Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware/Virus possible Artua Vladislav (fs) and other symptoms [Closed

Started by Feather24 , Aug 16 2013 08:41 AM

This topic is locked

#16
godawgs

Posted 19 August 2013 - 08:05 PM

Teacher

Retired Staff
8,228 posts

Ok, good news. I managed to uninstall Ad-Adware and I checked in the control panel uninstall as instructed nothing there.

Finally....Hooray...Yipee...Hot Dog!!!! :woot:

Now we will start removing the Malware. Before we begin we will need to disable SpyBot S&D and SuperAntiSpyware so their real-time protection doesn't interfere with our fixes. You don't need them both and you can't have both of them running at the same time. So if you paid for the programs you are gonna have a decision to make after the system is clean. IF you are running the trial versions of Super AntiSpyware and SpyBot S&D then you won't be deleting a program or programs that you paid for.

It might be easier to download the tools you will need for this run all at one time. Then close the browser and any open windows before running them.

Step-1.

A.
Disable SpyBot S&D TeaTimer

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.
In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer.

Right click the Spybot Icon in the System Tray (looks like a calendar with a padlock symbol ) and click Exit Spybot S&D Resident
Run Spybot S&D
Go to the Mode menu, and make sure Advanced Mode is selected.
You may be presented with a warning dialog. If so, press Yes.
Click on
Click on
Uncheck these boxes:
Close Spybot S&D and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

B.
Disable SuperAntiSpyware

We need to disable SuperAntiSpyware so it won't interfere with our fixes. To do that:

Start the SuperAntiSpyware program
Click the General tab.
Uncheck the box beside Start SuperAntiSpyware when Windows starts
Click the Real-Time Protection tab
Uncheck the box beside Enable Real-Time Protection
Uncheck the box beside Enable First Chance Protection
Click the Close button
Restart the computer and make sure that the brown / orange bug is not in the system tray.

Step-2.

Uninstall AVG Security Toolbar

1. Please click the Start Orb

, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

AVG Security Toolbar

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Step-3

Posted Image

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKLM\..\URLSearchHook: {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\URLSearchHook: {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\SearchScopes\{17264AA2-9D6F-4E1A-9CAE-FF3E7981239B}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-11-24 11:57:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\SearchScopes\{A0654BF8-EAD4-48A6-9AB8-9B3DB0DF2B1B}: "URL" = http://search.avg.co...{language}&nt=1
IE - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.c...pr&d=2012-11-24 11:57:50&v=15.2.0.5&pid=avg&sg=0&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B7473b6bd-4691-4744-a82b-7854eb3d70b6%7D:10.16.70.505
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.5.0.2
FF - prefs.js..keyword.URL: "http://isearch.avg.c...pr&d=2012-11-24 11:57:50&pid=avg&sg=0&v=15.2.0.5&sap=ku&q="
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 [2013/08/14 23:01:53 | 000,000,000 | ---D | M]
[2013/07/28 18:13:29 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/08/14 23:01:53 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.5.0.2
[2013/02/18 23:52:04 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Productivity 2.2 Toolbar) - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Productivity 2.2 Toolbar) - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\..\Toolbar\WebBrowser: (Productivity 2.2 Toolbar) - {E84CC2C1-B722-48FC-A39C-EDB8B525C777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll (Conduit Ltd.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
[2013/08/19 19:08:46 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2011/06/25 16:53:30 | 000,001,392 | -HS- | C] () -- C:\Users\Frances\AppData\Local\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1
[2011/06/25 16:53:30 | 000,001,392 | -HS- | C] () -- C:\ProgramData\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1
[2011/06/18 17:38:20 | 000,001,360 | -HS- | C] () -- C:\Users\Frances\AppData\Local\fbqvkjri7s8e0w8k8uvp2lyp08j
[2011/06/18 17:38:20 | 000,001,360 | -HS- | C] () -- C:\ProgramData\fbqvkjri7s8e0w8k8uvp2lyp08j
[2011/05/06 18:05:06 | 000,001,460 | -HS- | C] () -- C:\Users\Frances\AppData\Local\tr6s6534b3561
[2011/05/06 18:05:06 | 000,001,460 | -HS- | C] () -- C:\ProgramData\tr6s6534b3561

:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image

on your desktop. To do that:

Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the Posted Image

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image

button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Step-4

Run aswMBR

Download aswMBR.exe to your desktop.
Right click the file aswMBR.exe and click Run as Administrator. If you get a UAC prompt allow the file to run.
If it asks you if you want to download the latest virus definitions, click Yes
Click the "Scan" button to start the scan
On completion of the scan click save log. Save it to your desktop and post in your next reply.

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.

