Hi everyone, I downloaded Winrar yesterday to unzip some files. Big mistake. Delta search took over my Google search, and showing ads on what looks like Google search page. I ran Speedy PC Pro, malwarebytes, and the little bugger is still there. Deleted in Programs and Features Delta Toolbar, Browser Protect, Delta Chrome Toolbar. Any help is greatly appreciated.
Help removing Delta search virus
- Thread starter Sammie
- Start date
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi and welcome to MalwareTips! 
I'm Fiery and I would gladly assist you in removing the malware on your computer.
Before we start:
<hr>
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Post the log afterwards.
Please download Junkware Removal Tool to your desktop from here
I'm Fiery and I would gladly assist you in removing the malware on your computer.
Before we start:
- Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
- Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
- Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
- Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
- The absence of symptoms does not mean your PC is fully disinfected.
- If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
- Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.
<hr>
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Post the log afterwards.
Please download Junkware Removal Tool to your desktop from here
- Turn off your antivirus software now to avoid potential conflicts
- Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
- The tool will open and start scanning your system
- Please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
- Post the contents of JRT.txt into your next reply
Fiery said:Hi and welcome to MalwareTips!
I'm Fiery and I would gladly assist you in removing the malware on your computer.
Before we start:
- Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
- Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
- Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
- Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
- The absence of symptoms does not mean your PC is fully disinfected.
- If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
- Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.
<hr>
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Post the log afterwards.
Please download Junkware Removal Tool to your desktop from here
- Turn off your antivirus software now to avoid potential conflicts
- Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
- The tool will open and start scanning your system
- Please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
- Post the contents of JRT.txt into your next reply
Hi Fiery,
Took 2 re boots, but finally go a browser to load.
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E4E1D33-8898-4CB4-84C3-6A3C12FF2F86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E4E1D33-8898-4CB4-84C3-6A3C12FF2F86}\ not found.
Prefs.js: "Delta Search" removed from browser.search.selectedEngine
File C:\Users\frys\AppData\Roaming\mozilla\firefox\profiles\4q2oclfw.default\searchplugins\delta.xml not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{332da758-86ac-11de-8f62-00214fb4eeae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{332da758-86ac-11de-8f62-00214fb4eeae}\ not found.
File I:\setupSNK.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\frys\Downloads\cmd.bat deleted successfully.
C:\Users\frys\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temporary Internet Files folder emptied: 33109 bytes
->Flash cache emptied: 57616 bytes
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: frys
->Temp folder emptied: 143918999 bytes
->Temporary Internet Files folder emptied: 109650757 bytes
->Java cache emptied: 341782720 bytes
->FireFox cache emptied: 77781747 bytes
->Google Chrome cache emptied: 6099312 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2659 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9557088 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 657.00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 03202013_072331
Files\Folders moved on Reboot...
C:\Users\frys\AppData\Local\Temp\CitrixLogs\gotomeeting\1133\G2MOutlookAddin.log moved successfully.
C:\Users\frys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7980128C-5594-433F-96B6-AAB4C29C2627}.tmp moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Took 2 re boots, but finally go a browser to load.
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E4E1D33-8898-4CB4-84C3-6A3C12FF2F86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E4E1D33-8898-4CB4-84C3-6A3C12FF2F86}\ not found.
Prefs.js: "Delta Search" removed from browser.search.selectedEngine
File C:\Users\frys\AppData\Roaming\mozilla\firefox\profiles\4q2oclfw.default\searchplugins\delta.xml not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{332da758-86ac-11de-8f62-00214fb4eeae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{332da758-86ac-11de-8f62-00214fb4eeae}\ not found.
File I:\setupSNK.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\frys\Downloads\cmd.bat deleted successfully.
C:\Users\frys\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temporary Internet Files folder emptied: 33109 bytes
->Flash cache emptied: 57616 bytes
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: frys
->Temp folder emptied: 143918999 bytes
->Temporary Internet Files folder emptied: 109650757 bytes
->Java cache emptied: 341782720 bytes
->FireFox cache emptied: 77781747 bytes
->Google Chrome cache emptied: 6099312 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2659 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9557088 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 657.00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 03202013_072331
Files\Folders moved on Reboot...
C:\Users\frys\AppData\Local\Temp\CitrixLogs\gotomeeting\1133\G2MOutlookAddin.log moved successfully.
C:\Users\frys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7980128C-5594-433F-96B6-AAB4C29C2627}.tmp moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Fiery
Level 1
- Jan 11, 2011
- 2,007
Please download Junkware Removal Tool to your desktop from here
Please download AdwCleaner by Xplode onto your desktop.
