\\n\\t\\t.wrapper img,\\r\\n\\t\\t.wrapper dl,\\r\\n\\t\\t.wrapper dt,\\r\\n\\t\\t.wrapper dd{\\r\\n\\t\\t\\tfloat:left;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t\\tpadding:0;\\r\\n\\t\\t}\\r\\n\\t\\t.wrapper .search{\\r\\n\\t\\t\\tmargin:0 auto;\\t\\r\\n\\t\\t\\twidth:710px;\\r\\n }\\r\\n .wrapper .logo {\\r\\n padding-top: 4px;\\r\\n }\\r\\n\\t\\t*+ html .wrapper .search{margin-top:expression(this.parentNode.offsetHeight > this.offsetHeight ? ((this.parentNode.offsetHeight-this.offsetHeight)/2 + \\\"px\\\") : \\\"0\\\");}\\r\\n\\t\\t.search dl{\\r\\n\\t\\t\\tmargin:9px 0 9px 15px;\\t\\r\\n\\t\\t}\\r\\n .search dt input{\\r\\n \\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tpadding:2px 7px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:15px/27px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tbox-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-moz-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\t-webkit-box-shadow:2px 2px 2px -2px #8B8B8B inset;\\r\\n\\t\\t\\twidth:500px;\\r\\n\\t\\t\\tmargin:0;\\r\\n\\t\\t}\\r\\n\\t\\t.search dd button{\\r\\n\\t\\t\\tborder:1px solid #8b8b8b;\\r\\n\\t\\t\\tbackground:#e5e3e3;\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t\\tpadding:0px 40px;\\r\\n\\t\\t\\theight:33px;\\r\\n\\t\\t\\tfont:bold 15px Arial, Helvetica, sans-serif;\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\tmargin-left:-1px;\\r\\n\\t\\t}\\r\\n\\t\\t*+ html .wrapper .search dd button{\\r\\n\\t\\t\\tpadding-left:20px;\\r\\n\\t\\t\\tpadding-right:20px;\\r\\n\\t\\t\\tmargin-top:1px;\\r\\n\\t\\t}\\r\\n\\t\\t.search dt input:focus,\\r\\n\\t\\t.search dd button:focus{position:relative;}\\r\\n\\t\\t.search dd button::-moz-focus-inner{border:0;}\\r\\n\\t\\t.footer{\\r\\n\\t\\t\\tposition:fixed;\\r\\n\\t\\t\\tbottom:0;\\r\\n\\t\\t\\tleft:0;\\r\\n\\t\\t\\twidth:100%;\\t\\r\\n\\t\\t\\ttext-align:center;\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul{\\r\\n\\t\\t\\tlist-style:none;\\r\\n\\t\\t\\tmargin:0 auto;\\r\\n\\t\\t\\tpadding:15px 0;\\r\\n\\t\\t\\tfont:11px Arial, Helvetica, sans-serif;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li{\\r\\n\\t\\t\\tdisplay:inline;\\r\\n\\t\\t\\tpadding:0 10px;\\r\\n\\t\\t\\tborder-left:1px solid #c2bfbf;\\r\\n\\t\\t\\tcolor:#555;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li:first-child{border:0;}\\r\\n\\t\\t*+ html #navigation li{border-left: expression( (this===this.parentNode.childNodes[0]) ? \\\"none\\\" : \\\"auto\\\");}\\r\\n\\t\\t.footer ul li a{\\r\\n\\t\\t\\tcolor:#555;\\r\\n\\t\\t\\ttext-decoration:none;\\t\\r\\n\\t\\t}\\r\\n\\t\\t.footer ul li em a{color:#aca8a8;}\\r\\n\\t\\t.footer ul li a:hover{text-decoration:underline;}\\r\\n\\t</style>\\r\\n</head>\\r\\n<body>\\r\\n<div class=\\\"top-bar\\\">\\r\\n\\t<ul>\\r\\n \\t<li><a class=\\\"active\\\" href=\\\"#\\\">Web</a></li>\\r\\n\\r\\n <li><a href=\\\"http://www.google.com/images\\\">Images</a></li>\\r\\n <li><a href=\\\"http://news.google.com\\\">News</a></li>\\r\\n <!-- <li><a href=\\\"#\\\">Games</a></li> -->\\r\\n <li><a href=\\\"http://www.youtube.com\\\">Video</a></li>\\r\\n <li><a href=\\\"http://www.facebook.com\\\">Facebook</a></li>\\r\\n <li><a href=\\\"http://www.twitter.com\\\">Twitter</a></li>\\r\\n\\r\\n </ul>\\r\\n <!