david14433

Members
  • Content count

    19
  • Joined

  • Last visited

About david14433

  • Rank
    New Member
  1. I uninstalled the only version of java that was found, I ran javara and it said that I should close internet explorer, but the problem is that I checked system process in the task manager and didn't see it running. Then click OK and it gave me a text file that had nothing in it. That was all paraphrased. Thanks.
  2. OK guys I have had some help from you guys recently at this thread here. http://forums.malwarebytes.org/index.php?showtopic=131753&page=2#entry733223 So i thought I was OK but soon after the thread was taken down the internet would not work on the account we removed the malware after the laptop folded close. So I have been a bit lazy getting back, but this is something I have to fix for my sister. So can I get some help? We left off with the clean up program. I did download it and use it days ago. Here is the result. After running Security Check I got this text. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- Results of screen317's Security Check version 0.99.74 Windows 7 x64 (UAC is enabled) US/windows7/install-windows-7-service-pack- 1'>Out of date service pack!! Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 TuneUp Companion 2.4.2 Java 6 Update 21 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox 23.0.1 Firefox out of Date! Google Chrome 29.0.1547.66 Google Chrome 29.0.1547.76 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` --------------------------------------------------------------------------------------------------------------------------------------------------- Please note that I also have conduit search running in chrome. Though it was quarantined at one point I think. Thanks.
  3. OK guys it seems to be running fine. And we got rid of that MixDJ thing or whatever. So this is great. It's runing smooth. So what more could I ask for. I know I didn't answer right away but but I kept at it and we got it done. I'll let you know if something goes wrong. But it seems fine. Thanks again.
  4. OK guys I am back and me and my sister did it. I'll get back to you on how the computer is running when I get a chance. We also go rid of the Mixdj thing, so that is a big plus. Thanks. # AdwCleaner v3.004 - Report created 17/09/2013 at 15:39:03 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : sarah - SARAH-PC # Running from : C:\Users\sarah\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : CltMngSvc ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor [!] Folder Deleted : C:\ProgramData\boost_interprocess [!] Folder Deleted : C:\ProgramData\iMesh [!] Folder Deleted : C:\ProgramData\Partner [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moozy [!] Folder Deleted : C:\Program Files (x86)\blekkotb [!] Folder Deleted : C:\Program Files (x86)\Conduit [!] Folder Deleted : C:\Program Files (x86)\Ilivid [!] Folder Deleted : C:\Program Files (x86)\iMesh Applications [!] Folder Deleted : C:\Program Files (x86)\iMesh Applications\Mediabar [!] Folder Deleted : C:\Program Files (x86)\Moozy [!] Folder Deleted : C:\Program Files (x86)\RebateInformer [!] Folder Deleted : C:\Program Files (x86)\Searchprotect [!] Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar [!] Folder Deleted : C:\Program Files (x86)\BitTorrentControl_v12 [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moozy [!] Folder Deleted : C:\Users\sarah\AppData\Local\apn [!] Folder Deleted : C:\Users\sarah\AppData\Local\blekkotb [!] Folder Deleted : C:\Users\sarah\AppData\Local\Conduit [!] Folder Deleted : C:\Users\sarah\AppData\Local\cre [!] Folder Deleted : C:\Users\sarah\AppData\Local\Ilivid Player [!] Folder Deleted : C:\Users\sarah\AppData\Local\iMesh [!] Folder Deleted : C:\Users\sarah\AppData\Local\PackageAware [!] Folder Deleted : C:\Users\sarah\AppData\Local\Temp\CT3225826 [!] Folder Deleted : C:\Users\sarah\AppData\LocalLow\AppGraffiti [!] Folder Deleted : C:\Users\sarah\AppData\LocalLow\AVG Secure Search [!] Folder Deleted : C:\Users\sarah\AppData\LocalLow\blekkotb [!] Folder Deleted : C:\Users\sarah\AppData\LocalLow\Conduit [!] Folder Deleted : C:\Users\sarah\AppData\LocalLow\mediabarim [!] Folder Deleted : C:\Users\sarah\AppData\LocalLow\searchquband [!] Folder Deleted : C:\Users\sarah\AppData\LocalLow\Searchqutoolbar [!] Folder Deleted : C:\Users\sarah\AppData\LocalLow\wincoreimband [!] Folder Deleted : C:\Users\sarah\AppData\LocalLow\BitTorrentControl_v12 [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Searchprotect [!] Folder Deleted : C:\Users\Adrian\AppData\Local\blekkotb [!] Folder Deleted : C:\Users\Adrian\AppData\Local\Ilivid Player [!] Folder Deleted : C:\Users\Adrian\AppData\LocalLow\AppGraffiti [!] Folder Deleted : C:\Users\Adrian\AppData\LocalLow\AVG Secure Search [!] Folder Deleted : C:\Users\Adrian\AppData\LocalLow\blekkotb [!] Folder Deleted : C:\Users\Adrian\AppData\LocalLow\Inbox Toolbar [!] Folder Deleted : C:\Users\Adrian\AppData\LocalLow\mediabarim [!] Folder Deleted : C:\Users\Adrian\AppData\LocalLow\RebateInformer [!] Folder Deleted : C:\Users\Adrian\AppData\LocalLow\searchquband [!] Folder Deleted : C:\Users\Adrian\AppData\LocalLow\Searchqutoolbar [!] Folder Deleted : C:\Users\Adrian\AppData\LocalLow\searchresultstb [!] Folder Deleted : C:\Users\Adrian\AppData\LocalLow\wincoreimband [!] Folder Deleted : C:\Users\Adrian\AppData\Roaming\Searchprotect [!] Folder Deleted : C:\Users\Other\AppData\Local\blekkotb [!] Folder Deleted : C:\Users\Other\AppData\LocalLow\AppGraffiti [!] Folder Deleted : C:\Users\Other\AppData\LocalLow\blekkotb [!] Folder Deleted : C:\Users\Other\AppData\LocalLow\Inbox Toolbar [!] Folder Deleted : C:\Users\Other\AppData\LocalLow\mediabarim [!] Folder Deleted : C:\Users\Other\AppData\LocalLow\searchquband [!] Folder Deleted : C:\Users\Other\AppData\LocalLow\Searchqutoolbar [!] Folder Deleted : C:\Users\Other\AppData\LocalLow\searchresultstb [!] Folder Deleted : C:\Users\Other\AppData\LocalLow\Toolbar4 [!] Folder Deleted : C:\Users\Other\AppData\LocalLow\wincoreimband [!] Folder Deleted : C:\Users\Other\AppData\Roaming\Searchprotect [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\blekkotb [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Inbox Toolbar [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\mediabarim [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Searchqutoolbar [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Smartbar [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\CT3225826 [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\CT3298573 [!] Folder Deleted : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\n3re8aas.default\blekkotb [!] Folder Deleted : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\n3re8aas.default\mediabarim [!] Folder Deleted : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\n3re8aas.default\Searchqutoolbar [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} [!] Folder Deleted : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\n3re8aas.default\Extensions\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} [!] Folder Deleted : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\n3re8aas.default\Extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7} [!] Folder Deleted : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\n3re8aas.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7} [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\AppGraffiti@AppGraffiti.com [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [!] Folder Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055} [!] Folder Deleted : C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf File Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} File Deleted : C:\END File Deleted : C:\Users\Public\Desktop\Moozy.lnk File Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\Askcom.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml File Deleted : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\n3re8aas.default\searchplugins\search.xml File Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\Search_Results.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml File Deleted : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\SearchResults.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtect] Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\ilivid Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573 Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_dknkjnkhedbanphkkpbpcgoblmkbfhlf] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F12770-E60E-4DC6-9105-425BFACE7C73} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E9AB46-684A-45E0-98B9-2C3FC3D68553} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F7D2739-1491-4E8D-9630-A06B15672BDD} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{26C9E18C-3717-4BE1-A225-04E4471F5B6E}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\AppGraffiti Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Imesh Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\blekkotb Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\I Want This Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12 Key Deleted : HKLM\Software\AppGraffiti Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\ilivid Key Deleted : HKLM\Software\Imesh Key Deleted : HKLM\Software\iMeshMediabarTb Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\SearchquMediabarTb Key Deleted : HKLM\Software\BitTorrentControl_v12 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar Key Deleted : [x64] HKLM\SOFTWARE\DataMngr Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16447 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\prefs.js ] Line Deleted : user_pref("CT3225826.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3225826.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3225826.FF19Solved", "true"); Line Deleted : user_pref("CT3225826.FirstTime", "true"); Line Deleted : user_pref("CT3225826.FirstTimeFF3", "true"); Line Deleted : user_pref("CT3225826.UserID", "UN22971113853246025"); Line Deleted : user_pref("CT3225826.addressBarTakeOverEnabledInHidden", "true"); Line Deleted : user_pref("CT3225826.countryCode", "US"); Line Deleted : user_pref("CT3225826.defaultSearch", "false"); Line Deleted : user_pref("CT3225826.embeddedsData", "[{\"appId\":\"129830626805552092\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...] Line Deleted : user_pref("CT3225826.enableSearchFromAddressBar", "false"); Line Deleted : user_pref("CT3225826.firstTimeDialogOpened", "true"); Line Deleted : user_pref("CT3225826.fixPageNotFoundErrorByUser", "TRUE"); Line Deleted : user_pref("CT3225826.fixPageNotFoundErrorInHidden", "true"); Line Deleted : user_pref("CT3225826.fixUrls", true); Line Deleted : user_pref("CT3225826.fullUserID", "UN22971113853246025.IN.20130912155546"); Line Deleted : user_pref("CT3225826.installDate", "12/09/2013 15:55:31"); Line Deleted : user_pref("CT3225826.installSessionId", "-1"); Line Deleted : user_pref("CT3225826.installSp", "TRUE"); Line Deleted : user_pref("CT3225826.installType", "xpe"); Line Deleted : user_pref("CT3225826.installUsage", "2013-09-17T21:27:12.9608416+03:00"); Line Deleted : user_pref("CT3225826.installUsageEarly", "2013-09-17T21:27:07.0637392+03:00"); Line Deleted : user_pref("CT3225826.installerVersion", "1.5.4.4"); Line Deleted : user_pref("CT3225826.isCheckedStartAsHidden", true); Line Deleted : user_pref("CT3225826.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3225826.isFirstTimeToolbarLoading", "false"); Line Deleted : user_pref("CT3225826.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Line Deleted : user_pref("CT3225826.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3225826.lastVersion", "10.16.70.5"); Line Deleted : user_pref("CT3225826.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...] Line Deleted : user_pref("CT3225826.mam_gk_calledSetupService.enc", "MQ=="); Line Deleted : user_pref("CT3225826.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkFDcGx1cyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImRiNTUxM2EwLTAwNWYtNDJlYS1hODUxLTQ5OGUzMjU3NDE5MSIsImRvbWFpbnMiOlsiKiJ[...] Line Deleted : user_pref("CT3225826.mam_gk_currentVersion.enc", "MS4xMC40LjA="); Line Deleted : user_pref("CT3225826.mam_gk_installer_preapproved.enc", "ZmFsc2U="); Line Deleted : user_pref("CT3225826.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...] Line Deleted : user_pref("CT3225826.mam_gk_mamEnabled.enc", "dHJ1ZQ=="); Line Deleted : user_pref("CT3225826.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ=="); Line Deleted : user_pref("CT3225826.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...] Line Deleted : user_pref("CT3225826.mam_gk_userId.enc", "MWNlNDA4OGMtZGZmZS00NDI3LTg2NDItZjFiNjU2ZDBhY2E0"); Line Deleted : user_pref("CT3225826.migrateAppsAndComponents", true); Line Deleted : user_pref("CT3225826.openThankYouPage", "true"); Line Deleted : user_pref("CT3225826.openUninstallPage", "false"); Line Deleted : user_pref("CT3225826.revertSettingsEnabled", "FALSE"); Line Deleted : user_pref("CT3225826.search.searchAppId", "129830626805552092"); Line Deleted : user_pref("CT3225826.search.searchCount", "0"); Line Deleted : user_pref("CT3225826.searchInNewTabEnabledByUser", "false"); Line Deleted : user_pref("CT3225826.searchInNewTabEnabledInHidden", "true"); Line Deleted : user_pref("CT3225826.searchRevert", "FALSE"); Line Deleted : user_pref("CT3225826.searchSuggestEnabledByUser", "false"); Line Deleted : user_pref("CT3225826.searchUserMode", "2"); Line Deleted : user_pref("CT3225826.