- Turn off your antivirus software now to avoid potential conflicts
- Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
- The tool will open and start scanning your system
- Please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
- Post the contents of JRT.txt into your next reply
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
- Click delete
- Please post the content of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt
JRT info
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by frys on Thu 03/21/2013 at 6:46:17.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value]
hkey_current_user\software\microsoft\internet
explorer\main\\Start Page
Successfully repaired: [Registry Value]
hkey_users\.default\software\microsoft\internet
explorer\main\\Start Page
Successfully repaired: [Registry Value]
hkey_users\s-1-5-18\software\microsoft\internet
explorer\main\\Start Page
Successfully repaired: [Registry Value]
hkey_users\s-1-5-19\software\microsoft\internet
explorer\main\\Start Page
Successfully repaired: [Registry Value]
hkey_users\s-1-5-20\software\microsoft\internet
explorer\main\\Start Page
Successfully repaired: [Registry Value]
hkey_users\S-1-5-21-4070889914-930609290-
1560759438-1000\software\microsoft\internet
explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key]
hkey_local_machine\software\conduit
Failed to delete: [Registry Key]
hkey_current_user\software\datamngr
Failed to delete: [Registry Key]
hkey_local_machine\software\datamngr
Failed to delete: [Registry Key]
hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key]
hkey_current_user\software\igearsettings
Successfully deleted: [Registry Key]
hkey_current_user\software\appdatalow\software\c
rossrider
Successfully deleted: [Registry Key]
hkey_current_user\software\appdatalow\software\s
martbar
Successfully deleted: [Registry Key]
hkey_local_machine\software\classes\prod.cap
Failed to delete: [Registry Key]
hkey_local_machine\software\wow6432node\data
mngr
Successfully deleted: [Registry Key]
hkey_classes_root\clsid\{7f6afbf1-e065-4627-
a2fd-810366367d01}
Successfully deleted: [Registry Key]
hkey_local_machine\software\microsoft\windows\c
urrentversion\explorer\browser helper
objects\{7f6afbf1-e065-4627-a2fd-
810366367d01}
Successfully deleted: [Registry Key]
hkey_classes_root\clsid\{d824f0de-3d60-4f57-
9eb1-66033ecd8abb}
Successfully deleted: [Registry Key]
hkey_current_user\software\microsoft\internet
explorer\searchscopes\{afbcb7e0-f91a-4951-
9f31-58fee57a25c4}
~~~ Files
~~~ Folders
Successfully deleted: [Folder]
"C:\ProgramData\anti-phishing domain advisor"
Successfully deleted: [Folder]
"C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder]
"C:\ProgramData\speedypc software"
Successfully deleted: [Folder]
"C:\ProgramData\tarma installer"
Successfully deleted: [Folder]
"C:\ProgramData\wecarereminder"
Successfully deleted: [Folder]
"C:\Users\frys\AppData\Roaming\drivercure"
Successfully deleted: [Folder]
"C:\Users\frys\AppData\Roaming\speedypc
software"
Successfully deleted: [Folder]
"C:\Users\frys\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Program Files
(x86)\free ride games"
Successfully deleted: [Folder] "C:\Program Files
(x86)\speedypc software"
Successfully deleted: [Folder] "C:\Program Files
(x86)\Common Files\speedypc software"
Successfully deleted: [Folder]
"C:\Users\frys\AppData\Roaming\microsoft\windo
ws\start menu\programs\speedypc software"
Successfully deleted: [Folder]
"C:\ProgramData\ask"
~~~ FireFox
Successfully deleted: [File]
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\user.js
Successfully deleted: [File]
"C:\Users\frys\AppData\Roaming\mozilla\firefox\pr
ofiles\4q2oclfw.default\extensions\jid0-
W5zY771zDsu5o7dTJ8KHm38w1xs@jetpack.xpi"
Successfully deleted: [File]
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\searchplugins\askcom.xml
Successfully deleted: [File]
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\searchplugins\delta.xml
Successfully deleted: [Folder]
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\extensions\crossriderapp21
154@crossrider.com
Successfully deleted the following from
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\prefs.js
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList",
"");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref
("Smartbar.SearchFromAddressBarSavedUrl",
"hxxps://isearch.avg.com/search?cid=%
7Bdba681dc-ddc1-46bd-af58-6cfa91507393%
7D&mid=2c2b52eb046947d1b89dd1680950075
d-6c834201
user_pref("Smartbar.keywordURLSelectedCTID",
"");
user_pref("extensions.crossrider.bic",
"13d034dfc4a2a78456f7760b278e9c0b");
user_pref
("extensions.crossriderapp21154.21154.Installatio
nTime", 1361560075);
user_pref
("extensions.crossriderapp21154.21154.active",
true);
user_pref
("extensions.crossriderapp21154.21154.addressb
ar", "");
user_pref
("extensions.crossriderapp21154.21154.addressb
arenhanced", "");
user_pref
("extensions.crossriderapp21154.21154.backgrou
ndjs",
"\n\n/******************************************************
******************************\n This is your backgr
user_pref
("extensions.crossriderapp21154.21154.backgrou
ndver", 23);
user_pref
("extensions.crossriderapp21154.21154.can_run_
bg_code", true);
user_pref
("extensions.crossriderapp21154.21154.certdoma
ininstaller", "");
user_pref
("extensions.crossriderapp21154.21154.changepr
evious", false);
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_channels.expiration", "Fri Feb 01
2030 00:00:00 GMT-0800 (Pacific Standard
Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_channels.value", "%7B%
22app0%22%3A%22app0%22%2C%
22app21154%22%3A%22app21154%22%2C%
22US%22%3A%22US%22%7
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_css.expiration", "Thu Mar 21 2013
13:02:15 GMT-0700 (Pacific Daylight Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_css.value", "%22.%
25CSSClass%25%20%7B%5Cn%5Ctdisplay%
3Anone%3B%5Cn%7D%5Cn%5Cn.%
25CSSClass%25-top-left%
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_geolocation.expiration", "Fri Mar
22 2013 12:08:05 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_geolocation.value", "%22US%
22");
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_metadata.expiration", "Thu Mar 21
2013 13:02:15 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_metadata.value", "%7B%
22appId%22%3A21154%2C%22appName%
22%3A%22FollowScout%22%2C%
22lastMessageId%22%3A0
user_pref
("extensions.crossriderapp21154.21154.cookie.In
stallationTime.expiration", "Fri Feb 01 2030
00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.In
stallationTime.value", "1361560075");
user_pref
("extensions.crossriderapp21154.21154.cookie.tri
gger.expiration", "Fri Feb 01 2030 00:00:00 GMT
-0800 (Pacific Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.tri
gger.value", "0");
user_pref
("extensions.crossriderapp21154.21154.descripti
on", "We make it easy to follow a collection of
websites, companies or entire online markets that
interest you. Simply
user_pref
("extensions.crossriderapp21154.21154.domain",
"");
user_pref
("extensions.crossriderapp21154.21154.enablese
arch", false);
user_pref
("extensions.crossriderapp21154.21154.fbremote
url", "");
user_pref
("extensions.crossriderapp21154.21154.group",
0);
user_pref
("extensions.crossriderapp21154.21154.homepag
e", "");
user_pref
("extensions.crossriderapp21154.21154.iframe",
false);
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_appVer.expiration", "Fri Feb 01 2030
00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_appVer.value", "85");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_lastVersion.expiration", "Fri Feb 01
2030 00:00:00 GMT-0800 (Pacific Standard
Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_lastVersion.value", "30");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_meta.expiration", "Fri Feb 01 2030
00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_meta.value", "%7B%
22followscout.css%22%3A%7B%22id%22%
3A92587%2C%22ver%22%3A30%2C%
22status%22%3A1%2C%22name%
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_nextCheck.expiration", "Thu Mar 21
2013 12:09:37 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_nextCheck.value", "true");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_queue.expiration", "Fri Feb 01 2030
00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_queue.value", "%7B%7D");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_remote_resources.expiration", "Fri
Feb 01 2030 00:00:00 GMT-0800 (Pacific
Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_remote_resources.value", "%7B%
22remoteId%22%3A0%7D");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92587.expiration", "Wed
Jun 19 2013 06:11:15 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92587.value", "%
22@media%20print%20%7B%5Cn%
5Ct.crossrider-sidebar-21155-container%2C%
5Cn%5Ct.cross
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92589.expiration", "Thu
May 23 2013 12:07:56 GMT-0700 (Pacific
Daylight Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92589.value", "%22data%
3Aimage/png%3Bbase64%
2CiVBORw0KGgoAAAANSUhEUgAAABwAAAB
QCAIAAACF9YLUAAAACXBI
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92590.expiration", "Wed
Jun 19 2013 06:09:32 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92590.value", "%22data%
3Aimage/png%3Bbase64%
2CiVBORw0KGgoAAAANSUhEUgAAABMAAAAT
CAYAAAByUDbMAAAACXBI
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92591.expiration", "Thu
May 23 2013 12:23:13 GMT-0700 (Pacific
Daylight Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92591.value", "%22data%
3Aimage/png%3Bbase64%
2CiVBORw0KGgoAAAANSUhEUgAAABkAAAAZ
CAYAAADE6YVjAAAACXBI
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92592.expiration", "Wed
Jun 19 2013 06:09:32 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92592.value", "%22data%
3Aimage/png%3Bbase64%
2CiVBORw0KGgoAAAANSUhEUgAAABkAAAAZ
CAYAAADE6YVjAAAACXBI
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92593.expiration", "Thu
May 23 2013 12:07:56 GMT-0700 (Pacific
Daylight Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92593.value", "%
22@media%20print%20%7B%5Cn%
5Ct.crossrider-sidebar-21155-container%2C%
5Cn%5Ct.cross
user_pref
("extensions.crossriderapp21154.21154.js", "\n\n
/************************************************************
************************\n This is your Page Code.
The
user_pref
("extensions.crossriderapp21154.21154.manifestu
rl", "");
user_pref
("extensions.crossriderapp21154.21154.name",
"FollowScout");
user_pref
("extensions.crossriderapp21154.21154.newtab",
"");
user_pref
("extensions.crossriderapp21154.21154.opensear
ch", "");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_1.code", "appAPI._cr_config=
{appID:function(){var a=appAPI.appInfo;if(a){return
appAPI.appInfo.id;}else{return ap
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_1.name", "base");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_1.ver", 4);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_13.code", "(function(a)
{a.selectedText=function(e,c){function d(){if
(window.getSelection){return window.getSelect
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_13.name", "CrossriderAppUtils");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_13.ver", 2);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_14.code", "if(typeof(appAPI)
===\"undefined\"){appAPI={};}var
CR__bIsIEWindow=false;if(typeof window!
==\"undefined
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_14.name", "CrossriderUtils");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_14.ver", 2);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_16.code", "if((typeof
isBackground===\"undefined\"||isBackground!
=true)&&(typeof _firefoxVersion!==\"undefined\"&
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_16.name", "FFAppAPIWrapper");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_16.ver", 5);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_17.code", "if(typeof window!==\"undefined\")
{\n/*!\n * jQuery JavaScript Library v1.4.2\n *
hxxp://jquery.com/\n
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_17.name", "jQuery");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_17.ver", 3);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_21.code", "var CrossriderDebugManager=
(function(h){var f=
{appId:appAPI._cr_config.appID
(),url:appAPI._cr_config.d
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_21.name", "debug");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_21.ver", 3);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_22.code", "(function(a)
{appAPI.queueManager={queue:
[],register:function(b){this.queue.push
(b);}};appAPI.ready=fun
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_22.name", "resources");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_22.ver", 2);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_28.code", "var CrossriderInitializerPlugin=
(function(e){var c=
{appId:appAPI._cr_config.appID()},b,g=new
e.Deferre
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_28.name", "initializer");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_28.ver", 2);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_4.code", "var jQuery = $jquery_171 = $jquery
= null;\n\nif (document && typeof
document.getElementById !== \"unde
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_4.name", "jquery_1_7_1");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_4.ver", 3);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_47.code", "(function()
{appAPI.ready=function(a)
{appAPI.resources.isReady(a);};}());var
CrossRiderResourcesManager
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_47.name", "resources_background");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_47.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_5.code", "(function(f){f.ui=f.ui||{};var
e=/left|center|right/,d=/top|center|bottom/,b=f.fn.p
osition,a=f.fn.offse
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_5.name", "notifications");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_5.ver", 3);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_6.code", "appAPI.sidebar=(function(x){var
B=
{url:appAPI._cr_config.sidebar,env:appAPI.appInf
o.environment===\"sta
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_6.name", "sidebar");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_6.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_64.code", "(function(){var
h=\"__CR_EMPTY_CHANNEL__\";var d=function
(j){return(typeof j===\"object\"&&j!==null);}
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_64.name", "appApiMessage");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_64.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_7.code", "appAPI.hooks=
{$:$jquery_171,hooks:{},addHook:function(a,b)
{this.hooks[a]=b},removeHook:function(a){dele
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_7.name", "hooks");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_7.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_72.code", "if
(appAPI.__should_activate_validation__===true)
{(function(){var k={};var f=appAPI.appInfo.name;var
l=
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_72.name", "appApiValidation");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_72.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_78.code", "if(typeof jQuery!