--\\r\\n <div class=\\\"lang\\\">\\r\\n \\t<a class=\\\"choose\\\" href=\\\"#\\\"><em>&nbsp;</em></a>\\r\\n <span>English</span>\\r\\n </div>\\r\\n -->\\r\\n</div>\\r\\n<div class=\\\"container\\\">\\r\\n\\t<div class=\\\"wrapper\\\">\\r\\n\\t\\t<form class=\\\"search\\\" method=\\\"get\\\" action=\\\"http://www.mysearchresults.com/search\\\">\\r\\n <div class=\\\"none\\\">\\r\\n <input type=\\\"hidden\\\" name=\\\"ei\\\" value=\\\"utf-8\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"c\\\" value=\\\"0000\\\" />\\r\\n\\t\\t\\t\\t<input type=\\\"hidden\\\" name=\\\"t\\\" value=\\\"01\\\" />\\r\\n\\r\\n </div><!--/.none-->\\r\\n\\t\\t\\t<div class=\\\"logo\\\">\\r\\n\\t\\t\\t\\t<img src=\\\"http://assets.defaulttab.com/sr_logo.png\\\" />\\r\\n\\t\\t\\t</div><!--/.logo-->\\r\\n <dl>\\r\\n\\t <dt>\\r\\n \\t\\t <input type=\\\"text\\\" name=\\\"q\\\" />\\r\\n \\t</dt>\\r\\n \\t<dd>\\r\\n\\r\\n\\t\\t <button type=\\\"submit\\\" class=\\\"y_go\\\">Search</button>\\r\\n \\t </dd>\\r\\n </dl>\\r\\n\\t\\t</form><!--/.search-->\\r\\n\\t</div><!--/.wrapper-->\\r\\n\\t<div class=\\\"footer\\\">\\r\\n <ul>\\r\\n <li>&copy; 2012 Search Results, LLC</li>\\r\\n\\r\\n <li>\\r\\n \\t <a href=\\\"http://corp.mysearchresults.com/about-us/privacy-policy/\\\">Privacy & Terms</a>\\r\\n </li>\\r\\n <!-- <li id=\\\"disablenewtab\\\" style=\\\"display: none\\\">Disable New Tab Search</li> -->\\r\\n </ul>\\r\\n\\t</div><!--/.footer-->\\r\\n</div><!--/.container-->\\r\\n</body>\\r\\n</html>\", \"base_url\": \"http://www.mysearchresults.com/search\", \"search_engine_id\": 99}, {\"search_engine\": \"Facebook\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 585, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.facebook.com/search.php?q={searchTerms}\", \"search_engine_id\": 88}, {\"search_engine\": \"YouTube\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 586, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.youtube.com/results?search_query={searchTerms}\", \"search_engine_id\": 90}, {\"search_engine\": \"Amazon\", \"search_query_string\": \"&tag=inline3-20&linkCode=ur2&camp=1789&field-keywords={searchTerms}\", \"toolbar_search_engine_config_id\": 587, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.amazon.com/mn/search/?encoding=UTF8\", \"search_engine_id\": 85}, {\"search_engine\": \"Wikipedia\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1077, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://en.wikipedia.org/wiki/{searchTerms}\", \"search_engine_id\": 86}, {\"search_engine\": \"Twitter\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1078, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"https://twitter.com/#!/search?q={searchTerms}\", \"search_engine_id\": 87}, {\"search_engine\": \"eBay\", \"search_query_string\": \"\", \"toolbar_search_engine_config_id\": 1079, \"third_party_feed_identifier\": \"\", \"new_tab_content\": \"\", \"base_url\": \"http://www.ebay.com/sch/?_nkw={searchTerms}\", \"search_engine_id\": 92}], \"set_home_page_on_update\": true, \"channel\": null, \"revision\": 1}}");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4.2");
