Jump to content
Sign in to follow this  
ckelleher

How do I remove The wedownload manager?

Recommended Posts

I picked up an infection with the wedownload manager and I cannot get it to uninstall. When I try, I get a message that I do not have sufficient access to uninstall wedownload manager and to contact the system administrator. I also get a message that super shield block the wedownload manager file from running. And suggestions on how to get rid of this annoying program? My operating system is Windows 7. Thanks.

Share this post


Link to post
Share on other sites

I suggest you hit it with "both barrels".

 

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 3
Please download Malwarebytes' Anti-Malware to your desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).




In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

 

Share this post


Link to post
Share on other sites

Thanks so much! It took most of the morning but I think it got rid of it. Your instructions were stellar. Do you have a favorite website I can make a donation to as a thank you? Logs follow.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Cathy on Thu 02/27/2014 at 8:06:58.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [service] update betterbrowse
Successfully deleted: [service] update betterbrowse
Successfully stopped: [service] util betterbrowse
Successfully deleted: [service] util betterbrowse
Successfully stopped: [service] wajamupdater
Successfully deleted: [service] wajamupdater

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\inboxtoolbar
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\browserconnection.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\apn dtx
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilividtoolbarguid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2672902978-1940797462-4046743780-1001\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilividiehelper.dnsguard
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilividiehelper.dnsguard.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.appserver
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.ibx404
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.jsserver
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividmediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividmediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\search results toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612ad33d-9824-4e87-8396-92374e91c4bb}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\ilividsrtb
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422902274}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444904474}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422902274}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904474}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444904474}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904474}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38779BCD-A3AA-49B1-A109-C31E6C5D701D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{38779BCD-A3AA-49B1-A109-C31E6C5D701D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}