==\"undefined\"&&(jQuery)&&typeof navigator!
==\"undefined\"&&typeof navigator.userAge
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_78.name", "CrossriderInfo");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_78.ver", 2);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_9.code", "appAPI.hooks.addHook
(\"searchEngine\",(function(a){return function(){var
f={keyDelay:1000},e,h;return{i
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_9.name", "search_engine_hook");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_9.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins_li
sts.plugins_0", "4,14,78,16,64,47,72");
user_pref
("extensions.crossriderapp21154.21154.plugins_li
sts.plugins_1",
"17,14,78,13,16,64,4,1,21,22,72,7,9,5,6,28");
user_pref
("extensions.crossriderapp21154.21154.plugins_li
sts.plugins_5", "4,14,78,13,16,64,47,72");
user_pref
("extensions.crossriderapp21154.21154.pluginsurl
", "hxxp://app-
static.crossrider.com/plugin/apps/21154/plugins/0
88/ff/plugins.json");
user_pref
("extensions.crossriderapp21154.21154.pluginsve
rsion", 26);
user_pref
("extensions.crossriderapp21154.21154.publisher
", "Wes Mahler");
user_pref
("extensions.crossriderapp21154.21154.searchsta
tus", 0);
user_pref
("extensions.crossriderapp21154.21154.setnewta
b", false);
user_pref
("extensions.crossriderapp21154.21154.settingsur
l", "");
user_pref
("extensions.crossriderapp21154.21154.thankyou"
, "hxxp://followscout.com/thank_you.php");
user_pref
("extensions.crossriderapp21154.21154.updateint
erval", 360);
user_pref
("extensions.crossriderapp21154.21154.ver", 85);
user_pref("extensions.crossriderapp21154.apps",
"21154");
user_pref("extensions.crossriderapp21154.bic",
"13d034dfc4a2a78456f7760b278e9c0b");
user_pref("extensions.crossriderapp21154.cid",
21154);
user_pref
("extensions.crossriderapp21154.firstrun", false);
user_pref
("extensions.crossriderapp21154.hadappinstalled"
, true);
user_pref
("extensions.crossriderapp21154.installationdate",
1361560075);
user_pref
("extensions.crossriderapp21154.lastcheck",
22731190);
user_pref
("extensions.crossriderapp21154.lastcheckitem",
22731191);
user_pref
("extensions.crossriderapp21154.modetype",
"production");
user_pref
("extensions.crossriderapp21154.reportInstall",
true);
user_pref
("extensions.crossriderapp21154.statsDailyCount
er", 22);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4
-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id",
"36f4324600000000000000215deab8c2");
user_pref("extensions.delta.instlDay", "15782");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs",
"1.8.10.013:22:50");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref
("extensions.toolbar.mindspark._49Members_.ho
mepage",
"hxxp://home.mywebsearch.com/index.jhtml?