user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"td\":1.5},\"1-Stop-Florists\":{\"name\":\"1 Stop Florists\",\"autordr\":1,\"td\":6},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\"autordr\":1},\"1and1internet-Canada\":{\"name\":\"1&1 Internet Inc. Canada\",\"autordr\":1},\"1-800-Bakery.com\":{\"name\":\"1-800-Bakery.com\",\"autordr\":1,\"td\":5},\"1-800-Baskets.com\":{\"name\":\"1-800-Baskets.com\",\"autordr\":1,\"td\":5},\"1-800-FLORALS\":{\"name\":\"1-800-FLORALS\",\"autordr\":1,\"td\":10},\"1-800Flowers.com\":{\"name\":\"1-800-Flowers.com\",\"autordr\":1,\"td\":10,\"ctxt\":\"5% off!\",\"ccode\":\"WECAREFIVE\"},\"1-800-Get-Lens\":{\"name\":\"1-800-Get-Lens\",\"autordr\":1,\"td\":4},\"1-800-GOT-JUNK\":{\"name\":\"1-800-GOT-JUNK?\",\"autordr\":1,\"td\":1.5},\"100-Day-Loans\":{\"name\":\"100 Day Loans\",\"autordr\":1},\"101-Phones\":{\"name\":\"101Phones.com\",\"autordr\":1,\"td\":3},\"123inkjets.com\":{\"name\":\"123Inkjets.com\",\"autordr\":1,\"td\":14},\"123Print\":{\"name\":\"123Print\",\"autordr\":1,\"td\":5},\"1800CarDonations.org\":{\"name\":\"1800CarDonations.org\",\"autordr\":1},\"1800Treadmill\":{\"name\":\"1800Treadmill\",\"autordr\":1,\"td\":4.5},\"1928-Jewelry\":{\"name\":\"1928 Jewelry\",\"autordr\":1,\"td\":7.5},\"1928-Jewelry-Bridal\":{\"name\":\"1928 Jewelry Bridal\",\"autordr\":1,\"td\":7.5},\"1ink.com\":{\"name\":\"1ink.com\",\"autordr\":1,\"td\":14},\"1ShoppingCart\":{\"name\":\"1ShoppingCart\",\"autordr\":1},\"1STOPLighting\":{\"name\":\"1STOPLighting\",\"autordr\":0,\"td\":3.5},\"23andMe\":{\"name\":\"23andMe\",\"autordr\":1,\"td\":2.5},\"24-Hour-Fitness\":{\"name\":\"24 Hour Fitness\",\"autordr\":1,\"td\":5},\"2b-Store\":{\"name\":\"2b Store\",\"autordr\":0,\"td\":2.5},\"2xist\":{\"name\":\"2xist\",\"autordr\":1,\"td\":3},\"3Balls\":{\"name\":\"3 Balls\",\"autordr\":1,\"td\":2},\"360training\":{\"name\":\"360training\",\"autordr\":1,\"td\":7.5},\"39DollarGlasses.com\":{\"name\":\"39DollarGlasses.com\",\"autordr\":1,\"td\":4},\"3lab\":{\"name\":\"3lab\",\"autordr\":1,\"td\":6},\"4-Inkjets\":{\"name\":\"4 Inkjets\",\"autordr\":1},\"4seasonswine\":{\"name\":\"4 Seasons Wine\",\"autordr\":1},\"4-Wheel-Drive\":{\"name\":\"4 Wheel Drive\",\"autordr\":1,\"td\":3},\"4WheelParts\":{\"name\":\"4 Wheel Parts\",\"autordr\":1,\"td\":3},\"48HourPrint.com\":{\"name\":\"48HourPrint.com\",\"autordr\":1,\"td\":7.5},\"5.11-Tactical-Series\":{\"name\":\"5.11 Tactical Series\",\"autordr\":1,\"td\":3},\"525-America\":{\"name\":\"525 America\",\"autordr\":1,\"td\":3},\"599fashion.com\":{\"name\":\"599fashion.com\",\"autordr\":1,\"td\":1.5},\"6DollarShirts.com\":{\"name\":\"6DollarShirts.com\",\"autordr\":1,\"td\":5},\"7-For-All-Mankind\":{\"name\":\"7 For All Mankind\",\"autordr\":1,\"td\":2},\"80s-Purple\":{\"name\":\"80's Purple\",\"autordr\":1,\"td\":3.5},\"8x8\":{\"name\":\"8x8\",\"autordr\":1},\"911-Health\":{\"name\":\"911 Health\",\"autordr\":1,\"td\":5},\"99Designs\":{\"name\":\"99designs\",\"autordr\":1},\"AARP-Auto-Insurance-Program-from-The-Hartford\":{\"name\":\"The AARP Auto Insurance Program from The Hartford\",\"autordr\":1},\"ababy.com\":{\"name\":\"ababy.com\",\"autordr\":1,\"td\":4},\"Abacus24-7.com\":{\"name\":\"Abacus24-7.com\",\"autordr\":1,\"td\":15},\"ABCmouse.com\":{\"name\":\"ABCmouse.com\",\"autordr\":1},\"Abes-of-Maine\":{\"name\":\"Abe's