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3225826.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3225826.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); Line Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3225826\"}"); Line Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BitTorrentControl_v12\"}"); Line Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3225826.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); Line Deleted : user_pref("CT3225826.serviceLayer_services_Configuration_lastUpdate", "1379453288974"); Line Deleted : user_pref("CT3225826.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1379453293957"); Line Deleted : user_pref("CT3225826.serviceLayer_services_appsMetadata_lastUpdate", "1379453295019"); Line Deleted : user_pref("CT3225826.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1379453293584"); Line Deleted : user_pref("CT3225826.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1379453288964"); Line Deleted : user_pref("CT3225826.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1379453295714"); Line Deleted : user_pref("CT3225826.serviceLayer_services_login_10.16.70.5_lastUpdate", "1379453295426"); Line Deleted : user_pref("CT3225826.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1379453293314"); Line Deleted : user_pref("CT3225826.serviceLayer_services_searchAPI_lastUpdate", "1379453288989"); Line Deleted : user_pref("CT3225826.serviceLayer_services_serviceMap_lastUpdate", "1379453287958"); Line Deleted : user_pref("CT3225826.serviceLayer_services_toolbarContextMenu_lastUpdate", "1379453292777"); Line Deleted : user_pref("CT3225826.serviceLayer_services_toolbarSettings_lastUpdate", "1379453289005"); Line Deleted : user_pref("CT3225826.serviceLayer_services_translation_lastUpdate", "1379453295636"); Line Deleted : user_pref("CT3225826.settingsINI", true); Line Deleted : user_pref("CT3225826.shouldFirstTimeDialog", "false"); Line Deleted : user_pref("CT3225826.showToolbarPermission", "false"); Line Deleted : user_pref("CT3225826.smartbar.CTID", "CT3225826"); Line Deleted : user_pref("CT3225826.smartbar.Uninstall", "0"); Line Deleted : user_pref("CT3225826.smartbar.toolbarName", "BitTorrentControl_v12 "); Line Deleted : user_pref("CT3225826.startPage", "false"); Line Deleted : user_pref("CT3225826.toolbarBornServerTime", "17-9-2013"); Line Deleted : user_pref("CT3225826.toolbarCurrentServerTime", "17-9-2013"); Line Deleted : user_pref("CT3225826.toolbarLoginClientTime", "Tue Sep 17 2013 14:28:15 GMT-0700 (Pacific Standard Time)"); Line Deleted : user_pref("CT3225826.versionFromInstaller", "10.16.70.5"); Line Deleted : user_pref("CT3225826.xpeMode", "0"); Line Deleted : user_pref("CT3225826_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379453273715,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Line Deleted : user_pref("CT3298573.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3298573.FF19Solved", "true"); Line Deleted : user_pref("CT3298573.FirstTime", "true"); Line Deleted : user_pref("CT3298573.FirstTimeFF3", "true"); Line Deleted : user_pref("CT3298573.UserID", "UN20106946138275193"); Line Deleted : user_pref("CT3298573.addressBarTakeOverEnabledInHidden", "true"); Line Deleted : user_pref("CT3298573.browser.search.defaultthis.engineName", "true"); Line Deleted : user_pref("CT3298573.countryCode", "US"); Line Deleted : user_pref("CT3298573.defaultSearch", "true"); Line Deleted : user_pref("CT3298573.enableAlerts", "true"); Line Deleted : user_pref("CT3298573.enableSearchFromAddressBar", "true"); Line Deleted : user_pref("CT3298573.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}"); Line Deleted : user_pref("CT3298573.firstTimeDialogOpened", "true"); Line Deleted : user_pref("CT3298573.fixPageNotFoundError", "true"); Line Deleted : user_pref("CT3298573.fixPageNotFoundErrorByUser", "true"); Line Deleted : user_pref("CT3298573.fixPageNotFoundErrorInHidden", "true"); Line Deleted : user_pref("CT3298573.fullUserID", "UN20106946138275193.IN.20130822154649"); Line Deleted : user_pref("CT3298573.homepageuserchanged", true); Line Deleted : user_pref("CT3298573.installDate", "22/08/2013 15:46:55"); Line Deleted : user_pref("CT3298573.installId", "cid128_86"); Line Deleted : user_pref("CT3298573.installSessionId", "{BAFA97F3-4FB5-47DE-9C67-F61F235C0E96}"); Line Deleted : user_pref("CT3298573.installSp", "TRUE"); Line Deleted : user_pref("CT3298573.installType", "conduitnsisintegration"); Line Deleted : user_pref("CT3298573.installUsage", "2013-08-23T03:47:31.3115742+03:00"); Line Deleted : user_pref("CT3298573.installUsageEarly", "2013-08-23T03:47:06.2880514+03:00"); Line Deleted : user_pref("CT3298573.installerVersion", "1.6.1.1"); Line Deleted : user_pref("CT3298573.isCheckedStartAsHidden", true); Line Deleted : user_pref("CT3298573.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3298573.isFirstTimeToolbarLoading", "false"); Line Deleted : user_pref("CT3298573.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Line Deleted : user_pref("CT3298573.keyword", "true"); Line Deleted : user_pref("CT3298573.lastVersion", "10.19.2.505"); Line Deleted : user_pref("CT3298573.mam_gk_installer_preapproved.enc", "ZmFsc2U="); Line Deleted : user_pref("CT3298573.openThankYouPage", "false"); Line Deleted : user_pref("CT3298573.openUninstallPage", "true"); Line Deleted : user_pref("CT3298573.originalSearchEngine", "Google"); Line Deleted : user_pref("CT3298573.originalSearchEngineName", ""); Line Deleted : user_pref("CT3298573.revertSettingsEnabled", "false"); Line Deleted : user_pref("CT3298573.searchFromAddressBarEnabledByUser", "true"); Line Deleted : user_pref("CT3298573.searchInNewTabEnabledByUser", "true"); Line Deleted : user_pref("CT3298573.searchInNewTabEnabledInHidden", "true"); Line Deleted : user_pref("CT3298573.searchRevert", "false"); Line Deleted : user_pref("CT3298573.searchSuggestEnabledByUser", "true"); Line Deleted : user_pref("CT3298573.searchUserMode", "2"); Line Deleted : user_pref("CT3298573.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3298573.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3298573.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298573\"}"); Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V37 \"}"); Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3298573.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); Line Deleted : user_pref("CT3298573.serviceLayer_services_Configuration_lastUpdate", "1378630327435"); Line Deleted : user_pref("CT3298573.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1377229679486"); Line Deleted : user_pref("CT3298573.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1377229701790"); Line Deleted : user_pref("CT3298573.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378630328016"); Line Deleted : user_pref("CT3298573.serviceLayer_services_searchAPI_lastUpdate", "1378630327249"); Line Deleted : user_pref("CT3298573.serviceLayer_services_serviceMap_lastUpdate", "1378630326948"); Line Deleted : user_pref("CT3298573.serviceLayer_services_setupAPI_lastUpdate", "1377229679501"); Line Deleted : user_pref("CT3298573.serviceLayer_services_toolbarSettings_lastUpdate", "1378630328129"); Line Deleted : user_pref("CT3298573.serviceLayer_services_translation_lastUpdate", "1378630327996"); Line Deleted : user_pref("CT3298573.settingsINI", true); Line Deleted : user_pref("CT3298573.shouldFirstTimeDialog", "false"); Line Deleted : user_pref("CT3298573.showToolbarPermission", "false"); Line Deleted : user_pref("CT3298573.smartbar.CTID", "CT3298573"); Line Deleted : user_pref("CT3298573.smartbar.Uninstall", "0"); Line Deleted : user_pref("CT3298573.smartbar.homepage", "true"); Line Deleted : user_pref("CT3298573.smartbar.isHidden", true); Line Deleted : user_pref("CT3298573.smartbar.toolbarName", "MixiDJ V37 "); Line Deleted : user_pref("CT3298573.startPage", "true"); Line Deleted : user_pref("CT3298573.toolbarBornServerTime", "23-8-2013"); Line Deleted : user_pref("CT3298573.toolbarCurrentServerTime", "8-9-2013"); Line Deleted : user_pref("CT3298573.toolbarLoginClientTime", "Thu Aug 22 2013 20:48:21 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT3298573.versionFromInstaller", "10.19.2.5"); Line Deleted : user_pref("CT3298573.xpeMode", "0"); Line Deleted : user_pref("CT3298573_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379453269838,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", ""); Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", ""); Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298573"); Line Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search"); Line Deleted : user_pref("extensions.crossrider.bic", "13752dcbfdb72c7608c850aef9d794e9"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1337125028); Line Deleted : user_pref("extensions.crossriderapp2258.2258.active", true); Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeof _G[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 16); Line Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true); Line Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1337125028"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1337125028"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Thu Sep 12 2013 15:53:38 GMT-0700 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22facebook.com%2Cnonexistantdomain.com%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Thu Sep 19 2013 15:48:33 GMT-0700 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1379453267"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346297035039"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2236717%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346297034161"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.domain", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false); Line Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0); Line Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "92"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Tue Sep 17 2013 20:27:49 GMT-0700 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 7); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get(\"_[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 4); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};(function(){function f(n){return n<10?\"0\"+n:n}if(typeof Date.protot[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){for(css_prop in b)b.hasOwnProperty(css_prop)&&(c.style[css_prop]=b[css_prop])}function q(c,b){var c=[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&typeo[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 4); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,47,1000015"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15,1000014"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 17); Line Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true); Line Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0); Line Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false); Line Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360); Line Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 92); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.InstallationTime", 1337125028); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeo[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.backgroundver", 16); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.value", "1337125028"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Ob[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.ver", 7); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.name", "GPL Background (BG)"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.ver", 4); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.name", "CrossriderAppUtils"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.ver", 2); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.naviga[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.name", "CrossriderUtils"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.ver", 2); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date())[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.name", "FacebookFFIE"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.ver", 1); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version;b.platform=f.platfor[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.name", "FFAppAPIWrapper"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.ver", 3); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.name", "jQuery"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.ver", 3); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.name", "resources_background"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.ver", 1); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_0", "17,14,16,47,1000015"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_1", "17,14,13,16,15,1000014"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.pluginsversion", 16); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.ver", 91); Line Deleted : user_pref("extensions.crossriderapp2258.apps", "2258"); Line Deleted : user_pref("extensions.crossriderapp2258.bic", "13752dcbfdb72c7608c850aef9d794e9"); Line Deleted : user_pref("extensions.crossriderapp2258.cid", 2258); Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false); Line Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true); Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1337125028); Line Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22990888); Line Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22990888); Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1340956172367"); Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1340956172365"); Line Deleted : user_pref("extensions.crossriderapp2258.modetype", "production"); Line Deleted : user_pref("extensions.crossriderapp2258.updating", true); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.bing.com", "1300539965"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.ebay.", "1297127762"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.google.", "1295313222"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.hrblock.com,.taxact.com,.taxactonline.com,turbotax.intuit.com", "1300798967"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.msn.com", "1296510663"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.myspace.com", "1297127762"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.yahoo.com", "1296510663"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.youtube.com", "1296510663"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_/", "1292289111"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_amazon.com,www.ebay.,livingsocial.com,groupon.com,deals,coupons,discounts", "1295056441"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_dealsplugin.com", "1292553755"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_dealsplugin.com/", "1296172064"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_facebook.com", "1292289111"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_h", "1301110075"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_hxxp", "1295313222"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_iqquizgame.com", "1295056441"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_iqquizgame.com/", "1296172064"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_mail.aol.com", "1297387893"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_play-ga.me", "1295313222"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_play-ga.me/", "1296172064"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_revealmycrush.com", "1292289111"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_revealmycrush.com/", "1296172064"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_theclickcheck.com", "1301110075"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_unlock-this.com", "1295056441"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1295999963"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_unlock-this.com/plugin", "1295568503"); Line Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_www.google.", "1294415170"); Line Deleted : user_pref("extensions.enabledAddons", "AppGraffiti%40AppGraffiti.com:1.0.1.3,crossriderapp2258%40crossrider.com:0.86.92,%7B00f12770-e60e-4dc6-9105-425bface7c73%7D:1.0,%7B28387537-e3f9-4ed7-860c-11e69a[...] Line Deleted : user_pref("extensions.enabledItems", "crushcalc@gameplaylabs.com:1.0,textlinks@gamevance.com:1.0.0,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0,AppGraffiti@AppGraffiti.com:1.0.0.16,inboxcomtoolbar@inbox[...] Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298573"); Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573"); Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298573"); Line Deleted : user_pref("smartbar.machineId", "7IF4UZATWGIGAZD/0NIKQBYES5UDCAAEOJFT8WKJAOF3RHU1S0S8O6XH37UZDNDJT75H3J1LSTGF2DD/SQ0RLA"); [ File : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\n3re8aas.default\prefs.js ] Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7"); Line Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); Line Deleted : user_pref("extensions.crossrider.bic", "13752ed877bff4c7b54988fa7fd09d9e"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1337126127); Line Deleted : user_pref("extensions.crossriderapp2258.2258.active", true); Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbarenhanced", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeof _G[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 16); Line Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true); Line Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1337126127"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1337126127"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Tue Jan 08 2013 21:02:08 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Sun Jan 13 2013 16:00:44 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1357693222"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.value", "%221357677877%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346209520951"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[bigfarm.goodgamestudios.com].expiration", "Sun Jan 06 2013 14:01:51 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[bigfarm.goodgamestudios.com].value", "1357423311"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[freescore360.com].expiration", "Tue Nov 20 2012 21:48:32 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[freescore360.com].value", "1352872112"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[kizi.com].expiration", "Tue Dec 25 2012 16:06:46 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[kizi.com].value", "1356394006"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[pirate101.com].expiration", "Wed Dec 26 2012 22:17:14 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[pirate101.com].value", "1355984234"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[pogo.com].expiration", "Tue Nov 20 2012 11:22:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[pogo.com].value", "1352834520"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2236717%22"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346034437379"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.lastrequest.value", "%7B%22path%22%3A%22/action-games/tribot-fighter%22%2C%22host%22%3A%22www.a10.com%22%2C%22scheme%22%3A%22hxxp%22%7D"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.domain", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false); Line Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0); Line Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "99"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Tue Jan 08 2013 23:00:22 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 10); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get(\"_[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 4); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "// CrossriderAppUtils\n\n/**\n * Crossrider appAPI.selectedText. Plugin for text selection event \n * Provide your callback and g[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "// Initialize appAPI if it does not exist already.\nif(typeof(appAPI) === \"undefined\") {\n // This will happen for IE.\n appA[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){for(css_prop in b)b.hasOwnProperty(css_prop)&&(c.style[css_prop]=b[css_prop])}function q(c,b){var c=[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&typeo[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 4); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 1); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var j={};var e=appAPI.appInfo.name;var k=function(q,p,r){var o=\"[\"[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 1); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "(function(a){if(typeof a===\"undefined\"||typeof navigator===\"undefined\"||typeof navigator.userAgent===\"undefined\"){return;}a[...] Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.name", "CrossriderInfo"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.ver", 2); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,64,47,72,1000015"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,78,13,16,15,64,72,1000014"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 24); Line Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true); Line Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps"); Line Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0); Line Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false); Line Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", ""); Line Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360); Line Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 99); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.InstallationTime", 1337126127); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeo[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.backgroundver", 15); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.value", "1337126127"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Ob[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.ver", 7); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.name", "GPL Background (BG)"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.ver", 3); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.name", "CrossriderAppUtils"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.ver", 2); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.naviga[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.name", "CrossriderUtils"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.ver", 2); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date())[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.name", "FacebookFFIE"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.ver", 1); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version;b.platform=f.platfor[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.name", "FFAppAPIWrapper"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.ver", 3); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.name", "jQuery"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.ver", 3); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId[...] Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.name", "resources_background"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.ver", 1); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_0", "17,14,16,47,1000015"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_1", "17,14,13,16,15,1000014"); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.pluginsversion", 15); Line Deleted : user_pref("extensions.crossriderapp2258.73407340.ver", 90); Line Deleted : user_pref("extensions.crossriderapp2258.apps", "2258"); Line Deleted : user_pref("extensions.crossriderapp2258.bic", "13752ed877bff4c7b54988fa7fd09d9e"); Line Deleted : user_pref("extensions.crossriderapp2258.cid", 2258); Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false); Line Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true); Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1337126127); Line Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22629485); Line Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22629485); Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1340892402245"); Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1340892402237"); Line Deleted : user_pref("extensions.crossriderapp2258.modetype", "production"); Line Deleted : user_pref("extensions.enabledItems", "{BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0,{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6,crossriderapp2258@crossrider.com:0.81.43,firefox@zoodles.com:2.5,{972[...] Line Deleted : user_pref("somoto.bubble_src", "hxxp%3A//www.bigseekpro.com/widget/533e8dd6065764afea3aa871ee1fb6f8/bigseekpro/%7BF5C24A41-BBB6-1D92-49B9-24CE217F85AA%7D"); [ File : C:\Users\Other\AppData\Roaming\Mozilla\Firefox\Profiles\u4pdh8gs.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : icon_url Deleted : search_url Deleted : suggest_url Deleted : keyword [ File : C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [76722 octets] - [11/09/2013 17:42:05] AdwCleaner[R1].txt - [87877 octets] - [17/09/2013 14:48:43] AdwCleaner[s0].txt - [88903 octets] - [17/09/2013 15:39:03] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [88964 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.01.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 sarah :: SARAH-PC [administrator] 9/17/2013 6:41:19 PM mbam-log-2013-09-17 (18-41-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 273846 Time elapsed: 7 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Users\sarah\AppData\Local\Temp\crt694.tmp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Local\Temp\fft8B0D.tmp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Local\Temp\ietA49.tmp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end)
  5. Sorry I am very close to a family reunion, and will not be back until Monday. So we have been getting ready for that. I don't think it will be a good time to work on it until we get back. So I will see. I want to talk to my sister about this program. And for her, this is a low priority. So...... Thanks for your patience.
  6. Did you mean to uncheck regedit in the CCleaner under cleaner tab? Probably not I think but I am just checking. Thanks.