ptb=54968876-F316-43AB-83E5-
A882FC8C2734&n=77fc4999&p2=^ZO^xdm036^
YY^us
user_pref
("extensions.toolbar.mindspark._49Members_.initi
alized", true);
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.contextKey", "");
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.installDate", "2013022617");
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.partnerId", "^ZO^xdm036^YY^us");
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.partnerSubId", "pd");
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.success", true);
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.toolbarId", "54968876-F316-43AB-83E5-
A882FC8C2734");
user_pref
("extensions.toolbar.mindspark._49Members_.last
ActivePing", "1361926932143");
user_pref
("extensions.toolbar.mindspark._49Members_.opti
ons.defaultSearch", false);
user_pref
("extensions.toolbar.mindspark._49Members_.opti
ons.homePageEnabled", false);
user_pref
("extensions.toolbar.mindspark._49Members_.opti
ons.keywordEnabled", false);
user_pref
("extensions.toolbar.mindspark._49Members_.opti
ons.tabEnabled", false);
user_pref
("extensions.toolbar.mindspark._49Members_.wea
ther.location", "90001");
user_pref
("extensions.toolbar.mindspark.lastInstalled",
"utilitychest@mindspark.com");
user_pref
("extentions.y2layers.defaultEnableAppsList",
"Buzzdock,Buzzdock,");
user_pref("extentions.y2layers.installId",
"c00ee662-4faf-47a2-a2f4-dd3b8dfa3f16");
Emptied folder:
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\minidumps [22 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/21/2013 at
7:00:32.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by frys on Thu 03/21/2013 at 6:46:17.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value]
hkey_current_user\software\microsoft\internet
explorer\main\\Start Page
Successfully repaired: [Registry Value]
hkey_users\.default\software\microsoft\internet
explorer\main\\Start Page
Successfully repaired: [Registry Value]
hkey_users\s-1-5-18\software\microsoft\internet
explorer\main\\Start Page
Successfully repaired: [Registry Value]
hkey_users\s-1-5-19\software\microsoft\internet
explorer\main\\Start Page
Successfully repaired: [Registry Value]
hkey_users\s-1-5-20\software\microsoft\internet
explorer\main\\Start Page
Successfully repaired: [Registry Value]
hkey_users\S-1-5-21-4070889914-930609290-
1560759438-1000\software\microsoft\internet
explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key]
hkey_local_machine\software\conduit
Failed to delete: [Registry Key]
hkey_current_user\software\datamngr
Failed to delete: [Registry Key]
hkey_local_machine\software\datamngr
Failed to delete: [Registry Key]
hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key]
hkey_current_user\software\igearsettings
Successfully deleted: [Registry Key]
hkey_current_user\software\appdatalow\software\c
rossrider
Successfully deleted: [Registry Key]
hkey_current_user\software\appdatalow\software\s
martbar
Successfully deleted: [Registry Key]
hkey_local_machine\software\classes\prod.cap
Failed to delete: [Registry Key]
hkey_local_machine\software\wow6432node\data
mngr
Successfully deleted: [Registry Key]
hkey_classes_root\clsid\{7f6afbf1-e065-4627-
a2fd-810366367d01}
Successfully deleted: [Registry Key]
hkey_local_machine\software\microsoft\windows\c
urrentversion\explorer\browser helper
objects\{7f6afbf1-e065-4627-a2fd-
810366367d01}
Successfully deleted: [Registry Key]
hkey_classes_root\clsid\{d824f0de-3d60-4f57-
9eb1-66033ecd8abb}
Successfully deleted: [Registry Key]
hkey_current_user\software\microsoft\internet
explorer\searchscopes\{afbcb7e0-f91a-4951-
9f31-58fee57a25c4}
~~~ Files
~~~ Folders
Successfully deleted: [Folder]
"C:\ProgramData\anti-phishing domain advisor"
Successfully deleted: [Folder]
"C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder]
"C:\ProgramData\speedypc software"
Successfully deleted: [Folder]
"C:\ProgramData\tarma installer"
Successfully deleted: [Folder]
"C:\ProgramData\wecarereminder"
Successfully deleted: [Folder]
"C:\Users\frys\AppData\Roaming\drivercure"
Successfully deleted: [Folder]
"C:\Users\frys\AppData\Roaming\speedypc
software"
Successfully deleted: [Folder]
"C:\Users\frys\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Program Files
(x86)\free ride games"
Successfully deleted: [Folder] "C:\Program Files
(x86)\speedypc software"
Successfully deleted: [Folder] "C:\Program Files
(x86)\Common Files\speedypc software"
Successfully deleted: [Folder]
"C:\Users\frys\AppData\Roaming\microsoft\windo
ws\start menu\programs\speedypc software"
Successfully deleted: [Folder]
"C:\ProgramData\ask"
~~~ FireFox
Successfully deleted: [File]
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\user.js
Successfully deleted: [File]
"C:\Users\frys\AppData\Roaming\mozilla\firefox\pr
ofiles\4q2oclfw.default\extensions\jid0-
W5zY771zDsu5o7dTJ8KHm38w1xs@jetpack.xpi"
Successfully deleted: [File]
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\searchplugins\askcom.xml
Successfully deleted: [File]
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\searchplugins\delta.xml
Successfully deleted: [Folder]
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\extensions\crossriderapp21
154@crossrider.com
Successfully deleted the following from
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\prefs.js
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList",
"");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref
("Smartbar.SearchFromAddressBarSavedUrl",
"hxxps://isearch.avg.com/search?cid=%
7Bdba681dc-ddc1-46bd-af58-6cfa91507393%
7D&mid=2c2b52eb046947d1b89dd1680950075
d-6c834201
user_pref("Smartbar.keywordURLSelectedCTID",
"");
user_pref("extensions.crossrider.bic",
"13d034dfc4a2a78456f7760b278e9c0b");
user_pref
("extensions.crossriderapp21154.21154.Installatio
nTime", 1361560075);
user_pref
("extensions.crossriderapp21154.21154.active",
true);
user_pref
("extensions.crossriderapp21154.21154.addressb
ar", "");
user_pref
("extensions.crossriderapp21154.21154.addressb
arenhanced", "");
user_pref
("extensions.crossriderapp21154.21154.backgrou
ndjs",
"\n\n/******************************************************
******************************\n This is your backgr
user_pref
("extensions.crossriderapp21154.21154.backgrou
ndver", 23);
user_pref
("extensions.crossriderapp21154.21154.can_run_
bg_code", true);
user_pref
("extensions.crossriderapp21154.21154.certdoma
ininstaller", "");
user_pref
("extensions.crossriderapp21154.21154.changepr