Step-5.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

Right click the adwcleaner.exe file, click Run as administrator, then accept the UAC prompt to run AdwCleaner.
Click the Search button and wait for the scan to finish.
Once done it may ask to reboot, allow this. Do Not delete anything at this time.
On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The aswMBR log
3. The AdwCleaner[R1].txt log

#17
Feather24

Posted 20 August 2013 - 06:43 AM

Member

Topic Starter
Member
251 posts

Hi godawgs, yes great that it finally happened!

Firstly I have free versions of superantispyware, spybot. I have the paid version for AVG so want to hang onto that! Also free version malwarebytes although you haven't mentioned that here.

Ok, I have done the following and then needed to stop and check a couple of things first before I run OTL scan. I needed to run them in administrator to do the steps.

1. I completed the steps for superantispyware and the bug doesn't appear - good.
Note: when I went to uncheck "realtime protection" and "enable first change" both of these were already unchecked for some reason.

2. I completed the steps for Spybot version 1.6.2. I realise that for some reason I have 2 versions of Spybot, I think this might have happened when I wanted to update it and it didn't extract the previous version. I have the newer version 2.1 as well.

I wasn't able to follow your instructions for 2.1 version - so not sure if I need to do something with that as well?

3. You have asked me to uninstall AVG however I don't have a hard disk to reinstall it, I was send an electronic download and a) I'm uncertain I can still use that (does it expire) (b) I need to locate the download first so that I am sure I can re-install it. I'll get to this urgently.

Please can you advise about these points before I run the scan.

Rather be safe than sorry!

Thanks

#18
Feather24

Posted 20 August 2013 - 06:57 AM

Member

Topic Starter
Member
251 posts

Hello,

I just realised that I misread your instructions for step 2 - I realise that you want me to uninstall AVG security toolbar NOT full antivirus program - that resolves that query.

Ok, I've done step 2 now and that completed fine. Apologies!

I just need to check with you about spybot 2.1 version before I run the OTL fix.

thanks

#19
godawgs

Posted 20 August 2013 - 01:51 PM

Teacher

Retired Staff
8,228 posts

Ok, I have done the following and then needed to stop and check a couple of things first before I run OTL scan. I needed to run them in administrator to do the steps.

That is an OTL FIX, not a scan. You must press the RUN FIX button. And the tools do need to be run as an Administrator. The instructions state that clearly. But I'm glad you stopped and asked if you weren't sure.

Yes. Please run the OTL fix, the aswMBR scan and the AdwCleaner scan and post the logs.

Firstly I have free versions of superantispyware, spybot.

OK. You must have opted for the 14 day trial of the full versions when you installed the programs. At any rate you won't be losing anything if they are uninstalled.

I completed the steps for Spybot version 1.6.2. I realise that for some reason I have 2 versions of Spybot, I think this might have happened when I wanted to update it and it didn't extract the previous version. I have the newer version 2.1 as well.

Acknowledged. I don't believe that version 2 adds a start up key to the registry so as long as you don't see the SpyBot icon in the system tray we're good.

Glad you realized that it was the toolbar I wanted uninstalled. :lol:

#20
Feather24

Posted 21 August 2013 - 07:36 AM

Member

Topic Starter
Member
251 posts

Hello Godawgs,

I need some help. I started the fix, it said it was doing it creating a restore point..... however after about 1 1/2hrs it still hadn't completed and I needed to use the PC for a skype call.

I decided to go to the library and contact you to check out what to do rather than risk damaging the machine. I've left it running, so perhaps when I get home it might have finished (I'm hoping).

I wasn't sure how long the fix should take as you didn't mention rough timescales, I guess it's a bit different for each machine and subsequent problem to really give me an idea?

Ok, I'll leave it on today and over night if necessasry and check back here tomorrow. If when I get home it has finished I'll let you know.

I also wanted to check something with you. My screen shuts down every 10 mins to save energy, I just wiggled (not clicked) the mouse to get the screen back, so I could see what was happening. I assume this didn't affect anything, it still said it was creating a restore point as before, so I assume that was ok.

Thanks Godawgs.

#21
godawgs

Posted 21 August 2013 - 11:27 AM

Teacher

Retired Staff
8,228 posts

Hello,

It should have only taken a few minutes for the fix to work. If OTL is still at "creating a restore point" close OTL.