  7. Did you mean to uncheck regedit In the CCleaner? Thanks.
  8. And this. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013 Ran by sarah at 2013-09-06 17:32:29 Running from C:\Users\sarah\Desktop\softwares Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 3DVIA player 5.0 (x32 Version: 5.0.0.12) 3DVIA player 5.0.0.20 (x32 Version: 5.0.20) Adobe AIR (x32 Version: 2.5.1.17730) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) (x32 Version: 10.1.7) Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638) Airytec Switch Off (Version: 3.4.1) Anti-phishing Domain Advisor (x32 Version: 1.0.0.0) Apple Application Support (x32 Version: 2.1.6) Apple Mobile Device Support (Version: 4.0.0.97) Apple Software Update (x32 Version: 2.1.3.127) AVG Security Toolbar (x32 Version: 10.0.0.7) Best Buy Software Installer (Version: 2.1.0.29) Best Buy Software Installer (x32 Version: 2.1.0.29) Bird and Robinson 2.0 (x32 Version: 2.0) Bonjour (Version: 3.0.0.10) Brain Workshop 4.8.1 (x32 Version: 4.8.1) CameraHelperMsi (x32 Version: 13.31.1038.0) Canon IJ Network Scan Utility (x32) Canon IJ Network Tool (x32) Canon MP Navigator EX 2.1 (x32) Canon MX860 series MP Drivers Canon MX860 series User Registration (x32) Canon Utilities Easy-PhotoPrint EX (x32) Canon Utilities My Printer (x32) Canon Utilities Solution Menu (x32) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.4518.1014) Content Transfer (x32 Version: 1.2.0.07300) DAEMON Tools Lite (x32 Version: 4.41.3.0173) DANB Tutorial and Demo (x32 Version: 2.3.803.335) DealBulldog Toolbar (x32) dows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012) DVD Decrypter (Remove Only) (x32) erLT (x32 Version: 1.20.138.34) Facebook Plug-In (HKCU) FREE Hi-Q Recorder 1.92 (x32) Google Chrome (HKCU Version: 29.0.1547.66) Google Earth Plug-in (x32 Version: 7.1.1.1888) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752) Google Update Helper (x32 Version: 1.3.21.153) HyperCam 2 (x32 Version: 2.25.01) iLivid (x32 Version: 1.92.0.109635) iMesh (x32 Version: 11.0.0.118611) Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883) Intel® Matrix Storage Manager IrfanView (remove only) (x32 Version: 4.27) iTunes (Version: 10.5.3.3) Java 6 Update 21 (x32 Version: 6.0.210) Junk Mail filter update (x32 Version: 14.0.8089.726) Kid-Key-Lock 1.7.0.0 (x32) LeapFrog Connect (x32 Version: 3.2.19.13664) LeapFrog Leapster2 Plugin (x32 Version: 3.2.19.13664) LimeWire 5.4.6 (x32 Version: 5.4.6) Logitech Webcam Software (x32 Version: 2.31) LWS Facebook (x32 Version: 13.31.1038.0) LWS Gallery (x32 Version: 13.31.1038.0) LWS Help_main (x32 Version: 13.31.1044.0) LWS Launcher (x32 Version: 13.31.1038.0) LWS Motion Detection (x32 Version: 13.30.1395.0) LWS Pictures And Video (x32 Version: 13.31.1038.0) LWS Twitter (x32 Version: 13.30.1346.0) LWS Video Mask Maker (x32 Version: 13.30.1379.0) LWS VideoEffects (Version: 13.30.1379.0) LWS Webcam Software (x32 Version: 13.31.1038.0) LWS WLM Plugin (x32 Version: 1.30.1201.0) LWS YouTube Plugin (x32 Version: 13.31.1038.0) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) McAfee Security Scan Plus (x32 Version: 3.0.318.3) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2007 Service Pack 2 (SP2) (x32) Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000) Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32) Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Silverlight (x32 Version: 5.1.10411.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Tool Web Package:diskpart.exe (x32 Version: 1.0.0.1) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Microsoft Works (x32 Version: 9.7.0621) MixiDJ V37 Toolbar (x32 Version: 6.15.0.27) Moozy (x32) Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) MSVCRT (x32 Version: 14.0.1468.721) Norton Family (x32 Version: 2.8.0.14) Norton Security Scan (x32 Version: 3.0.0.103) Norton Security Suite (x32 Version: 4.4.0.12) NWZ-E340 WALKMAN Guide (x32 Version: 2.0.00.07010) OpenOffice.org 3.2 (x32 Version: 3.2.9502) Opera 11.64 (x32 Version: 11.64.1403) PlayReady PC Runtime amd64 (Version: 1.3.0) PowerFlashCard (x32) QuickTime (x32 Version: 7.71.80.42) Rapport (x32 Version: 3.5.1105.59) Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30101) Realtek WLAN Driver (x32 Version: 2.00.0006) Roxio Burn (x32 Version: 1.2) Roxio Express Labeler 3 (x32 Version: 3.2.1) Roxio Roxio Burn (x32 Version: 1.0.0) Roxio Update Manager (x32 Version: 6.0.0) Search Results Toolbar (x32 Version: 1.0.0.12) SoundCapture (x32 Version: 1.1.0) Souptoys (x32 Version: 1.6.0.8) Spam Free Search Bar (x32 Version: 1.0.0.12) Spotify (HKCU Version: 0.9.1.57.ge7405149) swMSM (x32 Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 13.2.6.1) TOSHIBA Application Installer (x32 Version: 9.0.1.0) TOSHIBA Assist (x32 Version: 3.00.09) TOSHIBA Bulletin Board (Version: 1.5.05.64) TOSHIBA Bulletin Board (x32 Version: 1.5.05.64) TOSHIBA ConfigFree (x32 Version: 8.0.21) TOSHIBA Disc Creator (Version: 2.1.0.1 for x64) TOSHIBA DVD PLAYER (x32 Version: 3.01.0.07-A) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00) TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: ) TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C) TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C) TOSHIBA HDD/SSD Alert (Version: 3.1.64.0) TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0) TOSHIBA Media Controller (x32 Version: 1.0.65) TOSHIBA Quality Application (x32 Version: 1.0.1) TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64) TOSHIBA ReelTime (Version: 1.5.07.64) TOSHIBA ReelTime (x32 Version: 1.5.07.64) TOSHIBA Service Station (x32 Version: 2.1.33) TOSHIBA Speech System Applications (x32 Version: 1.00.2518) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32) TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C) TOSHIBA Value Added Package (Version: 1.2.26.64) TOSHIBA Value Added Package (x32 Version: 1.2.26.64) ToshibaRegistration (x32 Version: 1.0.3) TrustyFiles (x32) TuneUp Companion 2.4.2 (x32 Version: 2.4.2) Tux of Math Command (remove only) (x32) TweetDeck (x32 Version: 0.36.2) Update for Microsoft Office Word 2007 (KB974631) (x32) Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) (x32) Utility Common Driver (x32 Version: 1.0.50.27C) VLC media player 2.0.2 (x32 Version: 2.0.2) VOICE4WEB (x32 Version: 1.0.0) Wincore MediaBar (x32 Version: 3.0.0.118597) Windows iLivid Toolbar (x32 Version: 3.0.0.112200) Windows Live Call (x32 Version: 14.0.8064.0206) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live Essentials (x32 Version: 14.0.8089.0726) Windows Live Essentials (x32 Version: 14.0.8089.726) Windows Live Mail (x32 Version: 14.0.8089.0726) Windows Live Messenger (x32 Version: 14.0.8089.0726) Windows Live Movie Maker (x32 Version: 14.0.8091.0730) Windows Live Photo Gallery (x32 Version: 14.0.8081.709) Windows Live Sign-in Assistant (x32 Version: 5.000.818.5) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live Upload Tool (x32 Version: 14.0.8014.1029) Windows Live Writer (x32 Version: 14.0.8089.0726) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {0A5A3F85-A8F0-4DA3-B4CD-A8C52875472F} - System32\Tasks\{6A5DF337-86C3-4AC4-8B37-5C47DE87F057} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe Task: {22DFD68F-0CF5-47F7-AF0F-8EDF5E9753E3} - System32\Tasks\{BFA4DA1E-A1CC-4E29-9435-D0367327EB77} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe Task: {3331E4EB-06BE-4A94-B589-36C03EA219D4} - System32\Tasks\Symantec\Symantec Error Analyzer 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation) Task: {42928985-4AA4-469E-B483-B0411BB64702} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2009-07-13] (Microsoft Corporation) Task: {451534AC-CD6F-41E7-AA27-28C37E3B7F5F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION) Task: {4880B092-57BC-43CC-BD2D-CAE34ACA5DB0} - System32\Tasks\{05DE2E19-528C-4725-BE8C-EF73EE629E76} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe Task: {58E33642-CF8C-4408-8C28-748BBC8B9ECB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5F05709A-4A22-458E-BB23-5435F4FFCA70} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 => C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\tampmon.exe [2013-07-24] (Symantec Corporation) Task: {7737400C-2BD7-4880-90FA-8082FE840B32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.) Task: {8D6D286C-BF19-4470-96D4-357061FF9D65} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.) Task: {90160B7D-9A15-45DE-A263-2730694A196E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2844117050-2618380543-1804570796-1003 => C:\Windows\System32\portabledeviceapi.dll [2009-07-13] (Microsoft Corporation) Task: {97AC04C8-D462-4827-AA11-11B1B560B15C} - System32\Tasks\{01618015-C59A-4DFC-ACC2-DDF9FD91D913} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe Task: {A09B9669-7426-4333-BDC8-562E3088FEF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.) Task: {A50E74C4-1942-4542-AEA1-3D775CFFE013} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.) Task: {A6C36EE7-002D-4975-A7B4-8E34302F2620} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.) Task: {AC29B55C-FF67-414B-A9FD-4B9446E9AEFB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated) Task: {C2D1BE75-D225-45E9-A186-47337AD2D01D} - System32\Tasks\Symantec\Symantec Error Processor 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation) Task: {CF20D084-C2EC-46FF-995C-0DE98583E027} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.) Task: {D4049FC0-2981-4ECC-A17B-9E4FDFA23BCF} - System32\Tasks\Norton Security Scan for sarah => C:\Program Files (x86)\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2012-10-03] (Symantec Corporation) Task: {DC0B0A9E-83F3-44F6-8C07-CB2B08CA1A39} - System32\Tasks\{E8FE5DDC-25E0-4403-8FCC-B3E83782FBBA} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core.job => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA.job => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core.job => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA.job => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\Norton Security Scan for sarah.job => C:\PROGRA~2\NORTON~2\Engine\300~1.103\Nss.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-31 14:52 - 2010-03-18 14:37 - 02495344 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll 2011-10-31 14:52 - 2011-08-03 21:25 - 00985472 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccL90U.dll 2011-10-31 14:52 - 2011-08-21 19:53 - 00087976 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\EFACli64.dll 2011-10-31 14:52 - 2011-08-03 21:19 - 00113024 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccVrTrst.dll 2011-10-31 14:52 - 2011-08-03 21:19 - 00419712 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccSet.dll 2011-10-31 14:52 - 2011-08-03 21:19 - 00230784 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccIPC.dll 2011-10-31 14:52 - 2011-08-03 21:19 - 00200064 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccGEvt.dll 2009-07-13 17:22 - 2009-07-13 18:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2012-01-24 17:52 - 2009-07-06 18:07 - 00104448 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\cnmpu.dll 2012-01-24 17:52 - 2009-07-06 18:07 - 00093184 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyRes.dll 2009-08-03 19:18 - 2009-08-03 19:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2009-08-03 19:19 - 2009-08-03 19:19 - 00265584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll 2013-08-16 23:50 - 2013-08-16 23:50 - 00853896 ____T (Google Inc.) C:\Users\sarah\AppData\Local\Google\Update\1.3.21.153\goopdate.dll 2012-01-17 12:18 - 2012-01-17 12:18 - 00309416 _____ (Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll 2011-09-14 10:19 - 2011-09-14 10:19 - 02348544 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll 2011-09-14 10:19 - 2011-09-14 10:19 - 08500224 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll 2011-11-12 13:05 - 2011-11-12 13:05 - 00085856 _____ (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\DeviceHooks\LeapsterDeviceHook.dll 2010-03-15 16:57 - 2010-03-15 16:57 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll 2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\windows\system32\dnssd.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2011-09-25 19:00 - 2011-09-25 19:00 - 02680632 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll 2011-09-19 20:38 - 2011-09-19 20:38 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2012-10-30 03:37 - 2012-10-30 03:37 - 00688440 _____ (Trusteer Ltd.) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll 2012-05-28 15:51 - 2012-05-28 15:51 - 00520464 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll 2011-03-31 19:14 - 2011-09-25 19:00 - 00522040 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.DLL 2011-03-31 19:14 - 2011-09-25 19:00 - 00505656 _____ (Trusteer Ltd.) c:\program files (x86)\trusteer\rapport\bin\rooksdol.dll 2011-03-31 19:14 - 2011-03-10 21:09 - 00198456 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 ==================== Faulty Device Manager Devices ============= Name: Canon MX860 ser Network Description: Canon MX860 ser Network Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Canon Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 151601 Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 151601 Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 146656 Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 146656 Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 137811 Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 137811 Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/06/2013 01:49:13 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 128700 System errors: ============= Error: (09/06/2013 05:32:15 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (09/06/2013 05:31:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. Error: (09/06/2013 05:31:15 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service. Error: (09/06/2013 05:30:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. Error: (09/06/2013 05:30:15 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. Error: (09/06/2013 05:29:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (09/06/2013 05:29:15 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. Error: (09/06/2013 05:28:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. Error: (09/06/2013 05:28:15 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service. Error: (09/06/2013 05:27:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 2936.89 MB Available physical RAM: 1918.5 MB Total Pagefile: 5871.92 MB Available Pagefile: 4458.13 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (TI105756W0B) (Fixed) (Total:222.43 GB) (Free:116.49 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: CE865B76) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=9 GB) - (Type=17) ==================== End Of Log ============================
  9. OK here it is. Thanks. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013 Ran by sarah (administrator) on SARAH-PC on 06-09-2013 17:31:02 Running from C:\Users\sarah\Desktop\softwares Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\ccSvcHst.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Google Inc.) C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe (Spotify Ltd) C:\Users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKCU\...\Run: [Google Update] - C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-15] (Google Inc.) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-30] (Google Inc.) HKCU\...\Run: [spotify Web Helper] - C:\Users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-08-09] (Spotify Ltd) HKCU\...\Run: [spotify] - C:\Users\sarah\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-08-09] (Spotify Ltd) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.) HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x] HKLM-x32\...\Run: [Anti-phishing Domain Advisor] - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [232616 2012-01-17] (Visicom Media Inc. (Powered by Panda Security)) HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKU\Adrian\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-30] (Google Inc.) HKU\Adrian\...\Run: [Google Update] - C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-14] (Google Inc.) HKU\Adrian\...\Run: [spotify] - C:\Users\Adrian\AppData\Roaming\Spotify\Spotify.exe [7609560 2012-07-17] (Spotify Ltd) HKU\Adrian\...\Run: [spotify Web Helper] - C:\Users\Adrian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1192664 2012-07-17] () HKU\Adrian\...\Run: [searchProtect] - C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit) HKU\Other\...\Run: [searchProtect] - C:\Users\Other\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit) AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll [1791368 2011-12-08] (iMesh, Inc) AppInit_DLLs-x32: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll [1233800 2011-12-08] (iMesh, Inc) Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®) Startup: C:\Users\Other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®) Startup: C:\Users\Other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN17200070776729218&UM=2&UP=SP37BEA170-16C6-4977-9BA3-7CB2EFC5F7A5 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File URLSearchHook: (No Name) - {eef3855c-fc2d-41e6-8d91-d368f51b3055} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1150&systemid=1&sr=0&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {6EF2E011-FEE7-40C0-922B-811FB7907F67} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1150&systemid=1&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - DefaultScope {6EF2E011-FEE7-40C0-922B-811FB7907F67} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN17200070776729218&UM=2 SearchScopes: HKCU - {45BC80C2-FFBE-40B5-83B7-96B033A33C29} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002U2US&apn_uid=41fb210d-0095-4146-88ce-37f0f75a82bd&apn_sauid=DD5906D3-9E9D-4EC9-9D83-F9025D1A4E1A SearchScopes: HKCU - {6EF2E011-FEE7-40C0-922B-811FB7907F67} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN17200070776729218&UM=2 SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6F7952B5-271F-404A-B90B-6BD42681FEEE}&mid=2c9c41595ba447d1b620d16f6416622b-733d390c622409d4338976f8e59133f30148332d〈=en&ds=ins12&pr=sa&d=2012-03-03 18:01:55&v=10.0.0.7&sap=dsp&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1150&systemid=1&sr=0&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80383&lng=en BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Updater For Spam Free Search Bar - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media) BHO-x32: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll () BHO-x32: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () BHO-x32: Search Results Toolbar - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll (Ask.com) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll No File BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\coIEPlg.dll (Symantec Corporation) BHO-x32: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MixiDJ V37 Toolbar - {eef3855c-fc2d-41e6-8d91-d368f51b3055} - C:\Program Files (x86)\MixiDJ_V37\prxtbMixi.dll (Conduit Ltd.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll No File Toolbar: HKLM-x32 - Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll () Toolbar: HKLM-x32 - Search Results Toolbar - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll (Ask.com) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - MixiDJ V37 Toolbar - {eef3855c-fc2d-41e6-8d91-d368f51b3055} - C:\Program Files (x86)\MixiDJ_V37\prxtbMixi.dll (Conduit Ltd.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {EEF3855C-FC2D-41E6-8D91-D368F51B3055} - No File DPF: HKLM-x32 {68459DB3-59C9-449D-815B-65F729385C16} http://www.voice4web.com/vs.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll No File ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\sarah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\sarah\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\sarah\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\inbox-search.xml FF SearchPlugin: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\mixidj-v37-customized-web-search.xml FF SearchPlugin: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\SearchResults.xml FF SearchPlugin: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml FF Extension: AppGraffiti - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\AppGraffiti@AppGraffiti.com FF Extension: No Name - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\crossriderapp2258@crossrider.com FF Extension: Secret Crush Revealer - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\crushcalc@gameplaylabs.com FF Extension: Spam Free Search Bar - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{00f12770-e60e-4dc6-9105-425bface7c73} FF Extension: Wincore Mediabar - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} FF Extension: Search Results Toolbar - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{348bd83c-b2cd-4319-a605-c96bb458dd80} FF Extension: Searchqu Toolbar - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} FF Extension: MixiDJ V37 - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055} FF Extension: No Name - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\ Chrome: ======= CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN35743545431406832&ctid=CT3298573&UM=2 CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN35743545431406832&UM=2 CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\sarah\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\sarah\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\sarah\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (registryAccess) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.15.1.22682_0\background/registryAccess.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (3DVIA player) - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Plugin) - C:\Users\sarah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Norton Family) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.8.0.14_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [aaaaaaooaijelonlmbcbjkocdnicdfmo] - C:\Users\sarah\AppData\Local\APN\GoogleCRXs\aaaaaaooaijelonlmbcbjkocdnicdfmo_7.14.1.0.crx CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\sarah\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\Extensions\Chrome.crx CHR StartMenuInternet: Google Chrome - C:\Users\sarah\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation) R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\ccSvcHst.exe [143928 2012-08-18] (Symantec Corporation) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [919352 2011-09-25] (Trusteer Ltd.) S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation) R1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation) R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0208000.00E\ccSetx64.sys [168096 2012-08-06] (Symantec Corporation) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-09-07] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130905.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130905.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130905.018\ENG64.SYS [126040 2013-08-28] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130905.018\ENG64.SYS [126040 2013-08-28] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130905.018\EX64.SYS [2099288 2013-08-28] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130905.018\EX64.SYS [2099288 2013-08-28] (Symantec Corporation) R1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] () R1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] () R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-09-25] (Trusteer Ltd.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-09-25] (Trusteer Ltd.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [64272 2011-09-25] (Trusteer Ltd.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-09-25] (Trusteer Ltd.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-09-25] (Trusteer Ltd.) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-08-20] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-09-07] () S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-20] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation) S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\system32\drivers\NSMx64\0208000.00E\SymRdrS.SYS [243872 2012-07-20] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation) U3 ackp4bod; C:\Windows\System32\Drivers\ackp4bod.sys [0 ] (Intel Corporation) S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-06 00:47 - 2013-09-06 00:47 - 00003410 _____ C:\windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2013-09-05 20:51 - 2013-09-05 20:51 - 00000956 _____ C:\Users\Public\Desktop\Airytec Switch Off.lnk 2013-09-04 17:23 - 2013-09-04 17:23 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Airytec 2013-09-04 00:05 - 2013-09-04 00:05 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Airytec 2013-09-03 21:22 - 2013-09-03 21:22 - 00000000 ____D C:\ProgramData\Airytec 2013-09-03 20:56 - 2013-09-04 20:59 - 00000000 ____D C:\Users\Other\AppData\Roaming\Airytec 2013-09-03 20:40 - 2013-09-03 21:23 - 00000000 ____D C:\Users\Other\AppData\Local\CrashDumps 2013-09-03 18:04 - 2013-09-06 17:28 - 00000000 ____D C:\Users\sarah\Desktop\softwares 2013-09-03 16:58 - 2013-09-03 16:58 - 00000000 ____D C:\Program Files (x86)\uvnc bvba 2013-09-03 16:51 - 2013-09-05 20:51 - 00000000 ____D C:\Program Files\Airytec 2013-09-03 12:49 - 2013-09-03 12:49 - 00000000 ____D C:\Users\Default\AppData\Local\Toshiba 2013-09-03 12:49 - 2013-09-03 12:49 - 00000000 ____D C:\Users\Default User\AppData\Local\Toshiba 2013-09-03 12:47 - 2013-09-03 12:47 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Malwarebytes 2013-08-28 21:37 - 2013-08-28 21:37 - 03948219 _____ C:\Users\sarah\Downloads\IMG_0267.MOV 2013-08-28 21:25 - 2013-08-28 21:25 - 05263319 _____ C:\Users\sarah\Downloads\IMG_0909.MOV 2013-08-28 21:22 - 2013-08-28 21:22 - 05033922 _____ C:\Users\sarah\Downloads\IMG_0258.MOV 2013-08-28 21:21 - 2013-08-28 21:22 - 03409133 _____ C:\Users\sarah\Downloads\IMG_0030.MOV 2013-08-27 22:58 - 2013-08-27 22:58 - 00000000 ____D C:\Users\Other\AppData\Roaming\Unity 2013-08-27 21:30 - 2013-08-27 21:30 - 00648144 _____ (Unity Technologies ApS) C:\Users\Other\Downloads\UnityWebPlayer.exe 2013-08-27 21:30 - 2013-08-27 21:30 - 00000000 ____D C:\Users\Other\AppData\Local\Unity 2013-08-27 21:12 - 2013-08-27 21:12 - 00000000 ____D C:\Users\Other\AppData\Local\Macromedia 2013-08-27 21:11 - 2013-08-27 21:11 - 00000000 ____D C:\Users\Other\AppData\Roaming\Mozilla 2013-08-27 21:11 - 2013-08-27 21:11 - 00000000 ____D C:\Users\Other\AppData\Local\Mozilla 2013-08-27 21:10 - 2013-08-27 21:10 - 00000000 ____D C:\Users\Other\AppData\Local\Best_Buy® 2013-08-26 20:48 - 2013-08-26 20:48 - 00000000 ____D C:\Users\Other\AppData\Local\Logitech® Webcam Software 2013-08-26 20:46 - 2013-08-30 18:02 - 00000000 ____D C:\Users\Other\AppData\Roaming\SearchProtect 2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Malwarebytes 2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-25 20:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-08-25 19:51 - 2013-08-25 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-25 19:11 - 2013-08-25 19:11 - 00000034 _____ C:\Users\sarah\Desktop\trogans.txt 2013-08-23 22:02 - 2013-08-30 18:02 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\SearchProtect 2013-08-22 23:09 - 2013-08-23 00:00 - 00000027 _____ C:\Users\sarah\Desktop\temp.txt 2013-08-22 20:40 - 2013-08-22 20:41 - 01445960 _____ C:\windows\Minidump\082213-43461-01.dmp 2013-08-22 20:40 - 2013-08-22 20:40 - 541178427 _____ C:\windows\MEMORY.DMP 2013-08-22 20:40 - 2013-08-22 20:40 - 00000000 ____D C:\windows\Minidump 2013-08-22 15:51 - 2013-08-22 15:52 - 02497632 _____ C:\Users\sarah\Downloads\k9-webprotection.exe 2013-08-22 15:49 - 2013-08-30 18:55 - 00000000 ____D C:\Program Files (x86)\MixiDJ_V37 2013-08-22 15:49 - 2013-08-22 15:49 - 00000000 ____D C:\Users\sarah\AppData\Local\Conduit 2013-08-22 15:47 - 2013-08-30 18:05 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2013-08-22 15:47 - 2013-08-30 18:02 - 00000000 ____D C:\Users\sarah\AppData\Roaming\SearchProtect 2013-08-22 15:47 - 2013-08-22 15:49 - 00000000 ____D C:\Program Files (x86)\Conduit 2013-08-22 15:47 - 2013-08-22 15:48 - 00000000 ____D C:\Users\sarah\AppData\Local\CRE 2013-08-22 15:46 - 2013-08-22 15:51 - 00000009 _____ C:\END 2013-08-22 15:45 - 2013-08-22 15:45 - 00584600 _____ C:\Users\sarah\Desktop\cbsidlm-tr1_14-K9_Web_Protection-SEO-10487710.exe 2013-08-22 15:33 - 2013-08-22 15:33 - 02395901 _____ C:\Users\sarah\Downloads\SentrySuite.exe 2013-08-22 15:07 - 2013-08-22 15:07 - 02395901 _____ C:\Users\Other\Downloads\SentrySuite.exe 2013-08-22 15:04 - 2013-08-22 15:04 - 00584600 _____ C:\Users\Adrian\Downloads\cbsidlm-tr1_14-Sentry_Total_Family_Protection-SEO-10850491.exe 2013-08-20 12:55 - 2013-08-20 12:55 - 00000000 ____D C:\windows\system32\Drivers\NSMx64 2013-08-20 12:55 - 2013-08-20 12:55 - 00000000 ____D C:\Program Files (x86)\Norton Family 2013-08-20 12:43 - 2013-08-20 13:01 - 00001290 _____ C:\Users\Adrian\Desktop\Norton Installation Files.lnk 2013-08-20 12:43 - 2013-08-20 12:43 - 00915768 _____ (Symantec Corporation) C:\Users\Adrian\Downloads\NF_Installer.exe 2013-08-19 18:08 - 2013-08-19 18:08 - 03010440 _____ (GamingWonderland) C:\Users\Adrian\Downloads\GamingWonderlandCrxSetup.91D2CA31-F53D-40CC-A9BD-C9A69324A54D.exe 2013-08-18 15:33 - 2013-08-18 15:33 - 01146184 _____ (Microsoft Corporation) C:\Users\Adrian\Downloads\wlsetup-web.exe ==================== One Month Modified Files and Folders ======= 2013-09-06 17:31 - 2009-12-21 11:11 - 01168137 _____ C:\windows\WindowsUpdate.log 2013-09-06 17:30 - 2013-09-06 17:30 - 00000000 ____D C:\FRST 2013-09-06 17:28 - 2013-09-03 18:04 - 00000000 ____D C:\Users\sarah\Desktop\softwares 2013-09-06 17:26 - 2011-03-14 23:17 - 00002380 _____ C:\Users\sarah\Desktop\Google Chrome.lnk 2013-09-06 17:24 - 2012-05-14 04:06 - 00000000 ____D C:\ProgramData\Anti-phishing Domain Advisor 2013-09-06 01:38 - 2012-03-14 02:48 - 00002385 _____ C:\Users\Adrian\Desktop\Google Chrome.lnk 2013-09-06 01:38 - 2012-03-14 02:47 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA.job 2013-09-06 01:11 - 2012-05-08 18:33 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-09-06 01:00 - 2010-02-16 11:34 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA.job 2013-09-06 01:00 - 2010-02-15 00:42 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-06 00:47 - 2013-09-06 00:47 - 00003410 _____ C:\windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 2013-09-06 00:37 - 2012-03-14 02:47 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core.job 2013-09-06 00:01 - 2010-02-15 00:42 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-06 00:00 - 2010-02-16 11:34 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core.job 2013-09-05 21:09 - 2009-07-13 21:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-05 21:09 - 2009-07-13 21:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-05 20:53 - 2012-09-24 17:37 - 00008822 _____ C:\windows\setupact.log 2013-09-05 20:53 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-09-05 20:51 - 2013-09-05 20:51 - 00000956 _____ C:\Users\Public\Desktop\Airytec Switch Off.lnk 2013-09-05 20:51 - 2013-09-03 16:51 - 00000000 ____D C:\Program Files\Airytec 2013-09-05 20:45 - 2012-01-26 11:12 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Spotify 2013-09-05 20:44 - 2011-04-11 08:12 - 00000000 ____D C:\Users\Adrian\AppData\Local\CrashDumps 2013-09-04 20:59 - 2013-09-03 20:56 - 00000000 ____D C:\Users\Other\AppData\Roaming\Airytec 2013-09-04 17:23 - 2013-09-04 17:23 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Airytec 2013-09-04 12:58 - 2009-07-13 22:13 - 01359678 _____ C:\windows\system32\PerfStringBackup.INI 2013-09-04 00:07 - 2012-04-19 18:11 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Spotify 2013-09-04 00:05 - 2013-09-04 00:05 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Airytec 2013-09-03 21:23 - 2013-09-03 20:40 - 00000000 ____D C:\Users\Other\AppData\Local\CrashDumps 2013-09-03 21:22 - 2013-09-03 21:22 - 00000000 ____D C:\ProgramData\Airytec 2013-09-03 18:47 - 2012-12-25 01:31 - 00000000 ____D C:\Users\Other\AppData\Roaming\Google 2013-09-03 16:58 - 2013-09-03 16:58 - 00000000 ____D C:\Program Files (x86)\uvnc bvba 2013-09-03 16:14 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF 2013-09-03 15:42 - 2012-01-26 11:12 - 00000000 ____D C:\Users\sarah\AppData\Local\Spotify 2013-09-03 12:49 - 2013-09-03 12:49 - 00000000 ____D C:\Users\Default\AppData\Local\Toshiba 2013-09-03 12:49 - 2013-09-03 12:49 - 00000000 ____D C:\Users\Default User\AppData\Local\Toshiba 2013-09-03 12:48 - 2009-07-13 22:08 - 00032542 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-09-03 12:47 - 2013-09-03 12:47 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Malwarebytes 2013-09-02 16:12 - 2010-09-12 11:49 - 00000000 ____D C:\Baby Left brain 2013-09-02 01:35 - 2012-05-14 04:06 - 00000000 ____D C:\Users\Other\AppData\Local\Google 2013-08-30 18:55 - 2013-08-22 15:49 - 00000000 ____D C:\Program Files (x86)\MixiDJ_V37 2013-08-30 18:05 - 2013-08-22 15:47 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2013-08-30 18:05 - 2009-11-30 21:44 - 00377286 _____ C:\windows\PFRO.log 2013-08-30 18:02 - 2013-08-26 20:46 - 00000000 ____D C:\Users\Other\AppData\Roaming\SearchProtect 2013-08-30 18:02 - 2013-08-23 22:02 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\SearchProtect 2013-08-30 18:02 - 2013-08-22 15:47 - 00000000 ____D C:\Users\sarah\AppData\Roaming\SearchProtect 2013-08-28 21:37 - 2013-08-28 21:37 - 03948219 _____ C:\Users\sarah\Downloads\IMG_0267.MOV 2013-08-28 21:25 - 2013-08-28 21:25 - 05263319 _____ C:\Users\sarah\Downloads\IMG_0909.MOV 2013-08-28 21:22 - 2013-08-28 21:22 - 05033922 _____ C:\Users\sarah\Downloads\IMG_0258.MOV 2013-08-28 21:22 - 2013-08-28 21:21 - 03409133 _____ C:\Users\sarah\Downloads\IMG_0030.MOV 2013-08-27 22:58 - 2013-08-27 22:58 - 00000000 ____D C:\Users\Other\AppData\Roaming\Unity 2013-08-27 21:30 - 2013-08-27 21:30 - 00648144 _____ (Unity Technologies ApS) C:\Users\Other\Downloads\UnityWebPlayer.exe 2013-08-27 21:30 - 2013-08-27 21:30 - 00000000 ____D C:\Users\Other\AppData\Local\Unity 2013-08-27 21:12 - 2013-08-27 21:12 - 00000000 ____D C:\Users\Other\AppData\Local\Macromedia 2013-08-27 21:11 - 2013-08-27 21:11 - 00000000 ____D C:\Users\Other\AppData\Roaming\Mozilla 2013-08-27 21:11 - 2013-08-27 21:11 - 00000000 ____D C:\Users\Other\AppData\Local\Mozilla 2013-08-27 21:10 - 2013-08-27 21:10 - 00000000 ____D C:\Users\Other\AppData\Local\Best_Buy® 2013-08-26 21:54 - 2012-06-24 16:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-26 20:48 - 2013-08-26 20:48 - 00000000 ____D C:\Users\Other\AppData\Local\Logitech® Webcam Software 2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Malwarebytes 2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-25 19:51 - 2013-08-25 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-25 19:11 - 2013-08-25 19:11 - 00000034 _____ C:\Users\sarah\Desktop\trogans.txt 2013-08-23 21:29 - 2010-02-14 23:35 - 00000000 ____D C:\Users\sarah\AppData\Local\Google 2013-08-23 00:11 - 2010-06-08 18:07 - 00000000 ____D C:\Users\sarah\Desktop\OpenOffice.org 3.2 (en-US) Installation Files 2013-08-23 00:00 - 2013-08-22 23:09 - 00000027 _____ C:\Users\sarah\Desktop\temp.txt 2013-08-22 23:38 - 2012-12-20 16:43 - 00000000 ____D C:\Users\sarah\AppData\Roaming\BitTorrent 2013-08-22 23:08 - 2009-07-13 20:20 - 00000000 ____D C:\windows\Registration 2013-08-22 20:41 - 2013-08-22 20:40 - 01445960 _____ C:\windows\Minidump\082213-43461-01.dmp 2013-08-22 20:40 - 2013-08-22 20:40 - 541178427 _____ C:\windows\MEMORY.DMP 2013-08-22 20:40 - 2013-08-22 20:40 - 00000000 ____D C:\windows\Minidump 2013-08-22 15:52 - 2013-08-22 15:51 - 02497632 _____ C:\Users\sarah\Downloads\k9-webprotection.exe 2013-08-22 15:51 - 2013-08-22 15:46 - 00000009 _____ C:\END 2013-08-22 15:49 - 2013-08-22 15:49 - 00000000 ____D C:\Users\sarah\AppData\Local\Conduit 2013-08-22 15:49 - 2013-08-22 15:47 - 00000000 ____D C:\Program Files (x86)\Conduit 2013-08-22 15:48 - 2013-08-22 15:47 - 00000000 ____D C:\Users\sarah\AppData\Local\CRE 2013-08-22 15:45 - 2013-08-22 15:45 - 00584600 _____ C:\Users\sarah\Desktop\cbsidlm-tr1_14-K9_Web_Protection-SEO-10487710.exe 2013-08-22 15:33 - 2013-08-22 15:33 - 02395901 _____ C:\Users\sarah\Downloads\SentrySuite.exe 2013-08-22 15:07 - 2013-08-22 15:07 - 02395901 _____ C:\Users\Other\Downloads\SentrySuite.exe 2013-08-22 15:04 - 2013-08-22 15:04 - 00584600 _____ C:\Users\Adrian\Downloads\cbsidlm-tr1_14-Sentry_Total_Family_Protection-SEO-10850491.exe 2013-08-20 18:12 - 2012-05-08 18:33 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-08-20 18:12 - 2012-05-08 18:33 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-08-20 18:12 - 2011-09-03 11:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-20 13:01 - 2013-08-20 12:43 - 00001290 _____ C:\Users\Adrian\Desktop\Norton Installation Files.lnk 2013-08-20 13:01 - 2009-12-21 11:47 - 00000000 ____D C:\ProgramData\Norton 2013-08-20 12:55 - 2013-08-20 12:55 - 00000000 ____D C:\windows\system32\Drivers\NSMx64 2013-08-20 12:55 - 2013-08-20 12:55 - 00000000 ____D C:\Program Files (x86)\Norton Family 2013-08-20 12:55 - 2011-03-31 22:20 - 00177312 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2013-08-20 12:55 - 2011-03-31 22:20 - 00007466 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2013-08-20 12:55 - 2011-03-31 22:19 - 00000000 ____D C:\Program Files\Symantec 2013-08-20 12:43 - 2013-08-20 12:43 - 00915768 _____ (Symantec Corporation) C:\Users\Adrian\Downloads\NF_Installer.exe 2013-08-20 12:43 - 2011-03-31 21:32 - 00000000 ____D C:\Users\Public\Downloads\Norton 2013-08-19 18:08 - 2013-08-19 18:08 - 03010440 _____ (GamingWonderland) C:\Users\Adrian\Downloads\GamingWonderlandCrxSetup.91D2CA31-F53D-40CC-A9BD-C9A69324A54D.exe 2013-08-19 01:17 - 2011-01-18 10:52 - 00000410 ____H C:\windows\Tasks\Norton Security Scan for sarah.job 2013-08-18 15:33 - 2013-08-18 15:33 - 01146184 _____ (Microsoft Corporation) C:\Users\Adrian\Downloads\wlsetup-web.exe 2013-08-17 13:36 - 2011-09-26 12:46 - 00002057 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-08-17 13:36 - 2011-09-26 12:46 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-08-17 00:32 - 2012-03-14 02:47 - 00003884 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA 2013-08-17 00:32 - 2012-03-14 02:47 - 00003488 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core 2013-08-17 00:03 - 2009-11-30 21:31 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-17 00:02 - 2011-03-14 23:17 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-08-16 23:55 - 2010-02-16 11:34 - 00003878 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA 2013-08-16 23:55 - 2010-02-16 11:34 - 00003482 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core 2013-08-16 23:55 - 2010-02-15 00:42 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-08-16 23:55 - 2010-02-15 00:42 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore Files to move or delete: ==================== C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\f98a58313a1fd7498cd9848cdf163d31\mono-1-vc.