evious", false);
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_channels.expiration", "Fri Feb 01
2030 00:00:00 GMT-0800 (Pacific Standard
Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_channels.value", "%7B%
22app0%22%3A%22app0%22%2C%
22app21154%22%3A%22app21154%22%2C%
22US%22%3A%22US%22%7
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_css.expiration", "Thu Mar 21 2013
13:02:15 GMT-0700 (Pacific Daylight Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_css.value", "%22.%
25CSSClass%25%20%7B%5Cn%5Ctdisplay%
3Anone%3B%5Cn%7D%5Cn%5Cn.%
25CSSClass%25-top-left%
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_geolocation.expiration", "Fri Mar
22 2013 12:08:05 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_geolocation.value", "%22US%
22");
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_metadata.expiration", "Thu Mar 21
2013 13:02:15 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.Cr
ossriderNotifier_metadata.value", "%7B%
22appId%22%3A21154%2C%22appName%
22%3A%22FollowScout%22%2C%
22lastMessageId%22%3A0
user_pref
("extensions.crossriderapp21154.21154.cookie.In
stallationTime.expiration", "Fri Feb 01 2030
00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.In
stallationTime.value", "1361560075");
user_pref
("extensions.crossriderapp21154.21154.cookie.tri
gger.expiration", "Fri Feb 01 2030 00:00:00 GMT
-0800 (Pacific Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.cookie.tri
gger.value", "0");
user_pref
("extensions.crossriderapp21154.21154.descripti
on", "We make it easy to follow a collection of
websites, companies or entire online markets that
interest you. Simply
user_pref
("extensions.crossriderapp21154.21154.domain",
"");
user_pref
("extensions.crossriderapp21154.21154.enablese
arch", false);
user_pref
("extensions.crossriderapp21154.21154.fbremote
url", "");
user_pref
("extensions.crossriderapp21154.21154.group",
0);
user_pref
("extensions.crossriderapp21154.21154.homepag
e", "");
user_pref
("extensions.crossriderapp21154.21154.iframe",
false);
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_appVer.expiration", "Fri Feb 01 2030
00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_appVer.value", "85");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_lastVersion.expiration", "Fri Feb 01
2030 00:00:00 GMT-0800 (Pacific Standard
Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_lastVersion.value", "30");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_meta.expiration", "Fri Feb 01 2030
00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_meta.value", "%7B%
22followscout.css%22%3A%7B%22id%22%
3A92587%2C%22ver%22%3A30%2C%
22status%22%3A1%2C%22name%
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_nextCheck.expiration", "Thu Mar 21
2013 12:09:37 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_nextCheck.value", "true");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_queue.expiration", "Fri Feb 01 2030
00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_queue.value", "%7B%7D");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_remote_resources.expiration", "Fri
Feb 01 2030 00:00:00 GMT-0800 (Pacific
Standard Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_remote_resources.value", "%7B%
22remoteId%22%3A0%7D");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92587.expiration", "Wed
Jun 19 2013 06:11:15 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92587.value", "%
22@media%20print%20%7B%5Cn%
5Ct.crossrider-sidebar-21155-container%2C%
5Cn%5Ct.cross
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92589.expiration", "Thu
May 23 2013 12:07:56 GMT-0700 (Pacific
Daylight Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92589.value", "%22data%
3Aimage/png%3Bbase64%
2CiVBORw0KGgoAAAANSUhEUgAAABwAAAB
QCAIAAACF9YLUAAAACXBI
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92590.expiration", "Wed
Jun 19 2013 06:09:32 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92590.value", "%22data%
3Aimage/png%3Bbase64%
2CiVBORw0KGgoAAAANSUhEUgAAABMAAAAT
CAYAAAByUDbMAAAACXBI
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92591.expiration", "Thu
May 23 2013 12:23:13 GMT-0700 (Pacific
Daylight Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92591.value", "%22data%
3Aimage/png%3Bbase64%
2CiVBORw0KGgoAAAANSUhEUgAAABkAAAAZ
CAYAAADE6YVjAAAACXBI
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92592.expiration", "Wed
Jun 19 2013 06:09:32 GMT-0700 (Pacific Daylight
Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92592.value", "%22data%
3Aimage/png%3Bbase64%
2CiVBORw0KGgoAAAANSUhEUgAAABkAAAAZ
CAYAAADE6YVjAAAACXBI
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92593.expiration", "Thu
May 23 2013 12:07:56 GMT-0700 (Pacific
Daylight Time)");
user_pref
("extensions.crossriderapp21154.21154.internaldb
.Resources_resource_92593.value", "%
22@media%20print%20%7B%5Cn%
5Ct.crossrider-sidebar-21155-container%2C%
5Cn%5Ct.cross
user_pref
("extensions.crossriderapp21154.21154.js", "\n\n
/************************************************************
************************\n This is your Page Code.
The
user_pref
("extensions.crossriderapp21154.21154.manifestu
rl", "");
user_pref
("extensions.crossriderapp21154.21154.name",
"FollowScout");
user_pref
("extensions.crossriderapp21154.21154.newtab",
"");
user_pref
("extensions.crossriderapp21154.21154.opensear
ch", "");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_1.code", "appAPI._cr_config=
{appID:function(){var a=appAPI.appInfo;if(a){return
appAPI.appInfo.id;}else{return ap
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_1.name", "base");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_1.ver", 4);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_13.code", "(function(a)
{a.selectedText=function(e,c){function d(){if
(window.getSelection){return window.getSelect
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_13.name", "CrossriderAppUtils");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_13.ver", 2);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_14.code", "if(typeof(appAPI)
===\"undefined\"){appAPI={};}var
CR__bIsIEWindow=false;if(typeof window!
==\"undefined
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_14.name", "CrossriderUtils");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_14.ver", 2);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_16.code", "if((typeof
isBackground===\"undefined\"||isBackground!