Next I want you to try to manually set a restore point. To do that:

Create a Fresh Restore Point

Click the Start Orb . Right click Computer and click Properties
In the left column under Tasks, click System Protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Click the System Protection Tab.
In the Available Disks section put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
- In Windows 7 it will be named Protection Settings. Make sure the protection is On for Local Disk (?) (System).
Note: It may take some time for the system to populate the Available Disks box, so be patient.
Click the Create button at the bottom
A System Protection window will open.
Type in a name for the restore point, i.e: Clean and click Create
The System Protection window will tell you a Restore Point is being created.
The System Protection window will then tell you the Restore Point was created successfully. Click OK
Click OK again.
Close the Control Panel

If you were able to create the restore point, go back to post #16 and continue, starting with Step 3.
If you were not able to create the restore point, skip Step 3 but complete Setps 4 and 5 and post those logs.

#22
Feather24

Posted 22 August 2013 - 01:26 PM

Member

Topic Starter
Member
251 posts

Hello Godawgs,
Thanks for your last letter and your patience with my system!

Ok I rebooted my computer as I couldn't close OTL, that was fine.

Success!
1. I managed to create the restore point as you detailed. Actually I create 2 restore points by accident. One called clean and another called Before New Antivirus because that was what you provided in the picture. I guess that's ok though?

I ran the OTL Fix and below are the log details.

2. Step 4 - problems:
I tried to download MBR and wouldn't let me.

3. Tried saving Adwcleaner and it wouldn't let me:

Not sure if it has something do to with my internet explorer browser. When I tried it defaulted to this page: http://general-chang...de/2-adwcleaner

It seems to have change the language to French!

It also mentions something about IE security problems here: http://general-chang...r-on-adwcleaner

I haven't tried just running the prog rather than saving then running, of course I wouldn't be able to specify as administrator if I did. Do you want me to change my internet browser and try that e.g. in Firefox?

Here is the OTL Fix log as mentioned:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e84cc2c1-b722-48fc-a39c-edb8b525c777} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\ deleted successfully.
C:\Program Files\Productivity_2.2\prxtbPro0.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e84cc2c1-b722-48fc-a39c-edb8b525c777} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\ not found.
File C:\Program Files\Productivity_2.2\prxtbPro0.dll not found.
Registry key HKEY_USERS\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{17264AA2-9D6F-4E1A-9CAE-FF3E7981239B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17264AA2-9D6F-4E1A-9CAE-FF3E7981239B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A0654BF8-EAD4-48A6-9AB8-9B3DB0DF2B1B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0654BF8-EAD4-48A6-9AB8-9B3DB0DF2B1B}\ not found.
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine
Prefs.js: "http://isearch.avg.c...pr&d=2012-11-24 11:57:50&v=15.2.0.5&pid=avg&sg=0&sap=hp" removed from browser.startup.homepage
Prefs.js: %7B7473b6bd-4691-4744-a82b-7854eb3d70b6%7D:10.16.70.505 removed from extensions.enabledAddons
Prefs.js: avg%40toolbar:15.5.0.2 removed from extensions.enabledAddons
Prefs.js: "http://isearch.avg.c...pr&d=2012-11-24 11:57:50&pid=avg&sg=0&v=15.2.0.5&sap=ku&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ not found.
File C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar not found.
File C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 not found.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\modules folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\META-INF folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults\preferences folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\components folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\sl folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\lib\jquery.alerts folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\lib folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\core folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\sp\spsd\images folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\sp\spsd folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\sp\spbd\images folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\sp\spbd folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\sp\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\sp folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\images folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\msd folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\api folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\res folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\img folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\logic\uninstall\dialog\js folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\logic\uninstall\dialog\images folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\logic\uninstall\dialog\css folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\logic\uninstall\dialog folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\logic\uninstall folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\logic folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468 folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome folder moved successfully.
C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} folder moved successfully.
Folder C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.5.0.2\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\ not found.
File C:\Program Files\Productivity_2.2\prxtbPro0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e84cc2c1-b722-48fc-a39c-edb8b525c777} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\ not found.
File C:\Program Files\Productivity_2.2\prxtbPro0.dll not found.
Registry value HKEY_USERS\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E84CC2C1-B722-48FC-A39C-EDB8B525C777} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E84CC2C1-B722-48FC-A39C-EDB8B525C777}\ not found.
File C:\Program Files\Productivity_2.2\prxtbPro0.dll not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll not found.
C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job moved successfully.
C:\Users\Frances\AppData\Local\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1 moved successfully.
C:\ProgramData\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1 moved successfully.
C:\Users\Frances\AppData\Local\fbqvkjri7s8e0w8k8uvp2lyp08j moved successfully.
C:\ProgramData\fbqvkjri7s8e0w8k8uvp2lyp08j moved successfully.
C:\Users\Frances\AppData\Local\tr6s6534b3561 moved successfully.
C:\ProgramData\tr6s6534b3561 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Frances\Desktop\cmd.bat deleted successfully.
C:\Users\Frances\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Frances
->Temp folder emptied: 10524194 bytes
->Temporary Internet Files folder emptied: 276651882 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 436203012 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 19220 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66220005 bytes
RecycleBin emptied: 641803 bytes

Total Files Cleaned = 754.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08222013_194903

Files\Folders moved on Reboot...
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5BUQKH6K\index[1].htm moved successfully.
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5BUQKH6K\i[2] moved successfully.
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I wait to hear back from you for next step.

thanks :thumbsup:

#23
godawgs

Posted 23 August 2013 - 06:55 PM

Teacher

Retired Staff
8,228 posts

Hello Godawgs,
Thanks for your last letter and your patience with my system!

