trojan agent/gen-fraud pak, adware couponbar, etc

[Ghost]

hi all,
my sister inlaws laptop is infected bad.
dds scan will not run. i tried in safe mode and it locks up the pc just as it does in normal mode.
Results of screen317's Security Check version 0.99.71 
Windows XP Service Pack 3 x86   
Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled! 
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
SUPERAntiSpyware     
Malwarebytes Anti-Malware version 1.75.0.1300 
CCleaner     
Java 7 Update 25 
Adobe Flash Player    11.7.700.224 
Adobe Reader 10.1.7 Adobe Reader out of Date! 
Mozilla Firefox (22.0)
Google Chrome 28.0.1500.72 
Google Chrome 28.0.1500.95 
````````Process Check: objlist.exe by Laurent````````[/u] 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````[/u]

thanks,
Ghost

[Corrine]

Hi, Ghost.

Let's see if RKill will kill the processes that are preventing DDS from running.  Note:  If you are unable to download the file from your sister-in-law's computer, please download it from yours and transfer it to her desktop.

1.  Please restart your computer in Safe Mode with Networking. (To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.) 

2.  Without restarting the computer, please download Rkill by Grinler and save it to your desktop.

• Link 1
  
• Link 2
  

• Double-click on the Rkill desktop icon to run the tool.  Note:  For Windows Vista or Windows 7, please right-click and select "Run As Administrator".
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  
• If the tool does not run from any of the links provided, please let me know.
  

Note:  Do not restart the computer, or you will need to run the application again.

[Ghost]

hi Corrine;-),
i see the tech shop i took this to to fix the dsl turned off 3 services. ill turn them back on as soon as you say "do it";-)
RKill produced a log:
Rkill 2.5.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/04/2013 01:11:50 AM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys : 91,776 : 06/21/2009 11:48 PM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/21/2009 11:30 PM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/04/2004 00:00 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 06:39 AM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/21/2009 11:48 PM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/04/2013 01:12:57 AM
Execution time: 0 hours(s), 1 minute(s), and 7 seconds(s)

thanks,
Ghost

[Corrine]

Hi, Ghost.

Go ahead and restart those services.  However, if you restart, you'll need to run RKill again if still unable to run DDS. 

[Ghost]

hi Corrine;-),
i just checked and those services are running and set correctly. hummmm.
still in safe mode w/networking and will attempt to run dds again.
the last time i tried to wait out the dds scan i shut it down after 55 mins but will wait till i get 2 notepads or 1 1/2 hrs. ya it shouldnt take no where near that long but.......
thanks,
Ghost

[Corrine]

Hi, Ghost.

Something else is definitely going on.  If you haven't canceled DDS, please do so and see if OTL works.

Please download OTL by Old Timer.  Save it to your Desktop.

• Right click on OTL.exe select "Run As Administrator" to run it.  If prompted by UAC, please allow it.
  
• Click the Scan All Users checkbox.
  Leave the remaining selections to the default settings.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened, maximized
    
  • Extras.txt <-- Will be minimized on task bar.
• Please post the contents of both OTL.txt and Extras.txt files in your next reply.

In the event OTL also won't complete, I think it is time for a boot scan.  Instructions are available here for running Windows Defender Offline.  You will need a writable CD or DVD or a USB stick so you can "write" (save) Windows Defender Offline to it and boot your computer from that media to scan.

[Ghost]

hi Corrine;-),
OTL freezes while scanning firefox settings soooo its defender offline.
later,
Ghost

[Ghost]

hi Corrine;-)
well offline defender ran a quick scan and then i set it for a full scan but found nothing on either scan.
avira antivirus picked up ADSPY/superfish.a and quarintined it. i couldnt shutdown the scan;-(.
tried a fresh d/l of dds and still the same results;-(
thanks,
Ghost

[Corrine]

Your sister-in-law didn't mention seeing any "fake" security windows did she?  Nothing about locked/encrypted files?  If so, that is a different story and there is a completely different tool to use.  There is recovery from some of these trojans but there are a couple of variants that I read about that there is no recovery from. 