 

~~~ Files

Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\Windows\syswow64\sho32DD.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4EFA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC3F2.tmp

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Cathy\AppData\Roaming\mysearchdial"
Successfully deleted: [Folder] "C:\Users\Cathy\appdata\local\couponamazing"
Failed to delete: [Folder] "C:\Users\Cathy\appdata\local\ilivid"
Successfully deleted: [Folder] "C:\Users\Cathy\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Cathy\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Cathy\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Cathy\appdata\locallow\ilividtoolbarguid"
Successfully deleted: [Folder] "C:\Users\Cathy\appdata\locallow\inbox toolbar"
Successfully deleted: [Folder] "C:\Users\Cathy\appdata\locallow\mysearchdial"
Successfully deleted: [Folder] "C:\Program Files (x86)\betterbrowse"
Successfully deleted: [Folder] "C:\Program Files (x86)\file type helper"
Successfully deleted: [Folder] "C:\Program Files (x86)\inbox toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inbox toolbar"
Successfully deleted: [Folder] "C:\Users\Cathy\AppData\Roaming\microsoft\windows\start menu\programs\wajam"

 

~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\user.js
Successfully deleted: [File] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\searchplugins\mysearchdial.xml
Successfully deleted: [File] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\searchplugins\search_results.xml
Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\ilividtoolbarguid
Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\inbox toolbar
Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Successfully deleted the following from C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\prefs.js

user_pref("browser.search.order.1", "Mysearchdial");
user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0202&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtFtCyDt
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.expiration", "Thu Mar 06 2014 08:01
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.expiration", "Thu Feb 27 2014 11:31:04
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A49074%2C%22a
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.description", "Enhance your search results with direct download links and
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.value", "%22.crossrider-nofity-34345
user_pref("extensions.crossrider.bic", "14407631d68b6b56683a46d2a36edb14");
user_pref("extensions.mysearchdial.AL", 2);
user_pref("extensions.mysearchdial.aflt", "dsites0202");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
user_pref("extensions.mysearchdial.cntry", "US");
user_pref("extensions.mysearchdial.cr", "369720437");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,32
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hdrMd5", "57155BE1834A2F6E00DDC4FDD079B270");
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0202&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutBtFtB
user_pref("extensions.mysearchdial.id", "1C750841EEB5F045");
user_pref("extensions.mysearchdial.instlDay", "16127");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites0202&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtF
user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.016:28:10");
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0202&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutBtF
user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.sg", "none");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0202&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyEtC0E0E0ByD0FtDyEyDtN0D0Tzu0SyBzzzztN1L2XzutB
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:28:10");
user_pref("ibxcomtb.defs", "<buttons>\n<button id=\"reference_translator\" position=\"100\" default=\"3\" type=\"dropdown\" status_disabled=\"0\" ver=\"1.0.0.8\">\n <caption>
user_pref("ibxcomtb.skin", "<button id=\"BLUE_GREEN\" type=\"SKIN\" ver=\"1.0.0.2\">\n\n <expand firstbutton=\"11\" combo=\"27\" lastbutton=\"45\"/>\n <offset fb=\"2\" cb=\"
Emptied folder: C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\hn1so24i.default\minidumps [1159 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/27/2014 at 8:14:38.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.020 - Report created 27/02/2014 at 10:26:09
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cathy - CATHY-PC
# Running from : C:\Users\Cathy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\Program Files (x86)\The weDownload Manager
Folder Deleted : C:\Users\Cathy\AppData\Local\iLivid
Folder Deleted : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\hn1so24i.default\Extensions\[email protected]e264651bb.com
File Deleted : C:\Windows\Tasks\The weDownload Manager-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\The weDownload Manager-codedownloader
File Deleted : C:\Windows\Tasks\The weDownload Manager-enabler.job
File Deleted : C:\Windows\System32\Tasks\The weDownload Manager-enabler
File Deleted : C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\The weDownload Manager-firefoxinstaller
File Deleted : C:\Windows\Tasks\The weDownload Manager-updater.job
File Deleted : C:\Windows\System32\Tasks\The weDownload Manager-updater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{687b329b-03af-4734-a6a1-244352d1927d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e84ad48-bcda-4863-a07a-13bce6c21423}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{687b329b-03af-4734-a6a1-244352d1927d}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e84ad48-bcda-4863-a07a-13bce6c21423}
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\The weDownload Manager
Key Deleted : HKLM\Software\The weDownload Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager
Key Deleted : [x64] HKLM\SOFTWARE\caphyon
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\hn1so24i.default\prefs.js ]

Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.InstallationTime", 1391693262);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.active", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.addressbar", "NA");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.addressbarenhanced", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb.was_copied", "true");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb.was_copied", "true");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.backgroundver", 1);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.certdomaininstaller", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.changeprevious", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)")[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallationTime.value", "%221391693262%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22verticals-in[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.jw_token.value", "%2252d50032-633b-6c60-b5c9-8bf5a1f4c17b%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.domain", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.enablesearch", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.homepage", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.iframe", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%228CAE473B0A2B4200A08097EDD105B[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22vertical[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22ver[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%228CAE473B0A2B4200A080[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Tim[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_appVer.value", "44");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standar[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_nextCheck.expiration", "Thu Feb 27 2014 14:01:25 GMT-0700 (Mountain Standard [...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain St[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.expiration", "Wed May 28 2014 09:03:03 GMT-0600 (Mountain Day[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard [...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.__defualt_browser__.value", "%22ff%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%228CAE473B[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mounta[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mo[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_bundledWithHash.value", "null");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mou[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.lastDailyReport", "1393513285418");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.lastUpdate", "1393513285977");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.manifesturl", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.name", "The weDownload Manager");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.newtab", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.opensearch", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/49074/plugins/093/ff/plugins.json");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.pluginsversion", 40);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.publisher", "weDownload");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.searchstatus", 0);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.setnewtab", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.thankyou", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.updateinterval", 360);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.ver", 44);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.FilesValidatorDueTime", "1393513344310");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.apps", "49074");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.bic", "14407631d68b6b56683a46d2a36edb14");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.cid", 49074);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.firstrun", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.hadappinstalled", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.installationdate", 1391693340);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.modetype", "production");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.reportInstall", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.statsDailyCounter", 62);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_absintheDrops", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_aguaDrops", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_antarctic_flap", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_checkForReset", false);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_dayCount", 1070);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_familiarWeight", 35);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_feast_on_carrion", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_gongDrops", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_hasBirdform", true);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_haveOde", true);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_mayflySummons", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_mushroomDrops", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_musicDrops", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_navelRingRunaways", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_playerLevel", 33);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_puttyUses", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_pwdHash", "e351201bb1eea0caa68fc70dedce397f");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_rise_from_ashes", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_snatchRunaways", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_statue_treatment", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_talon_slash", 7);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_the_bird", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_underlingSummons", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_usingBandersnatch", false);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_usingNavelRing", false);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antimarty/antimarty birdform script.sweetie pi_wing_buffet", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.CurCharName-127.0.0.1:60082", "Sweetie Pi");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.CurCharName-www7.kingdomofloathing.com", "Sweetie Pi");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Prudence-SkillList", "Spleen of Steel, Torso Awaregness, CLEESH, Cannelloni Cocoon, Disco[...]
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.R6-.WITH BIZARRE ILLEGIBLE SHEET MUSIC, RECEIVE TANGO OF TERROR [DISCO BANDITS] OR DIRGE [...]