You are welcome.

I managed to create the restore point as you detailed. Actually I create 2 restore points by accident. One called clean and another called Before New Antivirus because that was what you provided in the picture. I guess that's ok though?

That picture was just a generic image showing what the create a restore point screen looks like. But it's all ok.

I got the OTL log. Thanks

I tried to download MBR and wouldn't let me.

What error did you get?

Tried saving Adwcleaner and it wouldn't let me:
Not sure if it has something do to with my internet explorer browser. When I tried it defaulted to this page: http://general-chang...de/2-adwcleaner
It seems to have change the language to French!

It didn't change your default page or language. The link was to the tool author's site in France.

It also mentions something about IE security problems here: http://general-chang...r-on-adwcleaner

You got that because the SmartFilter in IE is turned on.
Microsoft provides a filter against malicious websites on Internet Explorer 8 and 9. It is the SmartScreen Filter. This filter also scans downloaded files from Internet Explorer and blocks the download in case of problems.
Unfortunately this filter flags some of our tools a malicious. It is a false positive.
At any rate the AdwCleaner tool has changed and I will post new directions for downloading and running it. We will download AdwCleaner from a site here in the US.

NOTE: I want you to use Firefox to download the tools. Don't forget to change the file download location to the desktop. If you need directions for that see my first post.

Step-1.

Run aswMBR

Download aswMBR.exe to your desktop.

Close the browser and all open windows.
Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
If it asks you if you want to download the latest virus definitions, click Yes
Click the "Scan" button to start the scan
On completion of the scan click save log. Save it to your desktop and post in your next reply.

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.

Step-2.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

Close the browser and all open windows.

Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Scan button and wait for the scan to finish.
Once done it may ask to reboot, allow this. Do Not delete anything at this time.
On reboot a log will be produced. Please copy/paste that in your next reply. To do that:
Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

This report is also saved to C:\AdwCleaner[R1].txt. NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Step-3

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The aswMBR log
2. The AdwCleaner[R1].txt log

#24
Feather24

Posted 26 August 2013 - 04:19 PM

Member

Topic Starter
Member
251 posts

Hi Godawgs, I'll be replying on Tuesday I just needed a bit more time. Just so you know.

thanks

#25
Feather24

Posted 27 August 2013 - 08:02 AM

Member

Topic Starter
Member
251 posts

Hi Godawgs

1. I managed to download both aswmbr.exe (although this took about 1hr!) and adwcleaner (just a few minutes).

2. I have run the scan for aswmbr.exe (it was defaulted to quick scan option) as instructed, below is the log file.

3. I went to scan with adwcleaner and it started doing it then, it said "pending. Please uncheck elements you don't want to remove". So I closed it and just need instructions about what to do next.

thank you.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-27 14:18:29
-----------------------------
14:18:29.224 OS Version: Windows 6.1.7601 Service Pack 1
14:18:29.224 Number of processors: 2 586 0x170A
14:18:29.225 ComputerName: FRANCES-PC UserName: Frances
14:18:30.388 Initialize success
14:21:01.235 AVAST engine defs: 13082700
14:21:14.689 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:21:14.692 Disk 0 Vendor: ST3802110A 3.AAJ Size: 76318MB BusType: 3
14:21:14.695 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
14:21:14.698 Disk 1 Vendor: WDC_WD2500AAJS-00V4A0 05.01D05 Size: 238474MB BusType: 3
14:21:14.802 Disk 1 MBR read successfully
14:21:14.808 Disk 1 MBR scan
14:21:14.814 Disk 1 Windows 7 default MBR code
14:21:14.818 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:21:14.829 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 238372 MB offset 206848
14:21:14.838 Disk 1 scanning sectors +488392704
14:21:14.920 Disk 1 scanning C:\Windows\system32\drivers
14:21:24.284 Service scanning
14:21:49.253 Modules scanning
14:21:53.083 Disk 1 trace - called modules:
14:21:53.104 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:21:53.110 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85639ac8]
14:21:53.117 3 CLASSPNP.SYS[8880459e] -> nt!IofCallDriver -> [0x851ac918]
14:21:53.124 5 ACPI.sys[886b93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x851b4030]
14:21:54.085 AVAST engine scan C:\Windows
14:21:55.876 AVAST engine scan C:\Windows\system32
14:26:25.138 AVAST engine scan C:\Windows\system32\drivers
14:26:39.901 AVAST engine scan C:\Users\Frances
14:32:04.074 AVAST engine scan C:\ProgramData
14:33:41.522 Scan finished successfully
14:39:31.470 Disk 1 MBR has been saved successfully to "C:\Users\Frances\Desktop\MBR.dat"
14:39:31.478 The log file has been saved successfully to "C:\Users\Frances\Desktop\aswMBR scan1.txt"