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\f98a58313a1fd7498cd9848cdf163d31\webplayer_win.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\f98a58313a1fd7498cd9848cdf163d31\wrap_oal.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\ab73f016194db34baacb0013746e316c\mono-1-vc.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\ab73f016194db34baacb0013746e316c\webplayer_win.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\ab73f016194db34baacb0013746e316c\wrap_oal.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\a4c3df3ca1fb234aa6f2d4f7035827e2\mono-1-vc.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\a4c3df3ca1fb234aa6f2d4f7035827e2\webplayer_win.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\a4c3df3ca1fb234aa6f2d4f7035827e2\wrap_oal.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\92925a31c5f59e40969e24c7ea343518\mono-1-vc.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\92925a31c5f59e40969e24c7ea343518\webplayer_win.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\92925a31c5f59e40969e24c7ea343518\wrap_oal.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\0e5fdfb2fc1c58448bf404171662454d\mono-1-vc.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\0e5fdfb2fc1c58448bf404171662454d\webplayer_win.dll C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\0e5fdfb2fc1c58448bf404171662454d\wrap_oal.dll C:\Users\Other\AppData\Local\Temp\UnityWebPlayer\temp\a63cab2b9863e14399176a94b10aab52\mono-1-vc.dll C:\Users\Other\AppData\Local\Temp\UnityWebPlayer\temp\a63cab2b9863e14399176a94b10aab52\webplayer_win.dll C:\Users\Other\AppData\Local\Temp\UnityWebPlayer\temp\a63cab2b9863e14399176a94b10aab52\wrap_oal.dll C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\985e905f1aa16f49a6982f2594008f82\mono-1-vc.dll C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\985e905f1aa16f49a6982f2594008f82\webplayer_win.dll C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\3a11715753735646816a9b41cd8ead64\mono-1-vc.dll C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\3a11715753735646816a9b41cd8ead64\webplayer_win.dll C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\3a11715753735646816a9b41cd8ead64\wrap_oal.dll C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\09461e930f4e9342ad167734c214c459\mono-1-vc.dll C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\09461e930f4e9342ad167734c214c459\webplayer_win.dll C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\09461e930f4e9342ad167734c214c459\wrap_oal.dll C:\Users\sarah\AppData\Local\Temp\TuneUpMedia\curl.exe C:\Users\sarah\AppData\Local\Temp\TuneUpMedia\hide.exe C:\Users\sarah\AppData\Local\Temp\TuneUpMedia\syslog.exe C:\Users\sarah\AppData\Local\Temp\TuneUpMedia\tu_guid.exe C:\Users\sarah\AppData\Local\Temp\TuneUpMedia\tu_prefs.exe C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\D3DCompiler_43.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\Opera-12.16-1860.i386.autoupdate.exe C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\opera.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\opera.exe C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\OperaUpgrader.exe C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\updatechecker\opera_autoupdate.exe C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\mapi\OperaMAPI.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\gstreamer.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstaudioconvert.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstaudioresample.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstautodetect.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstcoreplugins.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstdecodebin2.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstdirectsound.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstffmpegcolorspace.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstoggdec.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwaveform.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwavparse.dll C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwebmdec.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-22 18:58 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013 Ran by sarah at 2013-09-06 17:32:29 Running from C:\Users\sarah\Desktop\softwares Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 3DVIA player 5.0 (x32 Version: 5.0.0.12) 3DVIA player 5.0.0.20 (x32 Version: 5.0.20) Adobe AIR (x32 Version: 2.5.1.17730) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) (x32 Version: 10.1.7) Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638) Airytec Switch Off (Version: 3.4.1) Anti-phishing Domain Advisor (x32 Version: 1.0.0.0) Apple Application Support (x32 Version: 2.1.6) Apple Mobile Device Support (Version: 4.0.0.97) Apple Software Update (x32 Version: 2.1.3.127) AVG Security Toolbar (x32 Version: 10.0.0.7) Best Buy Software Installer (Version: 2.1.0.29) Best Buy Software Installer (x32 Version: 2.1.0.29) Bird and Robinson 2.0 (x32 Version: 2.0) Bonjour (Version: 3.0.0.10) Brain Workshop 4.8.1 (x32 Version: 4.8.1) CameraHelperMsi (x32 Version: 13.31.1038.0) Canon IJ Network Scan Utility (x32) Canon IJ Network Tool (x32) Canon MP Navigator EX 2.1 (x32) Canon MX860 series MP Drivers Canon MX860 series User Registration (x32) Canon Utilities Easy-PhotoPrint EX (x32) Canon Utilities My Printer (x32) Canon Utilities Solution Menu (x32) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.4518.1014) Content Transfer (x32 Version: 1.2.0.07300) DAEMON Tools Lite (x32 Version: 4.41.3.0173) DANB Tutorial and Demo (x32 Version: 2.3.803.335) DealBulldog Toolbar (x32) dows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012) DVD Decrypter (Remove Only) (x32) erLT (x32 Version: 1.20.138.34) Facebook Plug-In (HKCU) FREE Hi-Q Recorder 1.92 (x32) Google Chrome (HKCU Version: 29.0.1547.66) Google Earth Plug-in (x32 Version: 7.1.1.1888) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752) Google Update Helper (x32 Version: 1.3.21.153) HyperCam 2 (x32 Version: 2.25.01) iLivid (x32 Version: 1.92.0.109635) iMesh (x32 Version: 11.0.0.118611) Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883) Intel® Matrix Storage Manager IrfanView (remove only) (x32 Version: 4.27) iTunes (Version: 10.5.3.3) Java 6 Update 21 (x32 Version: 6.0.210) Junk Mail filter update (x32 Version: 14.0.8089.726) Kid-Key-Lock 1.7.0.0 (x32) LeapFrog Connect (x32 Version: 3.2.19.13664) LeapFrog Leapster2 Plugin (x32 Version: 3.2.19.13664) LimeWire 5.4.6 (x32 Version: 5.4.6) Logitech Webcam Software (x32 Version: 2.31) LWS Facebook (x32 Version: 13.31.1038.0) LWS Gallery (x32 Version: 13.31.1038.0) LWS Help_main (x32 Version: 13.31.1044.0) LWS Launcher (x32 Version: 13.31.1038.0) LWS Motion Detection (x32 Version: 13.30.1395.0) LWS Pictures And Video (x32 Version: 13.31.1038.0) LWS Twitter (x32 Version: 13.30.1346.0) LWS Video Mask Maker (x32 Version: 13.30.1379.0) LWS VideoEffects (Version: 13.30.1379.0) LWS Webcam Software (x32 Version: 13.31.1038.0) LWS WLM Plugin (x32 Version: 1.30.1201.0) LWS YouTube Plugin (x32 Version: 13.31.1038.0) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) McAfee Security Scan Plus (x32 Version: 3.0.318.3) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2007 Service Pack 2 (SP2) (x32) Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000) Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32) Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Silverlight (x32 Version: 5.1.10411.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Tool Web Package:diskpart.exe (x32 Version: 1.0.0.1) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Microsoft Works (x32 Version: 9.7.0621) MixiDJ V37 Toolbar (x32 Version: 6.15.0.27) Moozy (x32) Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) MSVCRT (x32 Version: 14.0.1468.721) Norton Family (x32 Version: 2.8.0.14) Norton Security Scan (x32 Version: 3.0.0.103) Norton Security Suite (x32 Version: 4.4.0.12) NWZ-E340 WALKMAN Guide (x32 Version: 2.0.00.07010) OpenOffice.org 3.2 (x32 Version: 3.2.9502) Opera 11.64 (x32 Version: 11.64.1403) PlayReady PC Runtime amd64 (Version: 1.3.0) PowerFlashCard (x32) QuickTime (x32 Version: 7.71.80.42) Rapport (x32 Version: 3.5.1105.59) Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30101) Realtek WLAN Driver (x32 Version: 2.00.0006) Roxio Burn (x32 Version: 1.2) Roxio Express Labeler 3 (x32 Version: 3.2.1) Roxio Roxio Burn (x32 Version: 1.0.0) Roxio Update Manager (x32 Version: 6.0.0) Search Results Toolbar (x32 Version: 1.0.0.12) SoundCapture (x32 Version: 1.1.0) Souptoys (x32 Version: 1.6.0.8) Spam Free Search Bar (x32 Version: 1.0.0.12) Spotify (HKCU Version: 0.9.1.57.ge7405149) swMSM (x32 Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 13.2.6.1) TOSHIBA Application Installer (x32 Version: 9.0.1.0) TOSHIBA Assist (x32 Version: 3.00.09) TOSHIBA Bulletin Board (Version: 1.5.05.64) TOSHIBA Bulletin Board (x32 Version: 1.5.05.64) TOSHIBA ConfigFree (x32 Version: 8.0.21) TOSHIBA Disc Creator (Version: 2.1.0.1 for x64) TOSHIBA DVD PLAYER (x32 Version: 3.01.0.07-A) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00) TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: ) TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C) TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C) TOSHIBA HDD/SSD Alert (Version: 3.1.64.0) TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0) TOSHIBA Media Controller (x32 Version: 1.0.65) TOSHIBA Quality Application (x32 Version: 1.0.1) TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64) TOSHIBA ReelTime (Version: 1.5.07.64) TOSHIBA ReelTime (x32 Version: 1.5.07.64) TOSHIBA Service Station (x32 Version: 2.1.33) TOSHIBA Speech System Applications (x32 Version: 1.00.2518) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32) TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C) TOSHIBA Value Added Package (Version: 1.2.26.64) TOSHIBA Value Added Package (x32 Version: 1.2.26.64) ToshibaRegistration (x32 Version: 1.0.3) TrustyFiles (x32) TuneUp Companion 2.4.2 (x32 Version: 2.4.2) Tux of Math Command (remove only) (x32) TweetDeck (x32 Version: 0.36.2) Update for Microsoft Office Word 2007 (KB974631) (x32) Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) (x32) Utility Common Driver (x32 Version: 1.0.50.27C) VLC media player 2.0.2 (x32 Version: 2.0.2) VOICE4WEB (x32 Version: 1.0.0) Wincore MediaBar (x32 Version: 3.0.0.118597) Windows iLivid Toolbar (x32 Version: 3.0.0.112200) Windows Live Call (x32 Version: 14.0.8064.0206) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live Essentials (x32 Version: 14.0.8089.0726) Windows Live Essentials (x32 Version: 14.0.8089.726) Windows Live Mail (x32 Version: 14.0.8089.0726) Windows Live Messenger (x32 Version: 14.0.8089.0726) Windows Live Movie Maker (x32 Version: 14.0.8091.0730) Windows