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-1335 HAXX0R-FIGHT-25", 4);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-1335 HAXX0R-MONJUMP-25", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF (MOIL)-FIGHT-0", 4);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF (MOIL)-MONJUMP-0", 4);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF (ROYALE)-FIGHT-0", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF (ROYALE)-MONJUMP-0", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF FOREMAN-FIGHT-0", 3);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-7-FOOT DWARF FOREMAN-MONJUMP-0", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ACID BLOB-FIGHT-0", 3);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ACID BLOB-MONJUMP-0", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALBINO BAT-FIGHT-0", 4);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALBINO BAT-MONJUMP-0", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALPHABET GIANT-FIGHT-0", 7);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALPHABET GIANT-FIGHT-25", 11);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALPHABET GIANT-MONJUMP-0", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ALPHABET GIANT-MONJUMP-25", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ANIME SMILEY-FIGHT-25", 3);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-ANIME SMILEY-MONJUMP-25", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension", "5");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-TowerLevel2", "ELECTRON SUBMARINE");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-TowerLevel4", "VICIOUS EASEL");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-Wussiness potion", "");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-bubbly potion", "Strength of Ten Ettins (+25% Mus: 10 Adv)");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-bubbly potion-IsGood", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-bubbly potion-Submitted", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-cloudy potion", "Izchak's Blessing (+25% Mox: 10 Adv)");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-cloudy potion-IsGood", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-cloudy potion-Submitted", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-dark potion", "Gain 14-16 HP and MP");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-dark potion-IsGood", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-dark potion-Submitted", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-effervescent potion", "Sleepy (-30% Mus: 20 Adv)");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-effervescent potion-IsGood", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-effervescent potion-Submitted", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-milky potion", "Object Detection (+12.5% Item Drops: 10 Adv)");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-milky potion-IsGood", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-milky potion-Submitted", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-murky potion", "Confused (-30% Mys: 20 Adv)");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-murky potion-IsGood", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-murky potion-Submitted", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-swirly potion", "Strange Mental Acuity (+25% Mys: 10 Adv)");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-swirly potion-IsGood", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-Ascension5-swirly potion-Submitted", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-AtBarrels", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-AtRats", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BANSHEE LIBRARIAN-FIGHT-0", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BANSHEE LIBRARIAN-MONJUMP-0", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BAR-FIGHT-0", 4);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BAR-FIGHT-25", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BAR-MONJUMP-0", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BAR-MONJUMP-25", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BASEBALL BAT-FIGHT-0", 7);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BASEBALL BAT-FIGHT-25", 5);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BASEBALL BAT-MONJUMP-0", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BASEBALL BAT-MONJUMP-25", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BEANBAT-FIGHT-0", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BEANBAT-MONJUMP-0", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BLOOPER-FIGHT-10", 3);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BLOOPER-MONJUMP-10", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BOB RACECAR-FIGHT-25", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BOB RACECAR-MONJUMP-25", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BOOKBAT-FIGHT-0", 4);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BOOKBAT-MONJUMP-0", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRAINSWEEPER-FIGHT--10", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRAINSWEEPER-MONJUMP--10", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BREAD GOLEM-FIGHT--10", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BREAD GOLEM-FIGHT-0", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BREAD GOLEM-MONJUMP--10", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BREAD GOLEM-MONJUMP-0", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRIEFCASE BAT-FIGHT-0", 9);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRIEFCASE BAT-FIGHT-25", 2);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRIEFCASE BAT-MONJUMP-0", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BRIEFCASE BAT-MONJUMP-25", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUGBEAR-IN-THE-BOX-FIGHT-0", 3);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUGBEAR-IN-THE-BOX-FIGHT-25", 4);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUGBEAR-IN-THE-BOX-MONJUMP-0", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUGBEAR-IN-THE-BOX-MONJUMP-25", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BULLET BILL-FIGHT-10", 4);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BULLET BILL-MONJUMP-10", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-FIGHT-0", 6);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-FIGHT-25", 14);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-FIGHT-45", 5);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-MONJUMP-0", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-MONJUMP-25", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BURLY SIDEKICK-MONJUMP-45", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUSINESS HIPPY-FIGHT-0", 1);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUSINESS HIPPY-MONJUMP-0", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUZZY BEETLE-FIGHT-10", 4);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BUZZY BEETLE-MONJUMP-10", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://batmantis.com/kol/Naltrexone's KoL Scripts - MonsterStats.Sweetie Pi-BaronDamage", 0);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals

Share this post


Link to post
Share on other sites

If you want to donate something... give it to the people who made the tools you used. Information for donating to them can be found:

 

JRT

AdwCleaner

 

You had a lot of garbage on there. Ilivid and yontoo are nasty buggers and usually hijack your searches. You never mentioned this problem so you are lucky.

 

What did Mbam find? If it found something nasty... we might want to dig deeper.

Share this post


Link to post
Share on other sites

I thought I was good to go but then I started getting ads from getsoftfree and http://www.comparetheinsurance.com/cars.html. The Mbam log is below.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.27.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Cathy :: CATHY-PC [administrator]

2/27/2014 11:08:09 AM
mbam-log-2014-02-27 (11-08-09).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 426345
Time elapsed: 1 hour(s), 21 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\Software\BetterBrowse (PUP.Optional.BetterBrowse.A) -> No action taken.
HKCU\Software\BetterBrowse (PUP.Optional.BetterBrowse.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 21
C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-bg.exe.vir (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe.vir (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-enabler.exe.vir (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe.vir (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-updater.exe.vir (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\utils.exe.vir (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3O6MBWW7\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVZDKATU\Setup[1].exe (PUP.Optional.BetterBrowse.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLHZOR78\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZOWES9ND\JRT[1].exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Temp\BetterBrowseSetup.exe (PUP.Optional.BetterBrowse.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Temp\nsd4636.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Temp\nso9B2B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Temp\nst98D9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Temp\nsy43A6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Temp\is357113909\8690665_stp\Mysearchdial.exe (PUP.Optional.MySpeedDial.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Temp\is357113909\8690759_stp\ConvertFilesforFree_7.12_Ironcore3_release.exe (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Local\Temp\nsi1371\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\Desktop\Downloads\mozilla firefox setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\Desktop\Downloads\TranslatorSetup.exe (PUP.Optional.ToolBarInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Cathy\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Most of what Mbam found had already been quarantined... but there are a few "new" ones in there. I'm guessing that someone who uses this computer is a gamer and downloads lots of cheats and hacks to the games? I have a nephew who is a high school sophomore. His computer sometimes looks like yours.

 

Let's dig deeper, because we are using more sophisticated anti-malware tools, I'm moving this topic to the "have I been Hijacked" forum :

 

Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

Share this post


Link to post
Share on other sites

Here is the log. And as for my computer, it's pretty much just me, the problems started after I tried to download a driver for an old webcam.

 

ComboFix 14-02-24.02 - Cathy 02/27/2014 15:26:40.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1846 [GMT -7:00]

Running from: c:\users\Cathy\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Cathy\AppData\Roaming\Microsoft\Windows\Recent\Dropbox.url

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2014-01-27 to 2014-02-27 )))))))))))))))))))))))))))))))

.

.

2014-02-27 22:35 . 2014-02-27 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-02-27 21:15 . 2014-02-27 21:15 -------- d-----w- c:\users\Cathy\AppData\Local\Logitech® Webcam Software

2014-02-27 21:10 . 2014-02-27 21:10 -------- d-----w- c:\programdata\LogiShrd

2014-02-27 21:10 . 2014-02-27 21:10 53248 ----a-r- c:\users\Cathy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2014-02-27 21:10 . 2014-02-27 21:10 -------- d-----w- c:\users\Cathy\AppData\Roaming\Leadertech

2014-02-27 21:09 . 2012-09-21 19:09 542568 ----a-w- c:\windows\SysWow64\LVUI2.dll

2014-02-27 21:09 . 2012-09-21 19:09 538472 ----a-w- c:\windows\SysWow64\LVUI2RC.dll

2014-02-27 21:08 . 2014-02-27 21:10 -------- d-----w- c:\program files (x86)\Logitech

2014-02-27 20:51 . 2014-02-27 22:32 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D1FA107-3C27-497A-BD03-AB3DC39887E8}\offreg.dll

2014-02-27 18:07 . 2014-02-27 18:07 -------- d-----w- c:\users\Cathy\AppData\Roaming\Malwarebytes

2014-02-27 18:07 . 2014-02-27 18:07 -------- d-----w- c:\programdata\Malwarebytes

2014-02-27 18:07 . 2014-02-27 18:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-02-27 18:07 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-27 18:00 . 2014-02-27 21:10 -------- d-----w- c:\program files (x86)\Common Files\logishrd

2014-02-27 18:00 . 2014-02-27 21:09 -------- d-----w- c:\program files\Common Files\logishrd

2014-02-27 16:50 . 2014-02-27 20:30 -------- d-----w- C:\AdwCleaner

2014-02-27 15:06 . 2014-02-27 15:06 -------- d-----w- c:\windows\ERUNT

2014-02-27 04:24 . 2014-02-27 05:06 -------- d-----w- c:\programdata\InstallShield