#26
godawgs

Posted 27 August 2013 - 09:58 AM

Teacher

Retired Staff
8,228 posts

Hello,

The aswMBR scan looks good. I want you to look in the root drive C:\ for a folder named AdwCleaner. Open that folder and there will be a file named AdwCleaner.[R0].txt. Copy and paste the contents of that file into your next reply.
If you can't find it that way, click the Start Orb and in the Start Search box type adwcleaner[r0].txt. The menu above the Start Search box will populate. Find the AdwCleaner[R0].txt file and click it to open it. Then copy and paste the contents into your next reply.

#27
Feather24

Posted 27 August 2013 - 10:58 AM

Member

Topic Starter
Member
251 posts

Hello,

The file didn't have .txt at the end however I think this is what you want. If not please let me know.

thanks

# AdwCleaner v3.001 - Report created 27/08/2013 at 14:49:06
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Frances - FRANCES-PC
# Running from : C:\Users\Frances\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\\invalidprefs.js
File Found : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\searchplugins\Askcom.xml
File Found : C:\Users\Frances\Desktop\Uninstall.exe
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found : C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found : C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\Extensions\[email protected]
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Productivity_2.2
Folder Found C:\Program Files\Productivity_2.2
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\InstallMate
Folder Found C:\Users\Frances\AppData\Local\cre
Folder Found C:\Users\Frances\AppData\Local\PackageAware
Folder Found C:\Users\Frances\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Frances\AppData\LocalLow\Conduit
Folder Found C:\Users\Frances\AppData\LocalLow\PriceGong
Folder Found C:\Users\Frances\AppData\LocalLow\Productivity_2.2
Folder Found C:\Users\Frances\AppData\LocalLow\Productivity_2.2
Folder Found C:\Users\Frances\AppData\LocalLow\ShoppingReport2
Folder Found C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\Smartbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Productivity_2.2
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4FCD0E0E-B424-4FC7-BF2E-B1EC7D6B05BE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCD0E0E-B424-4FC7-BF2E-B1EC7D6B05BE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Interface\
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10E4F011-3AB3-4018-A8CC-9E775AF924DF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1BC4A06-191C-4AA0-87CF-AB8EEF49F25F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4FCD0E0E-B424-4FC7-BF2E-B1EC7D6B05BE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_2.2 Toolbar
Key Found : HKLM\Software\Productivity_2.2

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\prefs.js ]