If the above does not apply, since each vendor has different things in detection as well as differing removal, there are additional tools that can be tried: 

1.  Kaspersky Rescue Disk:  Download and instructions are available here:  Kaspersky Rescue Disk 10.

2.  Emsisoft Anti-Malware:  Download and save the Emsisoft Anti-Malware setup program to your desktop from here:  http://www.emsisoft.com/en/software/antimalware/download/

Note:  This is a large file so please be patient.  After the download has been completed, please do the following:

• Double-click on the EmsisoftAntiMalwareSetup.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.
  
• If there is an alert about safe mode, please click on the Yes button to continue.  Select the language you wish to use and press the OK button.
  
• On the "Licensing" screen, select the "Freeware mode" link located below the "I have a license" box.
  
• Make any selections you wish on the screen about Emsisoft's Anti-Malware network and click Next.
  
• Be patient while the definitions are updated.
  
• Click on the Clean computer now button.
  
• At the display a screen asking what type of scan you would like to perform, select the Deep Scan option and then click on the Scan button.
  
• Please be patient while Emsisoft Anti-Malware scans your computer as this will take some time.
  
• When the scan has finished, click on the Quarantine Selected Objects button.
  
• Restart your computer into the normal Windows mode.

3.  Here's one I expect you are familiar with, the Linux LiveCD called Trinity Rescue Kit which can be used to retrieve files from dead/dying/infected computers, and to also do some virus scanning as well as removing passwords, etc.  You can get it from here:  Trinity Rescue Kit. 

The reason I've thrown Trinity Rescue Kit into the mix is because RKill didn't find any malicious processes to stop and the findings so far have not indicated a serious infection, it may be time to back up any important files from her computer and consider a reformat. 

[Ghost]

Your sister-in-law didn't mention seeing any "fake" security windows did she?  Nothing about locked/encrypted files?  If so, that is a different story and there is a completely different tool to use.  There is recovery from some of these trojans but there are a couple of variants that I read about that there is no recovery from.

not a word. just that it is running very slow, which it is.
alright ill do the kaspersky Rescue Disk 10 and the  Emsisoft Anti-Malware.
ill do them in reverse order;-).
back later or if after 10pm, tomorrow mid morning;-)
thanks,
Ghost

[Corrine]

Ok, Ghost.  Although I prefer to see a log first, but considering the state of the computer, you could also try ComboFix.

[Ghost]

morning corrine;-),
i have to work till around 11 but wanted to let you know that emsisoft found 3 items of Funwebs in program files. it quarentined 2 of the 3 but left one.
sorry but i could not get a log from emsisoft;-(.
thanks,
Ghost

[Corrine]

Since they're quick to run, let's see what AdwCleaner and Junkware Tool can do.

Please download AdwCleaner by Xplode to your Desktop.

• Double-click AdwCleaner.exe to run the tool.
  
• Click Delete.
  
• Everything that was found will be deleted.
  
• Save any open files and approve the reboot.  A text file will open after the restart.
  
• Please post the contents of that logfile with your next reply.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

Please download Junkware Removal Tool to your desktop.

• Disable your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

[Ghost]

hi Corrine;-)
here are the 2 scans you requested.