=true)&&(typeof _firefoxVersion!==\"undefined\"&
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_16.name", "FFAppAPIWrapper");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_16.ver", 5);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_17.code", "if(typeof window!==\"undefined\")
{\n/*!\n * jQuery JavaScript Library v1.4.2\n *
hxxp://jquery.com/\n
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_17.name", "jQuery");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_17.ver", 3);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_21.code", "var CrossriderDebugManager=
(function(h){var f=
{appId:appAPI._cr_config.appID
(),url:appAPI._cr_config.d
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_21.name", "debug");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_21.ver", 3);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_22.code", "(function(a)
{appAPI.queueManager={queue:
[],register:function(b){this.queue.push
(b);}};appAPI.ready=fun
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_22.name", "resources");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_22.ver", 2);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_28.code", "var CrossriderInitializerPlugin=
(function(e){var c=
{appId:appAPI._cr_config.appID()},b,g=new
e.Deferre
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_28.name", "initializer");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_28.ver", 2);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_4.code", "var jQuery = $jquery_171 = $jquery
= null;\n\nif (document && typeof
document.getElementById !== \"unde
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_4.name", "jquery_1_7_1");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_4.ver", 3);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_47.code", "(function()
{appAPI.ready=function(a)
{appAPI.resources.isReady(a);};}());var
CrossRiderResourcesManager
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_47.name", "resources_background");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_47.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_5.code", "(function(f){f.ui=f.ui||{};var
e=/left|center|right/,d=/top|center|bottom/,b=f.fn.p
osition,a=f.fn.offse
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_5.name", "notifications");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_5.ver", 3);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_6.code", "appAPI.sidebar=(function(x){var
B=
{url:appAPI._cr_config.sidebar,env:appAPI.appInf
o.environment===\"sta
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_6.name", "sidebar");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_6.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_64.code", "(function(){var
h=\"__CR_EMPTY_CHANNEL__\";var d=function
(j){return(typeof j===\"object\"&&j!==null);}
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_64.name", "appApiMessage");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_64.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_7.code", "appAPI.hooks=
{$:$jquery_171,hooks:{},addHook:function(a,b)
{this.hooks[a]=b},removeHook:function(a){dele
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_7.name", "hooks");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_7.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_72.code", "if
(appAPI.__should_activate_validation__===true)
{(function(){var k={};var f=appAPI.appInfo.name;var
l=
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_72.name", "appApiValidation");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_72.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_78.code", "if(typeof jQuery!
==\"undefined\"&&(jQuery)&&typeof navigator!
==\"undefined\"&&typeof navigator.userAge
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_78.name", "CrossriderInfo");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_78.ver", 2);
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_9.code", "appAPI.hooks.addHook
(\"searchEngine\",(function(a){return function(){var
f={keyDelay:1000},e,h;return{i
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_9.name", "search_engine_hook");
user_pref
("extensions.crossriderapp21154.21154.plugins.pl
ugin_9.ver", 1);
user_pref
("extensions.crossriderapp21154.21154.plugins_li
sts.plugins_0", "4,14,78,16,64,47,72");
user_pref
("extensions.crossriderapp21154.21154.plugins_li
sts.plugins_1",
"17,14,78,13,16,64,4,1,21,22,72,7,9,5,6,28");
user_pref
("extensions.crossriderapp21154.21154.plugins_li
sts.plugins_5", "4,14,78,13,16,64,47,72");
user_pref
("extensions.crossriderapp21154.21154.pluginsurl
", "hxxp://app-
static.crossrider.com/plugin/apps/21154/plugins/0
88/ff/plugins.json");
user_pref
("extensions.crossriderapp21154.21154.pluginsve
rsion", 26);
user_pref
("extensions.crossriderapp21154.21154.publisher
", "Wes Mahler");
user_pref
("extensions.crossriderapp21154.21154.searchsta
tus", 0);
user_pref
("extensions.crossriderapp21154.21154.setnewta
b", false);
user_pref
("extensions.crossriderapp21154.21154.settingsur
l", "");
user_pref
("extensions.crossriderapp21154.21154.thankyou"
, "hxxp://followscout.com/thank_you.php");
user_pref
("extensions.crossriderapp21154.21154.updateint
erval", 360);
user_pref
("extensions.crossriderapp21154.21154.ver", 85);
user_pref("extensions.crossriderapp21154.apps",
"21154");
user_pref("extensions.crossriderapp21154.bic",
"13d034dfc4a2a78456f7760b278e9c0b");
user_pref("extensions.crossriderapp21154.cid",
21154);
user_pref
("extensions.crossriderapp21154.firstrun", false);
user_pref
("extensions.crossriderapp21154.hadappinstalled"
, true);
user_pref
("extensions.crossriderapp21154.installationdate",
1361560075);
user_pref
("extensions.crossriderapp21154.lastcheck",
22731190);
user_pref
("extensions.crossriderapp21154.lastcheckitem",
22731191);
user_pref
("extensions.crossriderapp21154.modetype",
"production");
user_pref
("extensions.crossriderapp21154.reportInstall",
true);
user_pref
("extensions.crossriderapp21154.statsDailyCount
er", 22);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4
-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id",
"36f4324600000000000000215deab8c2");
user_pref("extensions.delta.instlDay", "15782");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs",
"1.8.10.013:22:50");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref
("extensions.toolbar.mindspark._49Members_.ho
mepage",
"hxxp://home.mywebsearch.com/index.jhtml?
ptb=54968876-F316-43AB-83E5-
A882FC8C2734&n=77fc4999&p2=^ZO^xdm036^
YY^us
user_pref
("extensions.toolbar.mindspark._49Members_.initi
alized", true);
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.contextKey", "");
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.installDate", "2013022617");
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.partnerId", "^ZO^xdm036^YY^us");
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.partnerSubId", "pd");
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.success", true);
user_pref
("extensions.toolbar.mindspark._49Members_.inst
allation.toolbarId", "54968876-F316-43AB-83E5-
A882FC8C2734");
user_pref
("extensions.toolbar.mindspark._49Members_.last
ActivePing", "1361926932143");
user_pref
("extensions.toolbar.mindspark._49Members_.opti
ons.defaultSearch", false);
user_pref
("extensions.toolbar.mindspark._49Members_.opti
ons.homePageEnabled", false);
user_pref
("extensions.toolbar.mindspark._49Members_.opti
ons.keywordEnabled", false);
user_pref
("extensions.toolbar.mindspark._49Members_.opti
ons.tabEnabled", false);
user_pref
("extensions.toolbar.mindspark._49Members_.wea
ther.location", "90001");
user_pref
("extensions.toolbar.mindspark.lastInstalled",
"utilitychest@mindspark.com");
user_pref
("extentions.y2layers.defaultEnableAppsList",
"Buzzdock,Buzzdock,");
user_pref("extentions.y2layers.installId",
"c00ee662-4faf-47a2-a2f4-dd3b8dfa3f16");
Emptied folder:
C:\Users\frys\AppData\Roaming\mozilla\firefox\pro
files\4q2oclfw.default\minidumps [22 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/21/2013 at
7:00:32.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner results
AdwCleaner v2.115 - Logfile created 03/21/2013 at 07:16:18
# Updated 17/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : frys - SAMMIE
# Boot Mode : Normal
# Running from : C:\Users\frys\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Users\frys\AppData\Roaming\Mozilla\Firefox\Profiles\4q2oclfw.default\jetpack
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\frys\AppData\Roaming\Mozilla\Firefox\Profiles\4q2oclfw.default\searchplugins\safesearch.xml
***** [Registry] *****
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\58088ddb73ee847
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\58088ddb73ee847
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Users\frys\AppData\Roaming\Mozilla\Firefox\Profiles\4q2oclfw.default\prefs.js
Deleted : user_pref("extensions.crossriderapp21154.21154.backgroundjs", "\n\n/********************************[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.js", "\n\n /****************************************[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_6.code", "appAPI.sidebar=(function(x){[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_7.code", "appAPI.hooks={$:$jquery_171,[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searc[...]
-\\ Google Chrome v25.0.1364.172
File : C:\Users\frys\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [5064 octets] - [21/03/2013 07:16:18]
########## EOF - C:\AdwCleaner[S1].txt - [5124 octets] ##########
AdwCleaner v2.115 - Logfile created 03/21/2013 at 07:16:18
# Updated 17/03/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : frys - SAMMIE
# Boot Mode : Normal
# Running from : C:\Users\frys\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Users\frys\AppData\Roaming\Mozilla\Firefox\Profiles\4q2oclfw.default\jetpack
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\frys\AppData\Roaming\Mozilla\Firefox\Profiles\4q2oclfw.default\searchplugins\safesearch.xml
***** [Registry] *****
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\58088ddb73ee847
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\58088ddb73ee847
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Users\frys\AppData\Roaming\Mozilla\Firefox\Profiles\4q2oclfw.default\prefs.js
Deleted : user_pref("extensions.crossriderapp21154.21154.backgroundjs", "\n\n/********************************[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.js", "\n\n /****************************************[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_6.code", "appAPI.sidebar=(function(x){[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_7.code", "appAPI.hooks={$:$jquery_171,[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21154.21154.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searc[...]
-\\ Google Chrome v25.0.1364.172
File : C:\Users\frys\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [5064 octets] - [21/03/2013 07:16:18]
########## EOF - C:\AdwCleaner[S1].txt - [5124 octets] ##########
Hi Fiery,
Everything is back to working!
In the mean time I purchased a new Windows 8 laptop. It has Norton. What virus protection would you suggest?
Thank you so much for the help.
Sammie
Everything is back to working!
In the mean time I purchased a new Windows 8 laptop. It has Norton. What virus protection would you suggest?
Thank you so much for the help.
Sammie
Fiery
Level 1
- Jan 11, 2011
- 2,007
If you are no longer experiencing any other issues, your PC is now clean!
Double click on OTL to run it
Also, open adwCleaner and click Uninstall
Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.
For Vista
Create a restore point
Delete all but the most recent restore point
Keep your system updated
Please go to control panel and uninstall the following:
Java(TM) 6 Update 38
Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:
I also recommend you to switch your antivirus program to a better one. Here are some suggestions:
In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.
Other steps that you may want to do to further protect your system/files:
Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.
Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.
Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.
Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.
Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.
Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask
Double click on OTL to run it
- Click on the Cleanup button at the top.
- You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
- This will remove itself and other tools we may have used.
Also, open adwCleaner and click Uninstall
Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.
For Vista
Create a restore point
Delete all but the most recent restore point
Keep your system updated
Please go to control panel and uninstall the following:
Java(TM) 6 Update 38
Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:
- Download and install Update Checker. It will notify you if any of your programs require an update.
I also recommend you to switch your antivirus program to a better one. Here are some suggestions:
- avast! 8 Free Antivirus - Don't use it with Online Armor
- Avira AntiVir Personal
- BitDefender Antivirus Free Edition
- Microsoft Security Essentials
In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.
- Online Armor
- Comodo Firewall - If you are an advance user
- ZoneAlarm Free Firewall
- PC Tool Firewall Plus
Other steps that you may want to do to further protect your system/files:
- Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
- Backup important files regulary to an external hard-drive or USB
Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.
Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.
Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.
Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
- KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
- AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
- NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
- Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites
Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.
Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.
Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask
My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
Similar threads
- Locked
- Locked