Line Found : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1NTI2NTM4MCwidXVpZCI6MTExOTE4NzE3NTkzMjM5LCJzZXFfaWQiOjQ3LCJzc2IiOjEzNTExODAwMjV9");
Line Found : user_pref("CT3220468.BT_Usage.enc", "eyJ1dWlkIjoxMTE5MTg3MTc1OTMyMzksInNlcV9pZCI6Mn0=");
Line Found : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA==");
Line Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.Facebook_Mode", "2");
Line Found : user_pref("CT3220468.Facebook_User_Locale", "en");
Line Found : user_pref("CT3220468.FirstTime", "true");
Line Found : user_pref("CT3220468.FirstTimeFF3", "true");
Line Found : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Line Found : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Found : user_pref("CT3220468.RevertSettingsEnabled", true);
Line Found : user_pref("CT3220468.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3220468.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3220468.SF_USER_ID.enc", "Y2lkXzMwNTIwMTMxMDE1NDQyMDk5NTky");
Line Found : user_pref("CT3220468.UserID", "UN35267562732629514");
Line Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3220468.autoDisableScopes", -1);
Line Found : user_pref("CT3220468.cb_experience_000.enc", "MTA3NQ==");
Line Found : user_pref("CT3220468.cb_firstuse0100.enc", "MQ==");
Line Found : user_pref("CT3220468.cb_user_id_000.enc", "Q0IyODgxOTIzMDYxOTdfMTM2NDIyMDEyNjAzMV9GaXJlZm94");
Line Found : user_pref("CT3220468.cbcountry_001.enc", "R0I=");
Line Found : user_pref("CT3220468.cbfirsttime.enc", "VGh1IE9jdCAyNSAyMDEyIDE2OjQ3OjAzIEdNVCswMTAwIChHTVQgRGF5bGlnaHQgVGltZSk=");
Line Found : user_pref("CT3220468.countryCode", "GB");
Line Found : user_pref("CT3220468.defaultSearch", "FALSE");
Line Found : user_pref("CT3220468.enableAlerts", "always");
Line Found : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Found : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Line Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3220468.fixUrls", true);
Line Found : user_pref("CT3220468.fullUserID", "UN35267562732629514.UP.20130701182713");
Line Found : user_pref("CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L),savelocation=0,closeone[...]
Line Found : user_pref("CT3220468.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsc2F2ZXJlc2l6ZWRzaXplPTAsdGl0bGViYXI9MCxjbG9zZW9uZXh0ZXJuYWxjbGljaz0xLHNhdmVsb2NhdGlvbj0wLG9wZW5wb3NpdGlvbj1vZmZ[...]
Line Found : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0,resizable=no,scrollbars=no,titlebar=yes,saveresizedsize=no");
Line Found : user_pref("CT3220468.installId", "fftB071.tmp.exe");
Line Found : user_pref("CT3220468.installType", "XPE");
Line Found : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3220468.isNewTabEnabled", true);
Line Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN35267562732629514&SSPV=&Lay=1&UM=\"}");
Line Found : user_pref("CT3220468.lastVersion", "10.16.70.505");
Line Found : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM3MzE4MzU4MjExMw==");
Line Found : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Found : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI0NGM3NjZhMi1hYjQ4LTQyM2EtOGM0NC02ZjUyZjc1OWYyNzQiLCJ[...]
Line Found : user_pref("CT3220468.mam_gk_currentBadgeValue.enc", "MQ==");
Line Found : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Line Found : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM3MzE4MzU4MzIwNw==");
Line Found : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3220468.mam_gk_newApps.enc", "W10=");
Line Found : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTk1XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiR0IiLCJpc1dlbGNvbWVFeHBlc[...]
Line Found : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3220468.mam_gk_userId.enc", "ZjU5NTdkMGQtNzZmMS00ZTJmLWJmNDEtNjY5NjQ1ZTE5ZmU3");
Line Found : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");
Line Found : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bbc.co.uk%2Fiplayer%2Fepisode%2Fb00wyh2k%2FSmart_People%2F\",\"EB_MAIN_FRAME_TITLE\":\"B[...]
Line Found : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.openThankYouPage", "true");
Line Found : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Found : user_pref("CT3220468.search.searchCount", "0");
Line Found : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.searchSuggestEnabledByUser", "false");
Line Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1377192221094");
Line Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1373144671979");
Line Found : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1357382797195");
Line Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1373184815937");
Line Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372617244809");
Line Found : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1372595525205");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353267134036");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358373177197");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364381716458");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359634902630");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361191241296");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363196637287");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1372631645161");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372366001023");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374868542861");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377192221944");
Line Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372617244876");
Line Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1377192221089");
Line Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1377192220938");
Line Found : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1363178727570");
Line Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372617244943");
Line Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1377192221615");
Line Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1377192221929");
Line Found : user_pref("CT3220468.settingsINI", true);
Line Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3220468.showToolbarPermission", "false");
Line Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Found : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Found : user_pref("CT3220468.smartbar.isHidden", true);
Line Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Found : user_pref("CT3220468.toolbarBornServerTime", "25-10-2012");
Line Found : user_pref("CT3220468.toolbarCurrentServerTime", "22-8-2013");
Line Found : user_pref("CT3220468.toolbarLoginClientTime", "Wed Mar 13 2013 21:46:59 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Line Found : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL2JpdC5seS8xMWxXVHBROjo6Y2xpY2toYW5kbGVyOjo6MTM3MzExNjAyMzMxMywsLGh0dHA6Ly9iaXQubHkvMTFsV1RwUTo6OmNsaWNraGFuZGxlcjo6OjEzNzMxMTYwMjMzMjMsLCxodHRwczov[...]
Line Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1377192097708,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.avg.com/?d=4dd6974c&i=23&tp=ab&nt=1&q=");
Line Found : user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions[...]

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [22618 octets] - [27/08/2013 14:49:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22679 octets] ##########

#28
godawgs

Posted 27 August 2013 - 11:22 AM

Teacher

Retired Staff
8,228 posts

Thanks for the logs. Let's set the files and folders to be seen. We will hide them again after we are done.