of Maine\",\"autordr\":1,\"td\":3},\"AbleNet\":{\"name\":\"AbleNet\",\"autordr\":0,\"td\":3},\"AboutAirportParking\":{\"name\":\"About Airport Parking\",\"autordr\":1,\"td\":25},\"Abt-Electronics\":{\"name\":\"Abt Electronics\",\"autordr\":0},\"Academic-Superstore\":{\"name\":\"Academic Superstore\",\"autordr\":1,\"td\":2.5},\"Accessorize\":{\"name\":\"Accessorize\",\"autordr\":1,\"td\":2.5},\"ACDSee\":{\"name\":\"ACDSee\",\"autordr\":1,\"td\":7.5},\"ACE-Hardware\":{\"name\":\"ACE Hardware\",\"autordr\":1,\"td\":2.5},\"Ace-Ticket\":{\"name\":\"AceTicket\",\"autordr\":1,\"td\":3.5},\"Acnecomplexcanada.com\":{\"name\":\"Acnecomplexcanada.com\",\"autordr\":1},\"Acronis\":{\"name\":\"Acronis\",\"autordr\":1},\"Action-Alert\":{\"name\":\"Action Alert\",\"autordr\":1,\"td\":12.5},\"ActiveForever\":{\"name\":\"ActiveForever\",\"autordr\":1,\"td\":3},\"ActivewearUSA.com\":{\"name\":\"ActivewearUSA.com\",\"autordr\":1,\"td\":5},\"Adagio-Teas\":{\"name\":\"Adagio Teas\",\"autordr\":1,\"td\":5},\"adameveToys.com\":{\"name\":\"Adam and Eve Toys\",\"autordr\":1,\"td\":10},\"Adirondack-Chair-Superstore\":{\"name\":\"Adirondack Chair Superstore\",\"autordr\":1,\"td\":2.5},\"Adonit\":{\"name\":\"Adonit\",\"autordr\":1,\"td\":5},\"Adorama\":{\"name\":\"Adorama\",\"autordr\":1,\"td\":2},\"Adorama-Pix\":{\"name\":\"Adorama Pix\",\"autordr\":1,\"td\":5},\"Adore-Me\":{\"name\":\"Adore Me\",\"autordr\":1},\"Adorn.com\":{\"name\":\"Adorn.com\",\"autordr\":1,\"td\":7.5},\"Advance-Auto-Parts\":{\"name\":\"Advance Auto Parts\",\"autordr\":1,\"td\":4},\"AeroGrow\":{\"name\":\"AeroGarden\",\"autordr\":1},\"Aeropostale\":{\"name\":\"Aeropostale\",\"autordr\":1,\"td\":2},\"AFG\":{\"name\":\"AFG\",\"autordr\":1,\"td\":4.5},\"Afterglow-Cosmetics\":{\"name\":\"Afterglow Cosmetics\",\"autordr\":1,\"td\":4},\"AHAlife\":{\"name\":\"AHAlife\",\"autordr\":1,\"td\":3.5},\"Air-France-Canada\":{\"name\":\"Air France Canada\",\"autordr\":1,\"td\":0.5},\"Air-France\":{\"name\":\"Air France USA\",\"autordr\":1,\"td\":0.5},\"Airfare.com\":{\"name\":\"Airfare.com\",\"autordr\":0},\"AirportParkingReservations.com\":{\"name\":\"AirportParkingReservations.com\",\"autordr\":1,\"td\":20},\"AJ-Madison\":{\"name\":\"AJ Madison\",\"autordr\":1},\"Akademiks\":{\"name\":\"Akademiks\",\"autordr\":0,\"td\":3},\"Alamo-Rent-A-Car\":{\"name\":\"Alamo Rent A Car\",\"autordr\":0,\"td\":2.5},\"Alessi\":{\"name\":\"Alessi\",\"autordr\":1,\"td\":3.5},\"Alex-Ani\":{\"name\":\"Alex & Ani\",\"autordr\":1,\"td\":3.5},\"Alexandalexa\":{\"name\":\"Alexandalexa\",\"autordr\":1,\"td\":5},\"Alibris\":{\"name\":\"Alibris\",\"autordr\":1,\"td\":2.5},\"Alice-and-Trixie\":{\"name\":\"Alice and Trixie\",\"autordr\":1,\"td\":3.5},\"Alight.com\":{\"name\":\"Alight.com\",\"autordr\":1,\"td\":2.5},\"All4Cellular\":{\"name\":\"All4Cellular\",\"autordr\":1,\"td\":3.5},\"ALLDATAdiy.com\":{\"name\":\"ALLDATAdiy.com\",\"autordr\":0,\"td\":12.5},\"Allen-Edmonds\":{\"name\":\"Allen Edmonds\",\"autordr\":0,\"td\":3.5},\"Allergy-Be-Gone\":{\"name\":\"Allergy Be