2014-02-27 01:13 . 2014-02-27 01:13 -------- d-----w- c:\users\Cathy\AppData\Local\Skype

2014-02-27 01:13 . 2014-02-27 01:13 -------- d-----w- c:\program files (x86)\Common Files\Skype

2014-02-27 00:55 . 2014-02-27 00:55 -------- d-----w- c:\program files (x86)\GE

2014-02-27 00:54 . 2001-09-05 11:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2014-02-27 00:54 . 2001-09-05 11:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll

2014-02-27 00:54 . 2001-09-05 11:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2014-02-27 00:54 . 2001-09-05 11:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2014-02-27 00:54 . 2004-03-05 23:51 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2014-02-26 23:28 . 2014-02-26 23:28 -------- d-----w- c:\program files (x86)\Convert Files for Free

2014-02-26 19:57 . 2014-02-26 19:58 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-02-26 19:57 . 2014-02-26 19:58 -------- d-----w- c:\program files\iTunes

2014-02-26 19:57 . 2014-02-26 19:58 -------- d-----w- c:\program files (x86)\iTunes

2014-02-26 19:57 . 2014-02-26 19:57 -------- d-----w- c:\program files\iPod

2014-02-26 10:02 . 2014-02-26 10:02 -------- d-----w- c:\windows\Migration

2014-02-25 09:12 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D1FA107-3C27-497A-BD03-AB3DC39887E8}\mpengine.dll

2014-02-21 19:47 . 2014-02-21 19:47 17858952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2014-02-12 10:02 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2014-02-12 10:02 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll

2014-02-12 10:00 . 2014-02-06 22:55 806104 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2014-02-12 10:00 . 2014-02-06 22:24 808152 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe

2014-02-12 10:00 . 2014-02-06 09:50 2041856 ----a-w- c:\windows\system32\inetcpl.cpl

2014-02-12 10:00 . 2014-02-06 09:24 2334208 ----a-w- c:\windows\system32\wininet.dll

2014-02-12 10:00 . 2014-02-06 09:09 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2014-02-12 10:00 . 2014-02-06 08:55 1393664 ----a-w- c:\windows\system32\urlmon.dll

2014-02-12 10:00 . 2014-02-06 09:22 13051392 ----a-w- c:\windows\system32\ieframe.dll

2014-02-12 10:00 . 2014-02-06 10:11 5768704 ----a-w- c:\windows\system32\jscript9.dll

2014-02-12 10:00 . 2014-02-06 09:25 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll

2014-02-07 08:00 . 2012-10-24 20:39 82872 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2014-02-06 13:28 . 2014-01-28 06:55 272496 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-21 19:47 . 2012-04-19 14:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-21 19:47 . 2012-04-19 14:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-02-15 10:00 . 2011-10-16 03:30 88567024 ----a-w- c:\windows\system32\MRT.exe

2014-01-17 08:08 . 2014-01-17 08:08 312744 ----a-w- c:\windows\system32\javaws.exe

2014-01-17 08:08 . 2014-01-17 08:08 189352 ----a-w- c:\windows\system32\javaw.exe

2014-01-17 08:08 . 2014-01-17 08:08 189352 ----a-w- c:\windows\system32\java.exe

2014-01-17 08:08 . 2014-01-17 08:08 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2014-01-17 08:06 . 2014-01-17 08:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr

2013-12-18 13:13 . 2011-09-01 20:30 270496 ------w- c:\windows\system32\MpSigStub.exe

2013-12-16 13:43 . 2013-12-16 13:43 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-12-16 13:43 . 2013-12-16 13:43 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-12-16 13:43 . 2013-12-16 13:43 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-12-16 13:43 . 2013-12-16 13:43 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-12-16 13:43 . 2013-12-16 13:43 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-12-16 13:43 . 2013-12-16 13:43 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-12-16 13:43 . 2013-12-16 13:43 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-12-16 13:43 . 2013-12-16 13:43 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-12-16 13:43 . 2013-12-16 13:43 81408 ----a-w- c:\windows\system32\icardie.dll

2013-12-16 13:43 . 2013-12-16 13:43 774144 ----a-w- c:\windows\system32\jscript.dll

2013-12-16 13:43 . 2013-12-16 13:43 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-12-16 13:43 . 2013-12-16 13:43 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-12-16 13:43 . 2013-12-16 13:43 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-12-16 13:43 . 2013-12-16 13:43 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-12-16 13:43 . 2013-12-16 13:43 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-12-16 13:43 . 2013-12-16 13:43 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-12-16 13:43 . 2013-12-16 13:43 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-12-16 13:43 . 2013-12-16 13:43 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-12-16 13:43 . 2013-12-16 13:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-12-16 13:43 . 2013-12-16 13:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-12-16 13:43 . 2013-12-16 13:43 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-12-16 13:43 . 2013-12-16 13:43 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-12-16 13:43 . 2013-12-16 13:43 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-12-16 13:43 . 2013-12-16 13:43 413696 ----a-w- c:\windows\system32\html.iec

2013-12-16 13:43 . 2013-12-16 13:43 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-12-16 13:43 . 2013-12-16 13:43 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-12-16 13:43 . 2013-12-16 13:43 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-12-16 13:43 . 2013-12-16 13:43 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-12-16 13:43 . 2013-12-16 13:43 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-12-16 13:43 . 2013-12-16 13:43 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-12-16 13:43 . 2013-12-16 13:43 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-12-16 13:43 . 2013-12-16 13:43 247808 ----a-w- c:\windows\system32\msls31.dll

2013-12-16 13:43 . 2013-12-16 13:43 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-12-16 13:43 . 2013-12-16 13:43 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-12-16 13:43 . 2013-12-16 13:43 235520 ----a-w- c:\windows\system32\url.dll