Step-1

Show Hidden Files and Folders

Click the Start Orb. Click Computer.
On the next window, at the top of the window, click Tools then click Folder Options.
On the Folder Options window click the View tab.
Under the Files and Folders section:
Make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
Also make sure that Hide protected system operating files(recommended) is un-checked.
Also make sure the Hide extensions for known file types box is un-checked.

After this run please let me know how the computer is running.

Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner

Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Scan button and wait for the scan.
Everything left checked will be deleted.
When the scan ends, a report appears. If the report doesn't appear automatically, click the Report button.
Once done it will ask to reboot, allow this
On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-3.

Scan with JRT:

Posted Image

Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Right click the JRT.exe file and click Run as Administrator to run the application.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

NOTE: Reboot the machine and ensure that all security software is now enabled.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. How is the computer running?

#29
Feather24

Posted 28 August 2013 - 07:40 AM

Member

Topic Starter
Member
251 posts

Hello I'm posting the results of Re-run Adwcleaner as it didn't go exactly as you mentioned.

Ok, I ran it - it then stated it was pending as before, I just clicked the report button and got the report posted below. It didn't ask for a restart so not sure if that is important or not, should I re-start before going on?

You said that a re-boot log would be produced, I guess this is different from the report from adwcleaner.

Please advise.

# AdwCleaner v3.001 - Report created 28/08/2013 at 14:32:39
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Frances - FRANCES-PC
# Running from : C:\Users\Frances\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\\invalidprefs.js
File Found : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\searchplugins\Askcom.xml
File Found : C:\Users\Frances\Desktop\Uninstall.exe
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found : C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found : C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\Extensions\[email protected]
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Productivity_2.2
Folder Found C:\Program Files\Productivity_2.2
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\InstallMate
Folder Found C:\Users\Frances\AppData\Local\cre
Folder Found C:\Users\Frances\AppData\Local\PackageAware
Folder Found C:\Users\Frances\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Frances\AppData\LocalLow\Conduit
Folder Found C:\Users\Frances\AppData\LocalLow\PriceGong
Folder Found C:\Users\Frances\AppData\LocalLow\Productivity_2.2
Folder Found C:\Users\Frances\AppData\LocalLow\Productivity_2.2
Folder Found C:\Users\Frances\AppData\LocalLow\ShoppingReport2
Folder Found C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\Smartbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Productivity_2.2
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4FCD0E0E-B424-4FC7-BF2E-B1EC7D6B05BE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCD0E0E-B424-4FC7-BF2E-B1EC7D6B05BE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Interface\
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10E4F011-3AB3-4018-A8CC-9E775AF924DF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1BC4A06-191C-4AA0-87CF-AB8EEF49F25F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4FCD0E0E-B424-4FC7-BF2E-B1EC7D6B05BE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_2.2 Toolbar
Key Found : HKLM\Software\Productivity_2.2

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\prefs.js ]

