Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Dell - Popups when connected to internet


  • This topic is locked This topic is locked
25 replies to this topic

#1 jason70

jason70

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 25 May 2014 - 04:12 PM

Dell inspiron with Windows 7. Has lots of popups when connected to the internet.

 

Hijackthis log attached.

 

Thanks

 

Jason

 

Mod Edit:  Pasted HJT data into post - Hamluis.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:00:46 PM, on 5/25/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files (x86)\ArcadeWeb\tray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Users\Marilyn\AppData\Roaming\Betcat\WebCakeDesktop.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={812DC535-C60E-11E2-914D-A4BADBA4C8A5}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={812DC535-C60E-11E2-914D-A4BADBA4C8A5}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebCake Layers - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll
O2 - BHO: RapidFinda - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Marilyn\AppData\Local\RapidFinda\temp.dat
O2 - BHO: SearchDonkey - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SearchDonkey\IE\common.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101031154727.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ArcadeWeb Gaming Add-on - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - (no file)
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: DealCabby - {B4CB561C-8DBF-4356-9A31-28F022E0C697} - C:\Users\Marilyn\AppData\Local\dealcabby\ie\dealcabby_20121009101501.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Updater By SweetPacks Helper - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
O2 - BHO: LivingPlay - {D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {df22384f-cf68-4d19-969f-10423715528b} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - (no file)
O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrayIcRun] C:\Program Files (x86)\ArcadeWeb\tray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WebCake Desktop] C:\Users\Marilyn\AppData\Roaming\Betcat\WebCakeDesktop.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
O23 - Service: dlea_device -   - C:\Windows\system32\dleacoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision  - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater By SweetPacks - Unknown owner - C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WebCake Desktop Updater - cake bake - C:\Program Files (x86)\WBDesktop.Updater.1.0.0.17.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17476 bytes

 


Edited by hamluis, 25 May 2014 - 06:08 PM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:21 AM

Posted 26 May 2014 - 09:04 AM

Hi jason70

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
JRT.txt
AdwCleaner report
Both reports from FRST


Thanks.

BBPP6nz.png


#3 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 31 May 2014 - 08:45 AM

Just got back to a point I can work on this. I will follow the instructions and let you know. Sorry it took me so long to respond.



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:21 AM

Posted 31 May 2014 - 10:44 AM

Hi Jason,

That's fine, just post the reports when you get time.

BBPP6nz.png


#5 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 31 May 2014 - 09:06 PM

Here are the logs

 

Thanks,

Jason

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Marilyn on Sat 05/31/2014 at 20:44:37.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack
Failed to stop: [Service] ibupdaterservice
Successfully stopped: [Service] updater by sweetpacks
Successfully deleted: [Service] updater by sweetpacks
Failed to stop: [Service] webcake desktop updater