# AdwCleaner v2.306 - Logfile created 08/04/2013 at 11:45:48
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - 1LWHQ71-B7B7DDF
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : APNMCP

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\searchplugins\my-web-search.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\searchplugins\web-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
File Deleted : C:\WINDOWS\system32\roboot.exe
Folder Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Iminent
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Iminent
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\2vffxtbr@DailyBibleGuide.com
Folder Deleted : C:\Documents and Settings\User\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\User\Start Menu\Programs\SpecialSavings
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\webbooster@iminent.com
Folder Deleted : C:\Program Files\searchcore toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\SpecialSavings
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{13C8734A-1AD2-4500-9F65-10D99AD80F54}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.MMServer.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01BB6254-5E89-4C53-BEF1-4D1656B09B86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E948448-E97B-4864-8177-546200709672}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A93B530D-2B18-48C7-9F3C-281679403372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.TinyUrl.TinyfyingArgs.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.TinyUrl.TinyfyingArgs.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.TinyUrl.TinyfyingArgs.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.TinyUrl.TinyfyingArgs.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.TinyUrl.TinyfyingArgs.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.TinyUrl.UrlTinyfier
Key Deleted : HKLM\SOFTWARE\Classes\IminentMMServer.ACPlayer
Key Deleted : HKLM\SOFTWARE\Classes\IminentMMServer.ACPlayer.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.Web2IMBHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.Web2IMBHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{425F621C-217C-40AD-B22F-4EFCFF452800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMBooster
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SpecialSavings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchcore Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\058A75F0530072D4E859C70AA2818117
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AA77A0E3444EC541BBCD48692C317B8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B4750D705E2564409328D661F3A08E1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1207FF8E29787074DBF1631962426ED6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13AF5BE1C2AB371478878B2823461EE5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\197282B5F4B1E5B498A123F82408BCB4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D3F206BCC144D42ABB51733F5796D9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2413AAF3A8ED66348BE7121E5A2E827B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2654A71E1418DAC4090C7901580FD8EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26E983F1377593143A37E3BA1C65CB74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2804E3F268A038047A6DBC3D6B683AB8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FA3D433C85C9E443B26831E4C8FF14C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3376BCEE7B988B1479EAD5B9E005C196
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C036A97566BFD147A3318BA9E8EA65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CC84F27D09408149894EC0F9A7C017F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DFE98E88510E164BAEB93FEC90C0B7E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3F9914A29678F134B8E1B2491B363A7E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FC85E129E476D04589CA057175F765D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43A67B987BA46E240B157C831FB92B91
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\448C618B57C70E117B3F6D96844210B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45C85CA4603306B4CA03E4DA88D63693
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47F3A7B639EEFBA48A353E6DB81CDAB8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48DAC45F5D980084B812254F6AEA1992
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49CCDE0D720A11E558E8F420D5214004
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BDFB2601A205D344828E68FC902CAE9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D3369C318C97F54AB67CB4A65D3EB38
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56166EFB330274F42A4D9710E40C360C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B40A2356092A8C4AA765627F1F2E991
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5CCFDC6078351D94CB09575DC69D992D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63618DB75A04D2A4398E45A4B3D71229
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69A050D657C70E11799BE496844210B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A103C5F719737648B1595A40D11DE7A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FE97B877AD340357889062DCDFBB90D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70F0ACE7C58262F4D9DA1405DF29D18E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FE11B7AAF78D345804291BFE78C364
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E46B162F500394448D80F2AC06C5D6D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7EDD8299A9895394C83E366FCEEE1238
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F9A42E3F57E51247A96D2AE110699EF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FC742FDF56CEF34187F7E2409C8C8FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\828BE4CD8E808C54D88EDEC8E321084B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84571833A639B4E4D9DB61E856F1EC5D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\888694313EE5F2F4388C2BEFAA195A26