Line Found : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1NTI2NTM4MCwidXVpZCI6MTExOTE4NzE3NTkzMjM5LCJzZXFfaWQiOjQ3LCJzc2IiOjEzNTExODAwMjV9");
Line Found : user_pref("CT3220468.BT_Usage.enc", "eyJ1dWlkIjoxMTE5MTg3MTc1OTMyMzksInNlcV9pZCI6Mn0=");
Line Found : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA==");
Line Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.Facebook_Mode", "2");
Line Found : user_pref("CT3220468.Facebook_User_Locale", "en");
Line Found : user_pref("CT3220468.FirstTime", "true");
Line Found : user_pref("CT3220468.FirstTimeFF3", "true");
Line Found : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Line Found : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Found : user_pref("CT3220468.RevertSettingsEnabled", true);
Line Found : user_pref("CT3220468.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3220468.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3220468.SF_USER_ID.enc", "Y2lkXzMwNTIwMTMxMDE1NDQyMDk5NTky");
Line Found : user_pref("CT3220468.UserID", "UN35267562732629514");
Line Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3220468.autoDisableScopes", -1);
Line Found : user_pref("CT3220468.cb_experience_000.enc", "MTA3NQ==");
Line Found : user_pref("CT3220468.cb_firstuse0100.enc", "MQ==");
Line Found : user_pref("CT3220468.cb_user_id_000.enc", "Q0IyODgxOTIzMDYxOTdfMTM2NDIyMDEyNjAzMV9GaXJlZm94");
Line Found : user_pref("CT3220468.cbcountry_001.enc", "R0I=");
Line Found : user_pref("CT3220468.cbfirsttime.enc", "VGh1IE9jdCAyNSAyMDEyIDE2OjQ3OjAzIEdNVCswMTAwIChHTVQgRGF5bGlnaHQgVGltZSk=");
Line Found : user_pref("CT3220468.countryCode", "GB");
Line Found : user_pref("CT3220468.defaultSearch", "FALSE");
Line Found : user_pref("CT3220468.enableAlerts", "always");
Line Found : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Found : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Line Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3220468.fixUrls", true);
Line Found : user_pref("CT3220468.fullUserID", "UN35267562732629514.UP.20130701182713");
Line Found : user_pref("CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L),savelocation=0,closeone[...]
Line Found : user_pref("CT3220468.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsc2F2ZXJlc2l6ZWRzaXplPTAsdGl0bGViYXI9MCxjbG9zZW9uZXh0ZXJuYWxjbGljaz0xLHNhdmVsb2NhdGlvbj0wLG9wZW5wb3NpdGlvbj1vZmZ[...]
Line Found : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0,resizable=no,scrollbars=no,titlebar=yes,saveresizedsize=no");
Line Found : user_pref("CT3220468.installId", "fftB071.tmp.exe");
Line Found : user_pref("CT3220468.installType", "XPE");
Line Found : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3220468.isNewTabEnabled", true);
Line Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN35267562732629514&SSPV=&Lay=1&UM=\"}");
Line Found : user_pref("CT3220468.lastVersion", "10.16.70.505");
Line Found : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM3MzE4MzU4MjExMw==");
Line Found : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Found : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI0NGM3NjZhMi1hYjQ4LTQyM2EtOGM0NC02ZjUyZjc1OWYyNzQiLCJ[...]
Line Found : user_pref("CT3220468.mam_gk_currentBadgeValue.enc", "MQ==");
Line Found : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Line Found : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM3MzE4MzU4MzIwNw==");
Line Found : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3220468.mam_gk_newApps.enc", "W10=");
Line Found : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTk1XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiR0IiLCJpc1dlbGNvbWVFeHBlc[...]
Line Found : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3220468.mam_gk_userId.enc", "ZjU5NTdkMGQtNzZmMS00ZTJmLWJmNDEtNjY5NjQ1ZTE5ZmU3");
Line Found : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");
Line Found : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bbc.co.uk%2Fiplayer%2Fepisode%2Fb00wyh2k%2FSmart_People%2F\",\"EB_MAIN_FRAME_TITLE\":\"B[...]
Line Found : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.openThankYouPage", "true");
Line Found : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Found : user_pref("CT3220468.search.searchCount", "0");
Line Found : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.searchSuggestEnabledByUser", "false");
Line Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1377192221094");
Line Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1373144671979");
Line Found : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1357382797195");
Line Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1373184815937");
Line Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372617244809");
Line Found : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1372595525205");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353267134036");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358373177197");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364381716458");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359634902630");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361191241296");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363196637287");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1372631645161");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372366001023");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374868542861");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377192221944");
Line Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372617244876");
Line Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1377192221089");
Line Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1377192220938");
Line Found : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1363178727570");
Line Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372617244943");
Line Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1377192221615");
Line Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1377192221929");
Line Found : user_pref("CT3220468.settingsINI", true);
Line Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3220468.showToolbarPermission", "false");
Line Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Found : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Found : user_pref("CT3220468.smartbar.isHidden", true);
Line Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Found : user_pref("CT3220468.toolbarBornServerTime", "25-10-2012");
Line Found : user_pref("CT3220468.toolbarCurrentServerTime", "22-8-2013");
Line Found : user_pref("CT3220468.toolbarLoginClientTime", "Wed Mar 13 2013 21:46:59 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Line Found : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL2JpdC5seS8xMWxXVHBROjo6Y2xpY2toYW5kbGVyOjo6MTM3MzExNjAyMzMxMywsLGh0dHA6Ly9iaXQubHkvMTFsV1RwUTo6OmNsaWNraGFuZGxlcjo6OjEzNzMxMTYwMjMzMjMsLCxodHRwczov[...]
Line Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1377192097708,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.avg.com/?d=4dd6974c&i=23&tp=ab&nt=1&q=");
Line Found : user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions[...]

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [22760 octets] - [27/08/2013 14:49:06]
AdwCleaner[R1].txt - [22679 octets] - [28/08/2013 14:32:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [22740 octets] ##########

#30
Feather24

Posted 28 August 2013 - 08:00 AM

Member

Topic Starter
Member
251 posts

Hello, I've downloaded the JRT.

also I have taken a look at the link to disable my AVG 2013, it only covers up to AVG 2011 version however I've taken a look and if I go into options, then advanced settings and there is one option to temp disable AVG, I can't apply it however I can " ok" it.

I noticed in the instructions to restore it for 2011 they were more detailed. So I'm assuming if will give me the option to change it back and restore the AVG.

Ok once I hear back about the reboot, I can complete the scan.

thanks