Gone\",\"autordr\":1,\"td\":4},\"AllergyBuyersClub.com\":{\"name\":\"AllergyBuyersClub.com\",\"autordr\":1,\"td\":3.5},\"Alliance-Tickets\":{\"name\":\"Alliance Tickets\",\"autordr\":1,\"td\":5},\"Allianz-Travel-Insurance\":{\"name\":\"Allianz Travel Insurance\",\"autordr\":1},\"Alloy\":{\"name\":\"Alloy\",\"autordr\":1,\"td\":3.5},\"AllPosters.com\":{\"name\":\"AllPosters.com\",\"autordr\":1,\"td\":7.5},\"AllSaints-Spitalfields\":{\"name\":\"Allsaints Spitalfields\",\"autordr\":1,\"td\":2},\"Allstate-Motor-Club\":{\"name\":\"Allstate Motor Club\",\"autordr\":1},\"Allurez\":{\"name\":\"Allurez\",\"autordr\":1,\"td\":4},\"Aloft-Hotels\":{\"name\":\"Aloft Hotels\",\"autordr\":1,\"td\":1.5},\"Alpha-Industries\":{\"name\":\"Alpha Industries\",\"autordr\":1,\"td\":4},\"Alpha-Omega-Publications\":{\"name\":\"Alpha Omega Publications\",\"autordr\":1,\"td\":2},\"AmazingSocks\":{\"name\":\"Amazing Socks\",\"autordr\":0,\"td\":3},\"American-Airlines\":{\"name\":\"American Airlines\",\"autordr\":1},\"American-Airlines-Vacations\":{\"name\":\"American Airlines Vacations\",\"autordr\":1,\"td\":2},\"American-Bridal\":{\"name\":\"American Bridal\",\"autordr\":1,\"td\":6},\"American-Express-Travel\":{\"name\":\"American Express Travel\",\"autordr\":1},\"American-Meadows\":{\"name\":\"American Meadows\",\"autordr\":1,\"td\":4},\"AmericanEssays.com\":{\"name\":\"AmericanEssays.com\",\"autordr\":1,\"td\":5},\"Amiclubwear\":{\"name\":\"Amiclubwear\",\"autordr\":1,\"td\":3.5},\"Amor.com\":{\"name\":\"Amor.com\",\"autordr\":1},\"Amoro-Fine-Jewelry\":{\"name\":\"Amoro Fine Jewelry\",\"autordr\":1,\"td\":2.5},\"Amrita-Singh-Jewelry\":{\"name\":\"Amrita Singh Jewelry\",\"autordr\":1,\"td\":3.5},\"AN-Hosting\":{\"name\":\"AN Hosting\",\"autordr\":1},\"Anaconda-Sports\":{\"name\":\"Anaconda Sports\",\"autordr\":1,\"td\":3},\"Ancestry.ca\":{\"name\":\"Ancestry.ca\",\"autordr\":1,\"td\":12.5},\"Andys-Auto-Sport\":{\"name\":\"Andy's Auto Sport\",\"autordr\":1,\"td\":3},\"Angara\":{\"name\":\"Angara\",\"autordr\":1,\"td\":5},\"Angies-List\":{\"name\":\"Angie's List\",\"autordr\":1,\"td\":27.5},\"Animal-Den\":{\"name\":\"Animal Den\",\"autordr\":1,\"td\":6},\"Animal-Jam\":{\"name\":\"Animal Jam\",\"autordr\":1,\"td\":5},\"Animal-Jam-Shop\":{\"name\":\"Animal Jam Shop\",\"autordr\":1,\"td\":5},\"Ann-Taylor\":{\"name\":\"Ann Taylor\",\"autordr\":1,\"td\":2.5,\"ctxt\":\"Friends and Family!\",\"ccode\":\"FRIENDSNOV\"},\"Anns-Bridal-Bargains\":{\"name\":\"Ann's Bridal Bargains\",\"autordr\":1,\"td\":5},\"Annas-Linens\":{\"name\":\"Anna's Linens\",\"autordr\":1,\"td\":3},\"anne-klein\":{\"name\":\"Anne Klein\",\"autordr\":1,\"td\":2.5},\"Annies-Attic\":{\"name\":\"Annie's\",\"autordr\":1,\"td\":5},\"AnnuityFYI\":{\"name\":\"AnnuityFYI\",\"autordr\":1},\"Anolon\":{\"name\":\"Anolon\",\"autordr\":1,\"td\":4},\"Anonymizer\":{\"name\":\"Anonymizer\",\"autordr\":1,\"td\":12.5},\"Anthropologie\":{\"name\":\"Anthropologie\",\"autordr\":1,\"td\":2.5},\"Anypromo.com\":{\"name\":\"Anypromo.com\",\"autordr\":1,\"td\":4},\"Anytime-Costumes\":{\"name\":\"Anytime Costumes\",\"autordr\":1},\"AOL\":{\"name\":\"AOL Lifestore\",\"autordr\":0,\"td\":5},\"AOL-TechGuru\":{\"name\":\"AOL TechGuru\",\"autordr\":0},\"Apothica\":{\"name\":\"Apothica\",\"autordr\":1,\"td\":7.5},\"Apparel-Zoo\":{\"name\":\"Apparel