2013-12-16 13:43 . 2013-12-16 13:43 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-12-16 13:43 . 2013-12-16 13:43 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-12-16 13:43 . 2013-12-16 13:43 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-12-16 13:43 . 2013-12-16 13:43 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-12-16 13:43 . 2013-12-16 13:43 147968 ----a-w- c:\windows\system32\occache.dll

2013-12-16 13:43 . 2013-12-16 13:43 143872 ----a-w- c:\windows\system32\wextract.exe

2013-12-16 13:43 . 2013-12-16 13:43 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-12-16 13:43 . 2013-12-16 13:43 13824 ----a-w- c:\windows\system32\mshta.exe

2013-12-16 13:43 . 2013-12-16 13:43 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-12-16 13:43 . 2013-12-16 13:43 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-12-16 13:43 . 2013-12-16 13:43 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-12-16 13:43 . 2013-12-16 13:43 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-12-16 13:43 . 2013-12-16 13:43 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-12-16 13:43 . 2013-12-16 13:43 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-12-16 13:43 . 2013-12-16 13:43 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-12-16 13:43 . 2013-12-16 13:43 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-12-16 13:43 . 2013-12-16 13:43 101376 ----a-w- c:\windows\system32\inseng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}]

2014-01-28 10:22 116344 ----a-w- c:\program files (x86)\Convert Files for Free\ConvertFilesforFree.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Download Nitro"="c:\program files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe" [2011-06-30 3597520]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-11 20924576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]

"Info Center"="c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2012-09-01 27328]

"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-28 1667072]

"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"PC MaticRT"="c:\program files (x86)\PCPitstop\Super Shield\PCMaticRT.exe" [2014-02-06 1601648]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-11 20924576]

.

c:\users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Cathy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]

Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x]

R3 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]

R3 ConvertFilesforFreeUpdt;ConvertFilesforFreeUpdt;c:\program files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe;c:\program files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

R3 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdlserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdlserv.exe [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]

R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe;c:\windows\SYSNATIVE\lxdlcoms.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

S2 PCPitstop Realtime;PCPitstop Realtime;c:\program files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe;c:\program files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [x]

S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.38103.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.3.38103.0.sys [x]

S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]

S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]

S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]

S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]

S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 19:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Cathy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-09-13 13653208]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-03 206208]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

"lxdlmon.exe"="c:\program files (x86)\Lexmark 7500 Series\lxdlmon.exe" [2010-02-17 455336]

"lxdlamon"="c:\program files (x86)\Lexmark 7500 Series\lxdlamon.exe" [2010-02-17 25256]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25

TCP: Interfaces\{C4F9F043-A052-4721-88CC-62FB87C36EB6}: NameServer = 205.171.3.25,205.171.2.25

FF - ProfilePath - c:\users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\hn1so24i.default\

FF - prefs.js: keyword.URL -

FF - ExtSQL: 2014-02-04 06:51; [email protected]; c:\users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\hn1so24i.default\extensions\[email protected]

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

BHO-{11111111-1111-1111-1111-110411901174} - c:\program files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.12"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-02-27 15:38:16

ComboFix-quarantined-files.txt 2014-02-27 22:38

.

Pre-Run: 200,428,527,616 bytes free

Post-Run: 200,300,220,416 bytes free

.

- - End Of File - - 9F1DFEC516030B4C15F057D4F9C4AD55

Share this post


Link to post
Share on other sites

That looks good to me. Are you still getting pop-ups?

 

Let's try an online scan (the takes roughly forever to run):

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

Share this post


Link to post
Share on other sites

Okay I don't quite know how, but I screwed this up. I started by trying to disable my PCMatic Super Shield. It was missing from the system tray so I found it under programs and clicked on it and nothing came up. So I figured it was disabled and started ESET and went to bed, this morning it had found 18 threats, they were listed but I don't know what they were. ESET gave me the option to save to text file or clipboard. I choose text file and assigned a file name. Then that window locked up. After a couple of minutes it let me close it but I never got the option to FINISH. It did not save the text file. And my virus protection software seems to be MIA. I am willing to buy ESET (or another program) if that will help resolve my problem. I am still getting the GETSOFTFREE popups.

Edited by ckelleher

Share this post


Link to post
Share on other sites

Eset should have only scanned and not made any changes. You have apparently already purchased PCMatic and should not need anything else. I did not realize that you had PCMatic. They have ways to work on your computer that I don't. Because you are a paid customer... I suggest that you post here: http://forums.pcpitstop.com/index.php?/forum/29-pc-pitstops-paid-products/

One of the PCMatic employees should be able to get you straightened out.

Edited by Tomk_

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...