Live Photo Gallery (x32 Version: 14.0.8081.709) Windows Live Sign-in Assistant (x32 Version: 5.000.818.5) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live Upload Tool (x32 Version: 14.0.8014.1029) Windows Live Writer (x32 Version: 14.0.8089.0726) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {0A5A3F85-A8F0-4DA3-B4CD-A8C52875472F} - System32\Tasks\{6A5DF337-86C3-4AC4-8B37-5C47DE87F057} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe Task: {22DFD68F-0CF5-47F7-AF0F-8EDF5E9753E3} - System32\Tasks\{BFA4DA1E-A1CC-4E29-9435-D0367327EB77} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe Task: {3331E4EB-06BE-4A94-B589-36C03EA219D4} - System32\Tasks\Symantec\Symantec Error Analyzer 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation) Task: {42928985-4AA4-469E-B483-B0411BB64702} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2009-07-13] (Microsoft Corporation) Task: {451534AC-CD6F-41E7-AA27-28C37E3B7F5F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION) Task: {4880B092-57BC-43CC-BD2D-CAE34ACA5DB0} - System32\Tasks\{05DE2E19-528C-4725-BE8C-EF73EE629E76} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe Task: {58E33642-CF8C-4408-8C28-748BBC8B9ECB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5F05709A-4A22-458E-BB23-5435F4FFCA70} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 => C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\tampmon.exe [2013-07-24] (Symantec Corporation) Task: {7737400C-2BD7-4880-90FA-8082FE840B32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.) Task: {8D6D286C-BF19-4470-96D4-357061FF9D65} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.) Task: {90160B7D-9A15-45DE-A263-2730694A196E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2844117050-2618380543-1804570796-1003 => C:\Windows\System32\portabledeviceapi.dll [2009-07-13] (Microsoft Corporation) Task: {97AC04C8-D462-4827-AA11-11B1B560B15C} - System32\Tasks\{01618015-C59A-4DFC-ACC2-DDF9FD91D913} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe Task: {A09B9669-7426-4333-BDC8-562E3088FEF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.) Task: {A50E74C4-1942-4542-AEA1-3D775CFFE013} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.) Task: {A6C36EE7-002D-4975-A7B4-8E34302F2620} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.) Task: {AC29B55C-FF67-414B-A9FD-4B9446E9AEFB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated) Task: {C2D1BE75-D225-45E9-A186-47337AD2D01D} - System32\Tasks\Symantec\Symantec Error Processor 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation) Task: {CF20D084-C2EC-46FF-995C-0DE98583E027} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.) Task: {D4049FC0-2981-4ECC-A17B-9E4FDFA23BCF} - System32\Tasks\Norton Security Scan for sarah => C:\Program Files (x86)\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2012-10-03] (Symantec Corporation) Task: {DC0B0A9E-83F3-44F6-8C07-CB2B08CA1A39} - System32\Tasks\{E8FE5DDC-25E0-4403-8FCC-B3E83782FBBA} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core.job => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA.job => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core.job => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA.job => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\Norton Security Scan for sarah.job => C:\PROGRA~2\NORTON~2\Engine\300~1.103\Nss.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-31 14:52 - 2010-03-18 14:37 - 02495344 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll 2011-10-31 14:52 - 2011-08-03 21:25 - 00985472 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccL90U.dll 2011-10-31 14:52 - 2011-08-21 19:53 - 00087976 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\EFACli64.dll 2011-10-31 14:52 - 2011-08-03 21:19 - 00113024 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccVrTrst.dll 2011-10-31 14:52 - 2011-08-03 21:19 - 00419712 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccSet.dll 2011-10-31 14:52 - 2011-08-03 21:19 - 00230784 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccIPC.dll 2011-10-31 14:52 - 2011-08-03 21:19 - 00200064 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccGEvt.dll 2009-07-13 17:22 - 2009-07-13 18:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2012-01-24 17:52 - 2009-07-06 18:07 - 00104448 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\cnmpu.dll 2012-01-24 17:52 - 2009-07-06 18:07 - 00093184 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyRes.dll 2009-08-03 19:18 - 2009-08-03 19:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2009-08-03 19:19 - 2009-08-03 19:19 - 00265584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll 2013-08-16 23:50 - 2013-08-16 23:50 - 00853896 ____T (Google Inc.) C:\Users\sarah\AppData\Local\Google\Update\1.3.21.153\goopdate.dll 2012-01-17 12:18 - 2012-01-17 12:18 - 00309416 _____ (Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll 2011-09-14 10:19 - 2011-09-14 10:19 - 02348544 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll 2011-09-14 10:19 - 2011-09-14 10:19 - 08500224 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll 2011-11-12 13:05 - 2011-11-12 13:05 - 00085856 _____ (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\DeviceHooks\LeapsterDeviceHook.dll 2010-03-15 16:57 - 2010-03-15 16:57 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll 2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\windows\system32\dnssd.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2011-09-25 19:00 - 2011-09-25 19:00 - 02680632 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll 2011-09-19 20:38 - 2011-09-19 20:38 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2012-10-30 03:37 - 2012-10-30 03:37 - 00688440 _____ (Trusteer Ltd.) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll 2012-05-28 15:51 - 2012-05-28 15:51 - 00520464 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll 2011-03-31 19:14 - 2011-09-25 19:00 - 00522040 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.DLL 2011-03-31 19:14 - 2011-09-25 19:00 - 00505656 _____ (Trusteer Ltd.) c:\program files (x86)\trusteer\rapport\bin\rooksdol.dll 2011-03-31 19:14 - 2011-03-10 21:09 - 00198456 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 ==================== Faulty Device Manager Devices ============= Name: Canon MX860 ser Network Description: Canon MX860 ser Network Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Canon Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 151601 Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 151601 Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 146656 Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 146656 Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 137811 Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 137811 Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/06/2013 01:49:13 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 128700 System errors: ============= Error: (09/06/2013 05:32:15 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (09/06/2013 05:31:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. Error: (09/06/2013 05:31:15 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service. Error: (09/06/2013 05:30:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. Error: (09/06/2013 05:30:15 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. Error: (09/06/2013 05:29:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (09/06/2013 05:29:15 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. Error: (09/06/2013 05:28:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. Error: (09/06/2013 05:28:15 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service. Error: (09/06/2013 05:27:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 2936.89 MB Available physical RAM: 1918.5 MB Total Pagefile: 5871.92 MB Available Pagefile: 4458.13 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (TI105756W0B) (Fixed) (Total:222.43 GB) (Free:116.49 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: CE865B76) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=9 GB) - (Type=17) ==================== End Of Log ============================
  10. OK that didn't work out like I thought. Part of the problem is that the computer i'm working on that has this problem is not mine. It's my sisters. And she gets picky about me using it and installing things on there. So I will get try to get it done ASAP. But I still need to talk to her first before I do much of anything on there.. Thanks.
  11. Hi Charlie, I will try to install and reply by tomorrow, but if not, I will definitely do it on Wednesday. Thanks.
  12. Sorry on two points. I think it's "MixiDJ V37". I can't even check now since someone else is on the computer. Also let me be more clear. It's not a toolbar, but it's messing with my homepage. I'll check up on it and get back to you. Peace.
  13. Well I still have this MixDJ V37 toolbar in firefox. What about that?
  14. Here it is. I only did a quick scan. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.30.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 sarah :: SARAH-PC [administrator] Protection: Enabled 8/30/2013 5:43:47 PM mbam-log-2013-08-30 (17-43-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 272474 Time elapsed: 6 minute(s), 6 second(s) Memory Processes Detected: 3 C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> 1644 -> Delete on reboot. C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.ConduitSearchProtect) -> 4564 -> Delete on reboot. C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> 4656 -> Delete on reboot. Memory Modules Detected: 2 C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Delete on reboot. C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Delete on reboot. Registry Keys Detected: 8 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Quarantined and deleted successfully. HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.SearchProtect.A) -> Data: C:\Program Files (x86)\SearchProtect\bin\cltmng.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.ConduitSearchProtect) -> Data: C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr) -> Data: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 43 C:\Program Files (x86)\AppGraffiti (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\AppGraffiti\Update (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot. C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. Files Detected: 136 C:\Users\Adrian\Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\Adrian\Downloads\GamesSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully. C:\Users\Adrian\Downloads\oi_setup.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully. C:\Users\sarah\Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\sarah\Downloads\Flash Player 12.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully. C:\Users\sarah\Downloads\frostwire-5.2.11.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\sarah\Downloads\Moozy.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully. C:\Users\sarah\Downloads\PDFCreatorSetup.exe (PUP.AdBundle) -> Quarantined and deleted successfully. C:\Users\sarah\Downloads\unconfirmed 13070.download (PUP.Optional.AskToolbar) -> Quarantined and deleted successfully. C:\Program Files (x86)\AppGraffiti\unins000.dat (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\AppGraffiti\AppGraffiti.exe (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\AppGraffiti\AppGraffiti._dll (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\AppGraffiti\AppGraffiti._exe (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\AppGraffiti\unins000.exe (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> Delete on reboot. C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Delete on reboot. C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Delete on reboot. C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.ConduitSearchProtect) -> Delete on reboot. C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> Delete on reboot. C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\2247.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\TuneUp_OpenCandy_PC_2.4.2_CPMID_295.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\TuneUp_OpenCandy_PC_2.4.2_CPMID_295_p9v0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369\OpenCandyU1Dlm.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. (end)
  15. I did it. I can't post right now since the computer is being used by someone else right now. But I will post the results. Thanks.