Zoo\",\"autordr\":1,\"td\":4},\"Apple-Store\":{\"name\":\"Apple Store\",\"autordr\":1,\"td\":0.75},\"Apple-Vacations\":{\"name\":\"Apple Vacations\",\"autordr\":1},\"ApplesOfGoldJewelry\":{\"name\":\"Apples Of Gold Jewelry\",\"autordr\":0,\"td\":3},\"Applian-Technologies\":{\"name\":\"Applian Technologies\",\"autordr\":1,\"td\":2},\"AppliancePartsPros.com\":{\"name\":\"AppliancePartsPros.com\",\"autordr\":1,\"td\":3.5},\"AppliancesConnection\":{\"name\":\"Appliances Connection\",\"autordr\":1,\"td\":1.5},\"Apy-60\":{\"name\":\"Apy 60\",\"autordr\":1},\"Aqua-Superstore\":{\"name\":\"Aqua Supercenter\",\"autordr\":1,\"td\":2.5},\"Aquasana\":{\"name\":\"Aquasana\",\"autordr\":1,\"td\":5},\"Archives\":{\"name\":\"Archives\",\"autordr\":1,\"td\":25},\"Arden-B\":{\"name\":\"Arden B.\",\"autordr\":0,\"td\":2.5},\"ArhausJewels\":{\"name\":\"Arhaus Jewels\",\"autordr\":1,\"td\":3},\"Ariama\":{\"name\":\"Ariama\",\"autordr\":1,\"td\":4.5},\"Art.com\":{\"name\":\"Art.com\",\"autordr\":1,\"td\":7.5},\"Artisteer\":{\"name\":\"Artisteer\",\"autordr\":1,\"td\":5},\"ArtisticLabels\":{\"name\":\"Artistic Labels\",\"autordr\":1,\"td\":5},\"ArtistWorks\":{\"name\":\"ArtistWorks\",\"autordr\":1,\"td\":15},\"Ashford.com\":{\"name\":\"Ashford.com\",\"autordr\":1,\"td\":3},\"Ashley-Stewart\":{\"name\":\"Ashley Stewart\",\"autordr\":1,\"td\":6},\"Aspinal-of-London-US\":{\"name\":\"Aspinal of London US\",\"autordr\":1,\"td\":4},\"Astro-Gaming\":{\"name\":\"Astro Gaming\",\"autordr\":1,\"td\":2.5},\"Astrology.com\":{\"name\":\"Astrology.com\",\"autordr\":1,\"td\":10},\"ATT-Wireless\":{\"name\":\"AT&T Wireless\",\"autordr\":0},\"Atlantis-Bahamas\":{\"name\":\"Atlantis Bahamas\",\"autordr\":1,\"td\":2},\"Audible.com\":{\"name\":\"Audible.com\",\"autordr\":1},\"Audiobooks.com\":{\"name\":\"Audiobooks.com\",\"autordr\":1},\"Auto-Parts-EXPRESS\":{\"name\":\"Auto Parts EXPRESS\",\"autordr\":1,\"td\":3},\"Auto-Parts-Train\":{\"name\":\"Auto Parts Train\",\"autordr\":1},\"Auto-Parts-Warehouse\":{\"name\":\"Auto Parts Warehouse\",\"autordr\":1},\"AutoDesk\":{\"name\":\"AutoDesk\",\"autordr\":1},\"Automotix\":{\"name\":\"Automotix\",\"autordr\":1,\"td\":3},\"Autoparts123.com\":{\"name\":\"Autoparts123.com\",\"autordr\":1,\"td\":4.5},\"AutoPartsGIANT.com\":{\"name\":\"AutoPartsGIANT.com\",\"autordr\":1,\"td\":5},\"AutopiaCarCare\":{\"name\":\"Autopia Car Care\",\"autordr\":1,\"td\":3.5},\"AutoTrader.com\":{\"name\":\"Autotrader.com\",\"autordr\":1,\"td\":5},\"AutoTraderClassics.com\":{\"name\":\"AutoTraderClassics.com\",\"autordr\":1,\"td\":5},\"Avenue\":{\"name\":\"Avenue\",\"autordr\":1,\"td\":2.5},\"Avianca\":{\"name\":\"Avianca\",\"autordr\":1},\"Avira\":{\"name\":\"Avira\",\"autordr\":1,\"td\":12.5},\"Avis\":{\"name\":\"Avis Rent A Car\",\"autordr\":1,\"td\":1.5},\"Avon\":{\"name\":\"Avon\",\"autordr\":1,\"td\":3},\"Avon-Canada\":{\"name\":\"Avon Canada\",\"autordr\":1,\"td\":4},\"AxlsCloset\":{\"name\":\"Axl's Closet\",\"autordr\":1,\"td\":5},\"Babakul\":{\"name\":\"Babakul\",\"autordr\":1,\"td\":3},\"BabiesOnline.com\":{\"name\":\"BabiesOnline.com\",\"autordr\":1},\"Baboosh\":{\"name\":\"Baboosh\",\"autordr\":0,\"td\":5},\"Baby-First-TV\":{\"name\":\"Baby