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\webcake desktop
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2117863956-4018225900-484196923-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetie.ietoolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetie.ietoolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetim_urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\toolbar3.sweetie
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\toolbar3.sweetie.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.layers
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.layers.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dealscout.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\webcakeieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricepeep
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2117863956-4018225900-484196923-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\playbryte
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\driverscanner_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\driverscanner_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\pricepeep
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{cd95d125-2992-4858-b3ef-5f6fb52fbad6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{dd85d6bf-4787-4a93-99a5-3f0cf0ae8834}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1460988
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3007394
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{66D576E9-CE29-4DF3-B982-E43C9D65CA70}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{84EB9B30-152D-4724-AAC1-F538A53057FE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}



~~~ Files

Successfully deleted: [File] "C:\Users\Public\Desktop\play more great games!.url"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Marilyn\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Marilyn\AppData\Roaming\betcat"
Successfully deleted: [Folder] "C:\Users\Marilyn\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\Marilyn\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Marilyn\AppData\Roaming\webcake"
Successfully deleted: [Folder] "C:\Users\Marilyn\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Marilyn\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Marilyn\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Marilyn\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\Marilyn\appdata\locallow\playbryte"
Successfully deleted: [Folder] "C:\Users\Marilyn\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Marilyn\appdata\locallow\totalrecipesearch_14"
Successfully deleted: [Folder] "C:\Users\Marilyn\appdata\locallow\totalrecipesearch_14ei"
Successfully deleted: [Folder] "C:\Program Files (x86)\babylon"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mybabylon_english"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\playbryte"
Successfully deleted: [Folder] "C:\Program Files (x86)\pricepeep"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchdonkey"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\webcake"
Successfully deleted: [Folder] "C:\Users\Marilyn\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"
Failed to delete: [Folder] "C:\Windows\syswow64\jmdp"
Successfully deleted: [Folder] "C:\Windows\syswow64\wnlt"
Failed to delete: [Folder] "C:\Windows\system32\jmdp"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Marilyn\appdata\local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Folder] C:\Users\Marilyn\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Folder] C:\Users\Marilyn\appdata\local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Successfully deleted: [Folder] C:\Users\Marilyn\appdata\local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Successfully deleted: [Folder] C:\Users\Marilyn\appdata\local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/31/2014 at 20:56:01.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v3.211 - Report created 31/05/2014 at 20:58:36
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Marilyn - PC
# Running from : C:\Users\Marilyn\Desktop\Bleeping Computer\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService
[#] Service Deleted : WebCake Desktop Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Users\Marilyn\AppData\Local\Conduit
Folder Deleted : C:\Users\Marilyn\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Public\Documents\iWin
Folder Deleted : C:\Users\Marilyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Marilyn\AppData\Local\Temp\uninstaller.exe
File Deleted : C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Marilyn\Desktop\MyPC Backup.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16611


-\\ Google Chrome v27.0.1453.116

[ File : C:\Users\Marilyn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Homepage] : hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={812DC535-C60E-11E2-914D-A4BADBA4C8A5}
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
Deleted [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd
Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [24824 octets] - [31/05/2014 20:37:47]
AdwCleaner[R1].txt - [12362 octets] - [31/05/2014 20:56:44]
AdwCleaner[S0].txt - [12160 octets] - [31/05/2014 20:58:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12221 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014
Ran by Marilyn (administrator) on PC on 31-05-2014 21:05:57
Running from C:\Users\Marilyn\Desktop\Bleeping Computer
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
() C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe
( ) C:\Windows\System32\dleacoms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ArcadeWeb LLC) C:\Program Files (x86)\ArcadeWeb\tray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(The Weather Channel Interactive, Inc.) C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [766632 2009-07-10] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [139944 2009-07-10] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [TrayIcRun] => C:\Program Files (x86)\ArcadeWeb\tray.exe [123904 2011-11-18] (ArcadeWeb LLC)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [FATrayAlert] => c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95496 2009-06-24] (Sensible Vision )
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1484856 2010-09-10] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TrayIcRun] => C:\Program Files (x86)\ArcadeWeb\tray.exe [123904 2011-11-18] (ArcadeWeb LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2117863956-4018225900-484196923-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2117863956-4018225900-484196923-1000\...\Run: [DW6] => C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe [822456 2011-06-08] (The Weather Channel Interactive, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0255F871-EF4B-47A0-9027-7E40284A70F4} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101031154727.dll (McAfee, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101031154727.dll (McAfee, Inc.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} -  No File
BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: DealCabby - {B4CB561C-8DBF-4356-9A31-28F022E0C697} - C:\Users\Marilyn\AppData\Local\dealcabby\ie\dealcabby_20121009101501.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} -  No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
Toolbar: HKLM-x32 - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks-x32:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: npDisplayEngine - C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
FF Extension:     LivingPlay TextLinks         - C:\Users\Marilyn\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com [2011-09-11]
FF Extension: ArcadeWeb - C:\Users\Marilyn\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com [2011-11-18]
FF Extension: RapidFinda - C:\Program Files (x86)\Mozilla Firefox\extensions\jhmkxr@ehsehsdmgaq.com [2013-05-26]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2010-03-27]
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKCU\...\Firefox\Extensions: [{C49B4A22-96D2-42FE-B8BC-092F31856EED}] - C:\Users\Marilyn\AppData\Local\{C49B4A22-96D2-42FE-B8BC-092F31856EED}
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz
FF Extension: WordCaptureX - C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz [2011-12-24]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: ""
CHR DefaultSearchKeyword: start.sweetim.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://start.sweetpacks.com?src=6&q={searchTerms}&barid={812DC535-C60E-11E2-914D-A4BADBA4C8A5}&crg=3.5000006.10042&st=23
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Marilyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Marilyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Display Engine v2) - C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Marilyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-15]
CHR Extension: (Google Search) - C:\Users\Marilyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-15]
CHR Extension: (SiteAdvisor) - C:\Users\Marilyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-10-15]
CHR Extension: (No Name) - C:\Users\Marilyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2013-05-26]
CHR Extension: (Gmail) - C:\Users\Marilyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-15]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-04-08]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WhiteSmokeTranslator [2011-12-24]

==================== Services (Whitelisted) =================

R2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [33448 2009-07-01] ()
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1054888 2009-07-01] ( )
R2 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [602792 2009-07-01] ( )
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [103472 2012-12-04] (McAfee, Inc.)
S4 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [509416 2010-04-15] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2010-08-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2010-08-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [149032 2010-08-24] (McAfee, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62800 2010-08-24] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121248 2010-08-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-08-24] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441072 2010-08-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [529000 2010-08-24] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75032 2010-08-24] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94736 2010-08-24] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283232 2010-08-24] (McAfee, Inc.)
S3 Normandy; C:\Windows\SysWow64\Drivers\Normandy.sys [34560 2012-10-15] ()
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 21:05 - 2014-05-31 21:06 - 00000000 ____D () C:\FRST
2014-05-31 21:00 - 2014-05-31 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-31 20:44 - 2014-05-31 20:44 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 20:37 - 2014-05-31 20:58 - 00000000 ____D () C:\AdwCleaner
2014-05-31 20:35 - 2014-05-31 21:05 - 00000000 ____D () C:\Users\Marilyn\Desktop\Bleeping Computer

==================== One Month Modified Files and Folders =======

2014-05-31 21:06 - 2014-05-31 21:05 - 00000000 ____D () C:\FRST
2014-05-31 21:06 - 2010-03-04 19:23 - 00000000 ____D () C:\Users\Marilyn\AppData\Local\Temp
2014-05-31 21:05 - 2014-05-31 20:35 - 00000000 ____D () C:\Users\Marilyn\Desktop\Bleeping Computer
