ckelleher

Okay, thanks for detailed help, I really appreciate your taking the time. I hope the answer can be of use to someone else.

Okay I don't quite know how, but I screwed this up. I started by trying to disable my PCMatic Super Shield. It was missing from the system tray so I found it under programs and clicked on it and nothing came up. So I figured it was disabled and started ESET and went to bed, this morning it had found 18 threats, they were listed but I don't know what they were. ESET gave me the option to save to text file or clipboard. I choose text file and assigned a file name. Then that window locked up. After a couple of minutes it let me close it but I never got the option to FINISH. It did not save the text file. And my virus protection software seems to be MIA. I am willing to buy ESET (or another program) if that will help resolve my problem. I am still getting the GETSOFTFREE popups.

Here is the log. And as for my computer, it's pretty much just me, the problems started after I tried to download a driver for an old webcam. ComboFix 14-02-24.02 - Cathy 02/27/2014 15:26:40.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1846 [GMT -7:00] Running from: c:\users\Cathy\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Cathy\AppData\Roaming\Microsoft\Windows\Recent\Dropbox.url c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-01-27 to 2014-02-27 ))))))))))))))))))))))))))))))) . . 2014-02-27 22:35 . 2014-02-27 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-27 21:15 . 2014-02-27 21:15 -------- d-----w- c:\users\Cathy\AppData\Local\Logitech® Webcam Software 2014-02-27 21:10 . 2014-02-27 21:10 -------- d-----w- c:\programdata\LogiShrd 2014-02-27 21:10 . 2014-02-27 21:10 53248 ----a-r- c:\users\Cathy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2014-02-27 21:10 . 2014-02-27 21:10 -------- d-----w- c:\users\Cathy\AppData\Roaming\Leadertech 2014-02-27 21:09 . 2012-09-21 19:09 542568 ----a-w- c:\windows\SysWow64\LVUI2.dll 2014-02-27 21:09 . 2012-09-21 19:09 538472 ----a-w- c:\windows\SysWow64\LVUI2RC.dll 2014-02-27 21:08 . 2014-02-27 21:10 -------- d-----w- c:\program files (x86)\Logitech 2014-02-27 20:51 . 2014-02-27 22:32 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D1FA107-3C27-497A-BD03-AB3DC39887E8}\offreg.dll 2014-02-27 18:07 . 2014-02-27 18:07 -------- d-----w- c:\users\Cathy\AppData\Roaming\Malwarebytes 2014-02-27 18:07 . 2014-02-27 18:07 -------- d-----w- c:\programdata\Malwarebytes 2014-02-27 18:07 . 2014-02-27 18:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-02-27 18:07 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-02-27 18:00 . 2014-02-27 21:10 -------- d-----w- c:\program files (x86)\Common Files\logishrd 2014-02-27 18:00 . 2014-02-27 21:09 -------- d-----w- c:\program files\Common Files\logishrd 2014-02-27 16:50 . 2014-02-27 20:30 -------- d-----w- C:\AdwCleaner 2014-02-27 15:06 . 2014-02-27 15:06 -------- d-----w- c:\windows\ERUNT 2014-02-27 04:24 . 2014-02-27 05:06 -------- d-----w- c:\programdata\InstallShield 2014-02-27 01:13 . 2014-02-27 01:13 -------- d-----w- c:\users\Cathy\AppData\Local\Skype 2014-02-27 01:13 . 2014-02-27 01:13 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-02-27 00:55 . 2014-02-27 00:55 -------- d-----w- c:\program files (x86)\GE 2014-02-27 00:54 . 2001-09-05 11:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2014-02-27 00:54 . 2001-09-05 11:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2014-02-27 00:54 . 2001-09-05 11:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2014-02-27 00:54 . 2001-09-05 11:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2014-02-27 00:54 . 2004-03-05 23:51 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2014-02-26 23:28 . 2014-02-26 23:28 -------- d-----w- c:\program files (x86)\Convert Files for Free 2014-02-26 19:57 . 2014-02-26 19:58 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-02-26 19:57 . 2014-02-26 19:58 -------- d-----w- c:\program files\iTunes 2014-02-26 19:57 . 2014-02-26 19:58 -------- d-----w- c:\program files (x86)\iTunes 2014-02-26 19:57 . 2014-02-26 19:57 -------- d-----w- c:\program files\iPod 2014-02-26 10:02 . 2014-02-26 10:02 -------- d-----w- c:\windows\Migration 2014-02-25 09:12 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D1FA107-3C27-497A-BD03-AB3DC39887E8}\mpengine.dll 2014-02-21 19:47 . 2014-02-21 19:47 17858952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2014-02-12 10:02 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-12 10:02 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll 2014-02-12 10:00 . 2014-02-06 22:55 806104 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2014-02-12 10:00 . 2014-02-06 22:24 808152 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe 2014-02-12 10:00 . 2014-02-06 09:50 2041856 ----a-w- c:\windows\system32\inetcpl.cpl 2014-02-12 10:00 . 2014-02-06 09:24 2334208 ----a-w- c:\windows\system32\wininet.dll 2014-02-12 10:00 . 2014-02-06 09:09 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-02-12 10:00 . 2014-02-06 08:55 1393664 ----a-w- c:\windows\system32\urlmon.dll 2014-02-12 10:00 . 2014-02-06 09:22 13051392 ----a-w- c:\windows\system32\ieframe.dll 2014-02-12 10:00 . 2014-02-06 10:11 5768704 ----a-w- c:\windows\system32\jscript9.dll 2014-02-12 10:00 . 2014-02-06 09:25 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-02-07 08:00 . 2012-10-24 20:39 82872 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2014-02-06 13:28 . 2014-01-28 06:55 272496 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-21 19:47 . 2012-04-19 14:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-21 19:47 . 2012-04-19 14:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-02-15 10:00 . 2011-10-16 03:30 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-01-17 08:08 . 2014-01-17 08:08 312744 ----a-w- c:\windows\system32\javaws.exe 2014-01-17 08:08 . 2014-01-17 08:08 189352 ----a-w- c:\windows\system32\javaw.exe 2014-01-17 08:08 . 2014-01-17 08:08 189352 ----a-w- c:\windows\system32\java.exe 2014-01-17 08:08 . 2014-01-17 08:08 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-01-17 08:06 . 2014-01-17 08:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr 2013-12-18 13:13 . 2011-09-01 20:30 270496 ------w- c:\windows\system32\MpSigStub.exe 2013-12-16 13:43 . 2013-12-16 13:43 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-12-16 13:43 . 2013-12-16 13:43 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-12-16 13:43 . 2013-12-16 13:43 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-12-16 13:43 . 2013-12-16 13:43 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-12-16 13:43 . 2013-12-16 13:43 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-12-16 13:43 . 2013-12-16 13:43 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-12-16 13:43 . 2013-12-16 13:43 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-12-16 13:43 . 2013-12-16 13:43 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-12-16 13:43 . 2013-12-16 13:43 81408 ----a-w- c:\windows\system32\icardie.dll 2013-12-16 13:43 . 2013-12-16 13:43 774144 ----a-w- c:\windows\system32\jscript.dll 2013-12-16 13:43 . 2013-12-16 13:43 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-12-16 13:43 . 2013-12-16 13:43 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-12-16 13:43 . 2013-12-16 13:43 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-12-16 13:43 . 2013-12-16 13:43 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-12-16 13:43 . 2013-12-16 13:43 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-12-16 13:43 . 2013-12-16 13:43 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-12-16 13:43 . 2013-12-16 13:43 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-12-16 13:43 . 2013-12-16 13:43 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-12-16 13:43 . 2013-12-16 13:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-12-16 13:43 . 2013-12-16 13:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-12-16 13:43 . 2013-12-16 13:43 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-12-16 13:43 . 2013-12-16 13:43 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-12-16 13:43 . 2013-12-16 13:43 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-12-16 13:43 . 2013-12-16 13:43 413696 ----a-w- c:\windows\system32\html.iec 2013-12-16 13:43 . 2013-12-16 13:43 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-12-16 13:43 . 2013-12-16 13:43 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-12-16 13:43 . 2013-12-16 13:43 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-12-16 13:43 . 2013-12-16 13:43 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-12-16 13:43 . 2013-12-16 13:43 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-12-16 13:43 . 2013-12-16 13:43 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-12-16 13:43 . 2013-12-16 13:43 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-12-16 13:43 . 2013-12-16 13:43 247808 ----a-w- c:\windows\system32\msls31.dll 2013-12-16 13:43 . 2013-12-16 13:43 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-12-16 13:43 . 2013-12-16 13:43 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-12-16 13:43 . 2013-12-16 13:43 235520 ----a-w- c:\windows\system32\url.dll 2013-12-16 13:43 . 2013-12-16 13:43 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-12-16 13:43 . 2013-12-16 13:43 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-12-16 13:43 . 2013-12-16 13:43 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-12-16 13:43 . 2013-12-16 13:43 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-12-16 13:43 . 2013-12-16 13:43 147968 ----a-w- c:\windows\system32\occache.dll 2013-12-16 13:43 . 2013-12-16 13:43 143872 ----a-w- c:\windows\system32\wextract.exe 2013-12-16 13:43 . 2013-12-16 13:43 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-12-16 13:43 . 2013-12-16 13:43 13824 ----a-w- c:\windows\system32\mshta.exe 2013-12-16 13:43 . 2013-12-16 13:43 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-12-16 13:43 . 2013-12-16 13:43 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-12-16 13:43 . 2013-12-16 13:43 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-12-16 13:43 . 2013-12-16 13:43 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-12-16 13:43 . 2013-12-16 13:43 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-12-16 13:43 . 2013-12-16 13:43 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-12-16 13:43 . 2013-12-16 13:43 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-12-16 13:43 . 2013-12-16 13:43 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-12-16 13:43 . 2013-12-16 13:43 101376 ----a-w- c:\windows\system32\inseng.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}] 2014-01-28 10:22 116344 ----a-w- c:\program files (x86)\Convert Files for Free\ConvertFilesforFree.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Download Nitro"="c:\program files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe" [2011-06-30 3597520] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-11 20924576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848] "Info Center"="c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2012-09-01 27328] "Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-28 1667072] "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "PC MaticRT"="c:\program files (x86)\PCPitstop\Super Shield\PCMaticRT.exe" [2014-02-06 1601648] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-11 20924576] . c:\users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Cathy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328] Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x] R3 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x] R3 ConvertFilesforFreeUpdt;ConvertFilesforFreeUpdt;c:\program files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe;c:\program files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdlserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdlserv.exe [x] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x] R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe;c:\windows\SYSNATIVE\lxdlcoms.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x] S2 PCPitstop Realtime;PCPitstop Realtime;c:\program files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe;c:\program files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [x] S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.38103.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.3.38103.0.sys [x] S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x] S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x] S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x] S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x] S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 19:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-09-13 13653208] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-03 206208] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216] "lxdlmon.exe"="c:\program files (x86)\Lexmark 7500 Series\lxdlmon.exe" [2010-02-17 455336] "lxdlamon"="c:\program files (x86)\Lexmark 7500 Series\lxdlamon.exe" [2010-02-17 25256] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{C4F9F043-A052-4721-88CC-62FB87C36EB6}: NameServer = 205.171.3.25,205.171.2.25 FF - ProfilePath - c:\users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\hn1so24i.default\ FF - prefs.js: keyword.URL - FF - ExtSQL: 2014-02-04 06:51; [email protected]; c:\users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\hn1so24i.default\extensions\[email protected] . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{11111111-1111-1111-1111-110411901174} - c:\program files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-02-27 15:38:16 ComboFix-quarantined-files.txt 2014-02-27 22:38 . Pre-Run: 200,428,527,616 bytes free Post-Run: 200,300,220,416 bytes free . - - End Of File - - 9F1DFEC516030B4C15F057D4F9C4AD55

I thought I was good to go but then I started getting ads from getsoftfree and http://www.comparetheinsurance.com/cars.html. The Mbam log is below. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.27.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Cathy :: CATHY-PC [administrator] 2/27/2014 11:08:09 AM mbam-log-2014-02-27 (11-08-09).txt Scan type: Full scan (C:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 426345 Time elapsed: 1 hour(s), 21 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\Software\BetterBrowse (PUP.Optional.BetterBrowse.A) -> No action taken. HKCU\Software\BetterBrowse (PUP.Optional.BetterBrowse.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 21 C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-bg.exe.vir (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe.vir (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-enabler.exe.vir (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe.vir (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-updater.exe.vir (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\utils.exe.vir (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3O6MBWW7\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVZDKATU\Setup[1].exe (PUP.Optional.BetterBrowse.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLHZOR78\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOWES9ND\JRT[1].exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Temp\BetterBrowseSetup.exe (PUP.Optional.BetterBrowse.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Temp\nsd4636.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Temp\nso9B2B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Temp\nst98D9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Temp\nsy43A6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Temp\is357113909\8690665_stp\Mysearchdial.exe (PUP.Optional.MySpeedDial.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Temp\is357113909\8690759_stp\ConvertFilesforFree_7.12_Ironcore3_release.exe (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Local\Temp\nsi1371\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cathy\Desktop\Downloads\mozilla firefox setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully. C:\Users\Cathy\Desktop\Downloads\TranslatorSetup.exe (PUP.Optional.ToolBarInstaller.A) -> Quarantined and deleted successfully. C:\Users\Cathy\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully. (end)

Thanks so much! It took most of the morning but I think it got rid of it. Your instructions were stellar. Do you have a favorite website I can make a donation to as a thank you? Logs follow. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x64 Ran by Cathy on Thu 02/27/2014 at 8:06:58.45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] update betterbrowse Successfully deleted: [service] update betterbrowse Successfully stopped: [service] util betterbrowse Successfully deleted: [service] util betterbrowse Successfully stopped: [service] wajamupdater Successfully deleted: [service] wajamupdater ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\inboxtoolbar Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f34c9277-6577-4dff-b2d7-7d58092f272f} Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\browserconnection.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\priam_bho.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\apn dtx Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilividtoolbarguid Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\inbox toolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2672902978-1940797462-4046743780-1001\Software\wajam Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\inbox toolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilividiehelper.dnsguard Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilividiehelper.dnsguard.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.appserver Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.ibx404 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.jsserver Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.toolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inbox Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividmediabar_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividmediabar_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetup_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetup_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\search results toolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612ad33d-9824-4e87-8396-92374e91c4bb}_is1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\ilividsrtb Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.BHO Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.BHO.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.Sandbox Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.Sandbox.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411901174} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422902274} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455905574} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466906674} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444904474} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411901174} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422902274} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455905574} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466906674} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904474} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.BHO Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.BHO.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.Sandbox Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.Sandbox.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455905574} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466906674} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444904474} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411901174} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411901174} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455905574} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466906674} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904474} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38779BCD-A3AA-49B1-A109-C31E6C5D701D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{38779BCD-A3AA-49B1-A109-C31E6C5D701D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} ~~~ Files Successfully deleted: [File] "C:\end" Successfully deleted: [File] C:\Windows\syswow64\sho32DD.tmp Successfully deleted: [File] C:\Windows\syswow64\sho4EFA.tmp Successfully deleted: [File] C:\Windows\syswow64\shoC3F2.tmp ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\Users\Cathy\AppData\Roaming\mysearchdial" Successfully deleted: [Folder] "C:\Users\Cathy\appdata\local\couponamazing" Failed to delete: [Folder] "C:\Users\Cathy\appdata\local\ilivid" Successfully deleted: [Folder] "C:\Users\Cathy\appdata\local\searchprotect" Successfully deleted: [Folder] "C:\Users\Cathy\appdata\local\torch" Successfully deleted: [Folder] "C:\Users\Cathy\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Users\Cathy\appdata\locallow\ilividtoolbarguid" Successfully deleted: [Folder] "C:\Users\Cathy\appdata\locallow\inbox toolbar" Successfully deleted: [Folder] "C:\Users\Cathy\appdata\locallow\mysearchdial" Successfully deleted: [Folder] "C:\Program Files (x86)\betterbrowse" Successfully deleted: [Folder] "C:\Program Files (x86)\file type helper" Successfully deleted: [Folder] "C:\Program Files (x86)\inbox toolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inbox toolbar" Successfully deleted: [Folder] "C:\Users\Cathy\AppData\Roaming\microsoft\windows\start menu\programs\wajam" ~~~ FireFox Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml" Successfully deleted: [File] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\user.js Successfully deleted: [File] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\invalidprefs.js Successfully deleted: [File] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\searchplugins\mysearchdial.xml Successfully deleted: [File] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\searchplugins\search_results.xml Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\ilividtoolbarguid Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\inbox toolbar Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\extensions\[email protected] Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} Successfully deleted the following from C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\prefs.js user_pref("browser.search.order.1", "Mysearchdial"); user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0202&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtFtCyDt user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.expiration", "Thu Mar 06 2014 08:01 user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.value", "%22US%22"); user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.expiration", "Thu Feb 27 2014 11:31:04 user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A49074%2C%22a user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.description", "Enhance your search results with direct download links and user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3 user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.value", "%22.crossrider-nofity-34345 user_pref("extensions.crossrider.bic", "14407631d68b6b56683a46d2a36edb14"); user_pref("extensions.mysearchdial.AL", 2); user_pref("extensions.mysearchdial.aflt", "dsites0202"); user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R"); user_pref("extensions.mysearchdial.cntry", "US"); user_pref("extensions.mysearchdial.cr", "369720437"); user_pref("extensions.mysearchdial.dfltLng", ""); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.dnsErr", true); user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,32 user_pref("extensions.mysearchdial.excTlbr", false); user_pref("extensions.mysearchdial.hdrMd5", "57155BE1834A2F6E00DDC4FDD079B270"); user_pref("extensions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0202&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutBtFtB user_pref("extensions.mysearchdial.id", "1C750841EEB5F045"); user_pref("extensions.mysearchdial.instlDay", "16127"); user_pref("extensions.mysearchdial.instlRef", ""); user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites0202&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtF user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.016:28:10"); user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0202&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutBtF user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\ user_pref("extensions.mysearchdial.prdct", "mysearchdial"); user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); user_pref("extensions.mysearchdial.sg", "none"); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); user_pref("extensions.mysearchdial.tlbrId", "base"); user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0202&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutB user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); user_pref("extensions.mysearchdial_i.hmpg", true); user_pref("extensions.mysearchdial_i.newTab", false); user_pref("extensions.mysearchdial_i.smplGrp", "none"); user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:28:10"); user_pref("ibxcomtb.defs", "<buttons>\n<button id=\"reference_translator\" position=\"100\" default=\"3\" type=\"dropdown\" status_disabled=\"0\" ver=\"1.0.0.8\">\n <caption> user_pref("ibxcomtb.skin", "<button id=\"BLUE_GREEN\" type=\"SKIN\" ver=\"1.0.0.2\">\n\n <expand firstbutton=\"11\" combo=\"27\" lastbutton=\"45\"/>\n <offset fb=\"2\" cb=\" Emptied folder: C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\minidumps [1159 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 02/27/2014 at 8:14:38.31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.020 - Report created 27/02/2014 at 10:26:09 # Updated 27/02/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Cathy - CATHY-PC # Running from : C:\Users\Cathy\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [#] Folder Deleted : C:\ProgramData\Browser Manager Folder Deleted : C:\Program Files (x86)\The weDownload Manager Folder Deleted : C:\Users\Cathy\AppData\Local\iLivid Folder Deleted : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\hn1so24i.default\Extensions\[email protected]e264651bb.com File Deleted : C:\Windows\Tasks\The weDownload Manager-codedownloader.job File Deleted : C:\Windows\System32\Tasks\The weDownload Manager-codedownloader File Deleted : C:\Windows\Tasks\The weDownload Manager-enabler.job File Deleted : C:\Windows\System32\Tasks\The weDownload Manager-enabler File Deleted : C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job File Deleted : C:\Windows\System32\Tasks\The weDownload Manager-firefoxinstaller File Deleted : C:\Windows\Tasks\The weDownload Manager-updater.job File Deleted : C:\Windows\System32\Tasks\The weDownload Manager-updater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{687b329b-03af-4734-a6a1-244352d1927d} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e84ad48-bcda-4863-a07a-13bce6c21423} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{687b329b-03af-4734-a6a1-244352d1927d} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e84ad48-bcda-4863-a07a-13bce6c21423} Key Deleted : HKCU\Software\mysearchdial.com Key Deleted : HKCU\Software\WEDLMNGR Key Deleted : HKCU\Software\AppDataLow\Software\The weDownload Manager Key Deleted : HKLM\Software\The weDownload Manager Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager Key Deleted : [x64] HKLM\SOFTWARE\caphyon Key Deleted : [x64] HKLM\SOFTWARE\DataMngr Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v27.0 (en-US) [ File : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\hn1so24i.default\prefs.js ] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.InstallationThankYouPage", true); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.InstallationTime", 1391693262); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.active", true); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.addressbar", "NA"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.addressbarenhanced", ""); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb.was_copied", "true"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb_dbWasSet", true); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb_dbWasSet_FF25_FIX", true); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb.was_copied", "true"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb_dbWasSet", true); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb_dbWasSet_FF25_FIX", true); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.backgroundver", 1); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.certdomaininstaller", ""); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.changeprevious", false); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)")[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallationTime.value", "%221391693262%22"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22verticals-in[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.jw_token.value", "%2252d50032-633b-6c60-b5c9-8bf5a1f4c17b%22"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.description", "Enhance your search results with direct download links and information for apps and[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.domain", ""); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.enablesearch", false); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.homepage", ""); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.iframe", false); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%228CAE473B0A2B4200A08097EDD105B[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22vertical[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22ver[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%228CAE473B0A2B4200A080[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Tim[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_appVer.value", "44"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standar[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_lastVersion.value", "1"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_nextCheck.expiration", "Thu Feb 27 2014 14:01:25 GMT-0700 (Mountain Standard [...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_nextCheck.value", "true"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_queue.value", "%7B%7D"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain St[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.expiration", "Wed May 28 2014 09:03:03 GMT-0600 (Mountain Day[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard [...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.__defualt_browser__.value", "%22ff%22"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%228CAE473B[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mounta[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mo[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledWithHash.value", "null"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mou[...] Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.lastDailyReport", "1393513285418"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.lastUpdate", "1393513285977"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.manifesturl", ""); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.name", "The weDownload Manager"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.newtab", ""); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.opensearch", ""); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/49074/plugins/093/ff/plugins.json"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.pluginsversion", 40); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.publisher", "weDownload"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.searchstatus", 0); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.setnewtab", false); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.thankyou", ""); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.updateinterval", 360); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.ver", 44); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.FilesValidatorDueTime", "1393513344310"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.apps", "49074"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.bic", "14407631d68b6b56683a46d2a36edb14"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.cid", 49074); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.firstrun", false); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.hadappinstalled", true); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.installationdate", 1391693340); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.modetype", "production"); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.reportInstall", true); Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.statsDailyCounter", 62); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_absintheDrops", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_aguaDrops", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_antarctic_flap", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_checkForReset", false); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_dayCount", 1070); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_familiarWeight", 35); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_feast_on_carrion", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_gongDrops", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_hasBirdform", true); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_haveOde", true); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_mayflySummons", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_mushroomDrops", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_musicDrops", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_navelRingRunaways", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_playerLevel", 33); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_puttyUses", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_pwdHash", "e351201bb1eea0caa68fc70dedce397f"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_rise_from_ashes", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_snatchRunaways", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_statue_treatment", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_talon_slash", 7); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_the_bird", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_underlingSummons", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_usingBandersnatch", false); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_usingNavelRing", false); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_wing_buffet", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.CurCharName-127.0.0.1:60082", "Sweetie Pi"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.CurCharName-www7.kingdomofloathing.com", "Sweetie Pi"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Prudence-SkillList", "Spleen of Steel, Torso Awaregness, CLEESH, Cannelloni Cocoon, Disco[...] Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.R6-.WITH BIZARRE ILLEGIBLE SHEET MUSIC, RECEIVE TANGO OF TERROR [DISCO BANDITS] OR DIRGE [...] Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-1335 HAXX0R-FIGHT-25", 4); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-1335 HAXX0R-MONJUMP-25", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF (MOIL)-FIGHT-0", 4); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF (MOIL)-MONJUMP-0", 4); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF (ROYALE)-FIGHT-0", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF (ROYALE)-MONJUMP-0", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF FOREMAN-FIGHT-0", 3); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF FOREMAN-MONJUMP-0", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ACID BLOB-FIGHT-0", 3); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ACID BLOB-MONJUMP-0", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALBINO BAT-FIGHT-0", 4); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALBINO BAT-MONJUMP-0", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALPHABET GIANT-FIGHT-0", 7); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALPHABET GIANT-FIGHT-25", 11); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALPHABET GIANT-MONJUMP-0", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALPHABET GIANT-MONJUMP-25", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ANIME SMILEY-FIGHT-25", 3); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ANIME SMILEY-MONJUMP-25", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension", "5"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-TowerLevel2", "ELECTRON