First TV\",\"autordr\":1,\"td\":10},\"Baby-Signs\":{\"name\":\"Baby Signs\",\"autordr\":1,\"td\":7.5},\"Babybasket.com\":{\"name\":\"Babybasket.com\",\"autordr\":1,\"td\":3.5},\"BabyEarth\":{\"name\":\"BabyEarth\",\"autordr\":1,\"td\":4},\"BabyShowerGamesAtoZ.com\":{\"name\":\"BabyShowerGamesAtoZ.com\",\"autordr\":1,\"td\":15},\"Backup-Genie\":{\"name\":\"Backup Genie\",\"autordr\":1},\"Avelle\":{\"name\":\"New Bag Borrow or Steal\",\"autordr\":0},\"BagsBuy.com\":{\"name\":\"BagsBuy.com\",\"autordr\":1,\"td\":8.5},\"Bake-Me-a-Wish\":{\"name\":\"Bake Me A Wish!\",\"autordr\":1,\"td\":4},\"Bambeco\":{\"name\":\"bambeco\",\"autordr\":1,\"td\":4},\"Barco-Products\":{\"name\":\"Barco Products\",\"autordr\":1,\"td\":6.25},\"Bare-Necessities\":{\"name\":\"Bare Necessities\",\"autordr\":1,\"td\":2.5},\"Barewalls\":{\"name\":\"Barewalls\",\"autordr\":1,\"td\":6.25},\"Bargain-Catalog-Outlet\":{\"name\":\"Bargain Catalog Outlet\",\"autordr\":0,\"td\":2.5},\"BargainStation.com\":{\"name\":\"BargainStation.com\",\"autordr\":1},\"Barkbox\":{\"name\":\"Barkbox\",\"autordr\":1},\"Barneys-New-York\":{\"name\":\"Barneys New York\",\"autordr\":0,\"td\":2.5},\"Barrons-Online-Magazine\":{\"name\":\"Barron's Online Magazine\",\"autordr\":1,\"td\":17.5},\"Baseball-Express\":{\"name\":\"Baseball Express\",\"autordr\":0,\"td\":2},\"Bass-Pro-Shops\":{\"name\":\"Bass Pro Shops\",\"autordr\":1,\"td\":2.5},\"Bates\":{\"name\":\"Bates\",\"autordr\":0,\"td\":5},\"Battery-Technology-Inc\":{\"name\":\"Battery Technology, Inc.\",\"autordr\":1,\"td\":10},\"BaubleBar\":{\"name\":\"BaubleBar\",\"autordr\":1,\"td\":3},\"The-Bay\":{\"name\":\"The Bay\",\"autordr\":1,\"td\":2.5},\"Baymont-Inn-and-Suites\":{\"name\":\"Baymont Inn & Suites\",\"autordr\":1,\"td\":1.5},\"BCBG.com\":{\"name\":\"BCBG.com\",\"autordr\":1,\"td\":2.5},\"BeBeautiful\":{\"name\":\"Be Beautiful\",\"autordr\":0,\"td\":5},\"Beach-Body\":{\"name\":\"Beach Body\",\"autordr\":1,\"td\":5},\"Beacon-Hotel\":{\"name\":\"Beacon Hotel\",\"autordr\":0,\"td\":5},\"Beadroom.com\":{\"name\":\"Beadroom.com\",\"autordr\":1,\"td\":5},\"Bearshare\":{\"name\":\"Bearshare\",\"autordr\":1},\"Beau-Ties-Ltd-of-Vermont\":{\"name\":\"Beau Ties Ltd. of Vermont\",\"autordr\":0,\"td\":3},\"Beaucoup-Favors\":{\"name\":\"Beau-coup Favors\",\"autordr\":1,\"td\":5},\"Beautorium\":{\"name\":\"Beautorium\",\"autordr\":1,\"td\":5},\"Beauty-Bridge\":{\"name\":\"Beauty Bridge\",\"autordr\":1,\"td\":7.5},\"Beauty-of-a-Site\":{\"name\":\"Beauty of a Site\",\"autordr\":1,\"td\":4},\"BeautyCollection.com\":{\"name\":\"BeautyCollection.com\",\"autordr\":1,\"td\":5},\"Beautyhabit\":{\"name\":\"Beautyhabit\",\"autordr\":1,\"td\":5},\"BeautySage\":{\"name\":\"BeautySage\",\"autordr\":1,\"td\":3.5},\"BeautyTrends\":{\"name\":\"BeautyTrends\",\"autordr\":1,\"td\":3.5},\"Bebe\":{\"name\":\"bebe\",\"autordr\":1,\"td\":2.5},\"Becker-Surf-and-Sport\":{\"name\":\"Becker Surf and Sport\",\"autordr\":1,\"td\":4.5},\"Bed-Bath-and-Beyond\":{\"name\":\"Bed Bath & Beyond\",\"a
user_pref("keyword.URL", "https://isearch.avg....7:33&sap=ku&q=");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/07/2012 at 5:07:03.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12 saque

saque

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 November 2012 - 07:18 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-07 08:41:38
-----------------------------
08:41:38.688 OS Version: Windows x64 6.1.7601 Service Pack 1
08:41:38.688 Number of processors: 8 586 0x3A09
08:41:38.688 ComputerName: SPARKLERAINBOW UserName: rainbow shine
08:41:39.936 Initialize success
08:44:19.874 AVAST engine defs: 12110700
08:44:45.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:44:45.302 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
08:44:45.317 Disk 0 MBR read successfully
08:44:45.317 Disk 0 MBR scan
08:44:45.317 Disk 0 Windows VISTA default MBR code
08:44:45.333 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
08:44:45.364 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14142 MB offset 81920
08:44:45.380 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939686 MB offset 29044736
08:44:45.426 Disk 0 scanning C:\Windows\system32\drivers
08:44:55.098 Service scanning
08:45:26.689 Modules scanning
08:45:26.689 Disk 0 trace - called modules:
08:45:26.720 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:45:27.219 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009f96790]
08:45:27.219 3 CLASSPNP.SYS[fffff880015cc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80078d5050]
08:45:28.623 AVAST engine scan C:\Windows
08:45:32.227 AVAST engine scan C:\Windows\system32
08:47:23.049 AVAST engine scan C:\Windows\system32\drivers
08:47:30.943 AVAST engine scan C:\Users\rainbow shine
08:56:19.972 AVAST engine scan C:\ProgramData
08:56:53.512 Scan finished successfully
09:27:04.941 Disk 0 MBR has been saved successfully to "C:\Users\rainbow shine\Desktop\MBR.dat"
09:27:04.941 The log file has been saved successfully to "C:\Users\rainbow shine\Desktop\aswMBR.txt"


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
rainbow shine :: SPARKLERAINBOW [administrator]

11/7/2012 8:34:11 AM
mbam-log-2012-11-07 (08-34-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202176
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\rainbow shine\Downloads\playalotgames_d146490.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)


The browser is looking better already!!

Thanks Maniac!

#13 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 November 2012 - 04:54 AM

Glad everything is fine now! :)

Please manually delete DDS and JunkWare Removal Tool.

Some malware prevention tips:
users.telenet.be/bluepatchy/miekiemoes/prevention.html


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#14 saque

saque

    New Member

  • Members
  • Pip
  • 10 posts

Posted 08 November 2012 - 07:56 PM

Thank you so much Maniac! You're great!

#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 November 2012 - 05:04 PM

You're welcome! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 09 November 2012 - 05:48 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users