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90A79AC2CF30A8754B06BA3AB71F4EBD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\944C9845BA5D84243BFC87D29EC4467E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95A74604EA33DD34783DFF15E24020B7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95C0E0DB493D0DA48B06782C753D310E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D010CDB0C7815A48A7F780C5F8AACA7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8DC1DDFD2192F146BDDD77050E8CBE9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8E973205523610489D4FAF293067BDD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9707C12E601038499650326417373A8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFEEBDA8013CAA74C8052DC06F9F22D8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8D516096626CA54D9F668649A2853F3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC9E23D617F12294F902F3203101D797
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD137F4B7323E4D5C821337C573207B2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD2782089D2F43245857544EDD4B96CA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD872CA6C0B495D46BDCEDB8AEEB9BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1F935070581EB943B256571C1701991
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C60757068B2313744A9B2FCFDD83BAE4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC063FFF6402E614191D191F0DE5C5B4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCA2C1687DEBD8D488E3F32A45AA83F2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD206B5A40CE34A4BBB1393E080CA4F7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD5606D2856AC1F43B06EED615FFEAB0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D1693DDEFACFD9A42ADF9771199AFAB0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5D1A1AB900F2A14E8AC79C72F0C8D87
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D7AD8C118D9B8944EBB442B596359B0B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA83EE7C5F53F1C4BB0433C5EB774410
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB51229DD92E1A54D8770C0FF3D06646
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC0344BC1C4A0BF4C910E9B1BD54B903
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF87D19F07B03754F8494F0331904609
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0E168292A210CF4CACE8F8077BB62D5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E2D842F49B7D0EF49A147514A5C016F7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E38F52CC94B17734F8B1525DFC172EAA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3CD1FC4B4FD8A1429151B6AD5848D11
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E9053FE1513E93C4694135E0EDC58A73
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAF089146183CEA438BE73699CF76A9F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EBC0E6C057C70E115A6C4986844210B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F18FD125C322BC84286AD21D8B685F2F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C8F66181D6DDD488BB6F772F71324A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6AC20B4950133653A7299DA8FEC712D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA51BB1A358792344BBEFB62B87EA471
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FAB1BA39E221F8A47B8CC0DC83B4DA5A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE1C720C8D1FE474A9C916F0CF5068A1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE37D1FDBAB3DAE488921F01B8BD83AE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchcore Toolbar
Key Deleted : HKLM\Software\SearchcoreMediabarTb
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AF6AC4F2-9825-4FB6-A600-92BC5361F209}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "");
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "");
Deleted : user_pref("extensions.sahtb.searchEngineNameCurrent", "Web Search");
Deleted : user_pref("extensions.sahtb.searchEngineNameOriginal", "Ask.com");
Deleted : user_pref("extensions.sahtb.searchEngineNameSAH", "Web Search");
Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"3[...]
Deleted : user_pref("extensions.toolbar.mindspark._2vMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [26562 octets] - [04/08/2013 11:45:48]

########## EOF - C:\AdwCleaner[S1].txt - [26623 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.2 (08.03.2013:1)
OS: Microsoft Windows XP x86
Ran by User on Sun 08/04/2013 at 11:52:28.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AE4610E7-1124-4E3D-B7A8-26BA1056C605}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\superfish@superfish.com
Successfully deleted the following from C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\rp33vbra.default\prefs.js

user_pref("extensions.toolbar.mindspark._2vMembers_.hp.user.defined", true);
user_pref("extensions.toolbar.mindspark._2vMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.installDate", "2012071513");
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerId", "XMxdm145YYus");
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerSubId", "GBYFB");
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.toolbarId", "8E6D9863-F19E-4B49-A9F7-452CD138FDCA");
user_pref("extensions.toolbar.mindspark._2vMembers_.lastActivePing", "1375659159254");
user_pref("extensions.toolbar.mindspark._2vMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._2vMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._2vMembers_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._2vMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._2vMembers_.searchHistory", "groszy||listia||pinterest||pinterest.com");
user_pref("extensions.toolbar.mindspark._2vMembers_.weather.location", "71201");
user_pref("extensions.toolbar.mindspark.lastInstalled", "dailybibleguide@mindspark.com");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/04/2013 at 11:55:50.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

thanks,
Ghost

[Corrine]

Delete the copy of DDS you have and download a fresh copy and see if it will complete.  Note:  Don't bother leaving is longer than 10-15 minutes if there is no disk activity.  If it doesn't complete in that time, it won't complete.   

Please go here to run an on-line scan from ESET.

• Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
  
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic.