Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezing. Is it Malware?


  • Please log in to reply
5 replies to this topic

#1 Golden-Boy

Golden-Boy

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 17 June 2016 - 09:48 PM

Adware Cleaner Scan.
 
Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
I followed these instructions.  Here is the text file that opened up (below):
 
Did it get all the bad stuff?
 
 
 

# AdwCleaner v5.015 - Logfile created 29/10/2015 at 22:47:25
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Alex - ALEX-PC
# Running from : C:\Users\Alex\Downloads\adwcleaner_5.015.exe
# Option : Cleaning
# Support : hxxp://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\shdkwmhi.default\Extensions\staged\ffxtlbr@babylon.com
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0.localstorage-journal
[-] File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : ParetoLogic Update Version3_triggeronce
 
***** [ Registry ] *****
 
[!] Key Not Deleted : HKU\S-1-5-21-3551508168-3098577531-213513528-1003\Software\AppDataLow\Software\ButterscotchToolbar
[!] Key Not Deleted : HKU\S-1-5-21-3551508168-3098577531-213513528-1003\Software\AppDataLow\Software\Conduit
[!] Key Not Deleted : HKU\S-1-5-21-3551508168-3098577531-213513528-1003\Software\AppDataLow\Software\conduitEngine
[!] Key Not Deleted : HKU\S-1-5-21-3551508168-3098577531-213513528-1003\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5286BD18-0913-4CDD-9E95-79316A4B44F5}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-3551508168-3098577531-213513528-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5286BD18-0913-4CDD-9E95-79316A4B44F5}
[-] Data Restored : HKU\S-1-5-21-3551508168-3098577531-213513528-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-3551508168-3098577531-213513528-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
[!] Data Not Restored : HKU\S-1-5-21-3551508168-3098577531-213513528-1003\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-3551508168-3098577531-213513528-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\shdkwmhi.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=");
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bcjagnifjocnddgeknajocbkkhlgibem
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : klibnahbojhkanfgaglnlalfkgpcppfi
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://ca.search.yahoo.com/?type=994519&fr=spigot-yhp-ch
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4583 bytes] ##########
# AdwCleaner v5.200 - Logfile created 17/06/2016 at 22:43:36
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-17.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Alex - ALEX-PC
# Running from : C:\Users\Alex\Downloads\adwcleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum
 
***** [ Services ] *****
 
[-] Service Deleted : ReimageRealTimeProtector
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\rei
[-] Folder Deleted : C:\ProgramData\Reimage Protector
[#] Folder Deleted : C:\ProgramData\Application Data\Reimage Protector
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
[-] Folder Deleted : C:\Program Files\Reimage
[-] Folder Deleted : C:\Users\Alex\AppData\Local\VirtualStore\Program Files\otshot
[-] Folder Deleted : C:\Users\Alex\AppData\LocalLow\pandasecuritytb
[-] Folder Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\searchresults
[-] Folder Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\pandasecuritytb
[-] Folder Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
 
***** [ Files ] *****
 
[-] File Deleted : C:\Windows\Reimage.ini
[-] File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\searchplugins\Askcom.xml
[-] File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\searchplugins\MyStart Search.xml
[-] File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\searchplugins\SweetIm.xml
[-] File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
[-] File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal
[-] File Deleted : C:\user.js
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : ReimageUpdater
[-] Task Deleted : ReimageUpdater
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\jZip
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetup-r420-n-bc.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt
[-] Key Deleted : HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key Deleted : HKCU\Software\GreenTree Applications\YTD
[-] Key Deleted : HKLM\SOFTWARE\Reimage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxps://ca.search.yahoo.com/?type=994519&fr=spigot-yhp-ff");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossrider.bic", "138f830503328b25a927cc5e5d9e6df4");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1344193712);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeof _G[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 7);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0400 (Atlantic Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1344193712");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1344193712");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Wed Jan 02 2013 13:37:41 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Wed Jan 09 2013 08:26:04 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22CA%22");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1357151177");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221356061414%22");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0400 (Atlantic Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0400 (Atlantic Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0400 (Atlantic Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1346258216962");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0400 (Atlantic Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2263983%22");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0400 (Atlantic Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1346258206151");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.value", "%7B%22path%22%3A%22/index.php%22%2C%22host%22%3A%22www.ozchess.com.au%22%2C%22scheme%22%3A%22hxxp%22%7D");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "49");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Wed Jan 02 2013 14:26:04 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id}else{return appAPI.appID}}};$jquery.extend[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 3);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf(Array.prototype.indexOf=function(a){if(void 0===thisnull===this)throw new TypeError;var b=Object[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 10);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get(\"_[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 4);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};(function(){function f(n){return n<10?\"0\"+n:n}if(typeof Date.protot[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.name", "FacebookFFIE");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.ver", 1);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&typeo[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 4);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(g){var e={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return g.Class.ex[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function( B){this.queue.push( B)}};appAPI.ready=function(c, B){a.when.apply(null[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com  jquery.org/license */\n(function(a, B){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaul[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 1);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var j={};var e=appAPI.appInfo.name;var k=function(q,p,r){var o=\"[\"[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 1);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "17,14,16,64,72,47,1000015");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,13,16,15,64,72,4,1,21,22,1000014,28");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4479/plugins/086/ff/plugins.json");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 22);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 49);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.bic", "138f830503328b25a927cc5e5d9e6df4");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1344193712);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22618886);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22619193);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.crossriderapp4479@crossrider.com.install-event-fired", true);
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[-] [C:\Users\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\prefs.js] Deleted : user_pref("keyword.URL", "hxxp://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasecuritytb&v=4_3&idate=2015-07-25&ent=tb____campaignID___&mkt=us&u=57212BB6ADEC8698DCCFDB55B44F8164&q=");
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [36502 bytes] - [29/10/2015 22:47:25]
C:\AdwCleaner\AdwCleaner[C2].txt - [1784 bytes] - [02/11/2015 18:14:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [36131 bytes] - [29/10/2015 22:45:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [1685 bytes] - [02/11/2015 18:08:42]
C:\AdwCleaner\AdwCleaner[S3].txt - [1685 bytes] - [02/11/2015 18:13:24]
C:\AdwCleaner\AdwCleaner[S4].txt - [656 bytes] - [02/11/2015 18:17:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [36941 bytes] ##########


Edited by Queen-Evie, 18 June 2016 - 09:02 PM.
split from http://www.bleepingcomputer.com/forums/t/617244/downloaded-a-virus-now-i-get-constantly-redirected-to-tradeadexchange-com/


BC AdBot (Login to Remove)

 


#2 Golden-Boy

Golden-Boy
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 17 June 2016 - 10:07 PM

Also, I did the Junk Removal Tool.  Here is the text file for that:

 

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x86 
Ran by Alex (Administrator) on 17-Jun-16 at 22:51:11.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 44 
 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\extensions\ffxtlbr@incredibar.com (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\extensions\ffxtlbr@incredibar.com\content (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\extensions\ffxtlbr@incredibar.com\content\imgs (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\extensions\ffxtlbr@incredibar.com\content\imgs\flgs (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\searchplugins\delta.xml (File) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\Alex\AppData\Roaming\Mozilla\Profiles\nb8uijjt.Default User\user.js (File) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\shdkwmhi.default\extensions\staged (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NPQM3Z2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\226MRDZF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Q2FC01S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VC3JUR2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NID1FJF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A62I8TYE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBQHDSPL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BO8PDTYA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXSODYRK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBLUZURC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIPDUNAT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6VN3Q27 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NN5LJCZB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPIQOFOB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T91TRVTJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WBQXSWSC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPPOS0CZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNCMLWGD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NPQM3Z2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\226MRDZF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Q2FC01S (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VC3JUR2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NID1FJF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A62I8TYE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBQHDSPL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BO8PDTYA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXSODYRK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBLUZURC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIPDUNAT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6VN3Q27 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NN5LJCZB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPIQOFOB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T91TRVTJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WBQXSWSC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPPOS0CZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNCMLWGD (Temporary Internet Files Folder) 
 
 
 
Registry: 0


#3 Golden-Boy

Golden-Boy
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 18 June 2016 - 07:48 PM

Do you have the same www tradeadexchange com popups like I do?


No, my computer kept freezing up, so I just figured it was malware of some sort.

Edited by Queen-Evie, 18 June 2016 - 09:12 PM.
deleted unneccessary quote


#4 Golden-Boy

Golden-Boy
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 18 June 2016 - 07:49 PM

 

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

Hello inadequateinfirmity,

 

My computer seems much better now, faster and hasn't frozen up since I did the two steps above.  Are the additional steps required?



#5 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:04:17 AM

Posted 18 June 2016 - 09:26 PM

Is this a continuation of the your previous topic http://www.bleepingcomputer.com/forums/t/615649/getting-heathy-again-step-one-mini-toolbox/(which you replied in today?

Same computer? Same issue or different issue?

#6 Golden-Boy

Golden-Boy
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 19 June 2016 - 12:20 PM

Is this a continuation of the your previous topic http://www.bleepingcomputer.com/forums/t/615649/getting-heathy-again-step-one-mini-toolbox/(which you replied in today?

Same computer? Same issue or different issue?

 

Yup, all the same issue.  Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users