SUBMARINE"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-TowerLevel4", "VICIOUS EASEL"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-Wussiness potion", ""); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-bubbly potion", "Strength of Ten Ettins (+25% Mus: 10 Adv)"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-bubbly potion-IsGood", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-bubbly potion-Submitted", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-cloudy potion", "Izchak's Blessing (+25% Mox: 10 Adv)"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-cloudy potion-IsGood", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-cloudy potion-Submitted", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-dark potion", "Gain 14-16 HP and MP"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-dark potion-IsGood", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-dark potion-Submitted", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-effervescent potion", "Sleepy (-30% Mus: 20 Adv)"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-effervescent potion-IsGood", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-effervescent potion-Submitted", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-milky potion", "Object Detection (+12.5% Item Drops: 10 Adv)"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-milky potion-IsGood", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-milky potion-Submitted", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-murky potion", "Confused (-30% Mys: 20 Adv)"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-murky potion-IsGood", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-murky potion-Submitted", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-swirly potion", "Strange Mental Acuity (+25% Mys: 10 Adv)"); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-swirly potion-IsGood", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-swirly potion-Submitted", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-AtBarrels", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-AtRats", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BANSHEE LIBRARIAN-FIGHT-0", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BANSHEE LIBRARIAN-MONJUMP-0", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BAR-FIGHT-0", 4); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BAR-FIGHT-25", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BAR-MONJUMP-0", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BAR-MONJUMP-25", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BASEBALL BAT-FIGHT-0", 7); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BASEBALL BAT-FIGHT-25", 5); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BASEBALL BAT-MONJUMP-0", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BASEBALL BAT-MONJUMP-25", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BEANBAT-FIGHT-0", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BEANBAT-MONJUMP-0", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BLOOPER-FIGHT-10", 3); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BLOOPER-MONJUMP-10", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BOB RACECAR-FIGHT-25", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BOB RACECAR-MONJUMP-25", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BOOKBAT-FIGHT-0", 4); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BOOKBAT-MONJUMP-0", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRAINSWEEPER-FIGHT--10", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRAINSWEEPER-MONJUMP--10", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BREAD GOLEM-FIGHT--10", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BREAD GOLEM-FIGHT-0", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BREAD GOLEM-MONJUMP--10", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BREAD GOLEM-MONJUMP-0", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRIEFCASE BAT-FIGHT-0", 9); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRIEFCASE BAT-FIGHT-25", 2); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRIEFCASE BAT-MONJUMP-0", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRIEFCASE BAT-MONJUMP-25", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUGBEAR-IN-THE-BOX-FIGHT-0", 3); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUGBEAR-IN-THE-BOX-FIGHT-25", 4); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUGBEAR-IN-THE-BOX-MONJUMP-0", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUGBEAR-IN-THE-BOX-MONJUMP-25", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BULLET BILL-FIGHT-10", 4); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BULLET BILL-MONJUMP-10", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-FIGHT-0", 6); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-FIGHT-25", 14); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-FIGHT-45", 5); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-MONJUMP-0", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-MONJUMP-25", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-MONJUMP-45", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUSINESS HIPPY-FIGHT-0", 1); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUSINESS HIPPY-MONJUMP-0", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUZZY BEETLE-FIGHT-10", 4); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUZZY BEETLE-MONJUMP-10", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BaronDamage", 0); Line Deleted : user_pref("extensions.greasemonkey.scriptvals

I picked up an infection with the wedownload manager and I cannot get it to uninstall. When I try, I get a message that I do not have sufficient access to uninstall wedownload manager and to contact the system administrator. I also get a message that super shield block the wedownload manager file from running. And suggestions on how to get rid of this annoying program? My operating system is Windows 7. Thanks.

I seem to have been infected with this malware in spite of running pitstop. Now I'm wondering how to remove it? Any suggestions? Thanks.