2014-05-31 21:05 - 2009-07-14 00:13 - 00727310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-31 21:05 - 2009-07-14 00:10 - 01593006 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 21:00 - 2014-05-31 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-31 21:00 - 2010-06-09 10:02 - 00083118 _____ () C:\ProgramData\dleascan.log
2014-05-31 21:00 - 2010-03-19 20:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-31 21:00 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 20:59 - 2012-10-12 14:45 - 00038618 _____ () C:\Windows\PFRO.log
2014-05-31 20:59 - 2012-10-12 14:45 - 00010714 _____ () C:\Windows\setupact.log
2014-05-31 20:58 - 2014-05-31 20:37 - 00000000 ____D () C:\AdwCleaner
2014-05-31 20:58 - 2010-03-04 19:23 - 00000000 ___RD () C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 20:50 - 2009-07-13 23:45 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 20:50 - 2009-07-13 23:45 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 20:44 - 2014-05-31 20:44 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 20:24 - 2010-03-19 20:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

Files to move or delete:
====================
C:\Users\Marilyn\jagex_runescape_preferences.dat
C:\Users\Marilyn\jagex_runescape_preferences2.dat
C:\Users\Marilyn\jagex__preferences3.dat


Some content of TEMP:
====================
C:\Users\Marilyn\AppData\Local\Temp\BackupSetup.exe
C:\Users\Marilyn\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Marilyn\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Marilyn\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Marilyn\AppData\Local\Temp\Quarantine.exe
C:\Users\Marilyn\AppData\Local\Temp\Shortcut_sweetpacks_5232013.exe
C:\Users\Marilyn\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marilyn\AppData\Local\Temp\WSSetup.exe
C:\Users\Marilyn\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_25442.exe
C:\Users\Marilyn\AppData\Local\Temp\{89532AD6-F3F9-455A-87A1-CF5AB4840870}-GoogleToolbarInstaller_updater_signed.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-31 20:24

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014
Ran by Marilyn at 2014-05-31 21:07:15
Running from C:\Users\Marilyn\Desktop\Bleeping Computer
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.02 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Bejeweled Deluxe 1.87 (HKLM-x32\...\Bejeweled Deluxe 1.87) (Version: 1.87 - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Bejeweled® 3 (HKLM-x32\...\am-bejeweledr3) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CowBall (HKLM-x32\...\CowBall_is1) (Version:  - )
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
DealCabby (HKLM-x32\...\DealCabby) (Version: 1.0921.1509 - DealCabby)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.34 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.74 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Toolbar (HKLM-x32\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.102 - Alps Electric)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FastAccess (HKLM\...\{B4735ADA-2C32-4DB1-809C-D3D424343ED9}) (Version: 2.4.7.1 - Sensible Vision)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 27.0.1453.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.4.3607.2246 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.153 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Hallmark Scrapbook Studio Deluxe (HKLM-x32\...\{C92CA83A-E0EF-4449-BA4C-C959779447FC}) (Version: 3.0.0.18 - Creative Home)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LivingPlay (HKLM-x32\...\LivingPlay) (Version:  - )
Mahjongg - Ancient Mayas (HKLM-x32\...\{2E6F5711-0A88-460A-B4C8-EB64573BF7E9}_is1) (Version:  - cerasus.media GmbH)
Mahjongg Dimensions Deluxe (HKLM-x32\...\am-mahjonggdimensionsdeluxe) (Version:  - )
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 10.5.204 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Publisher 2010 (HKLM-x32\...\Office14.PUBLISHERR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Million Dollar Password 2009 Edition (HKLM-x32\...\Million Dollar Password 2009 Edition) (Version: 1.0.6.7 - GameHouse, Inc.)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Reader (HKCU\...\PDF Reader) (Version:  - )
Peggle Nights (HKLM-x32\...\Peggle Nights) (Version:  - PopCap Games)
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
PowerTeacher Gradebook (HKCU\...\PowerTeacher Gradebook) (Version:  - Pearson School Systems)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
RapidFinda (HKCU\...\RapidFinda) (Version: 1.0 - RapidFinda)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
SCRABBLE (HKLM-x32\...\SCRABBLE) (Version: 1.0.1.3 - RealArcade)
SearchDonkey (HKLM-x32\...\SearchDonkey) (Version: 2.5.91 - WebAppTech Coding, LLC) <==== ATTENTION
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Super Collapse! 3 (HKLM-x32\...\amg-supercollapse3) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Web Games Player Plugin (HKLM-x32\...\Web Games Player Plugin) (Version:  - Zylom Games)
WhiteSmokeTranslator (HKLM-x32\...\WhiteSmokeTranslator) (Version: 1.00.6033.12731 - WhiteSmoke)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.36 - WildTangent)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
World's Best Board Games 2009 (HKLM-x32\...\{E98A8780-A8BC-48C5-B9D3-1F1C687438F9}_is1) (Version:  - cerasus.media GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
Zuma Deluxe 1.0 (HKLM-x32\...\Zuma Deluxe 1.0) (Version:  - )

==================== Restore Points  =========================

10-03-2013 05:36:55 Scheduled Checkpoint
13-03-2013 02:06:41 Windows Update
25-03-2013 08:00:58 Windows Update
02-04-2013 01:10:00 Scheduled Checkpoint
02-04-2013 01:58:06 Installed Microsoft Publisher 2010
02-04-2013 03:09:52 Windows Update
04-04-2013 02:36:51 Windows Update
05-04-2013 21:17:58 Windows Update
06-04-2013 08:00:15 Windows Update
13-04-2013 18:26:00 Windows Update
26-04-2013 01:01:25 Windows Update
26-05-2013 22:19:00 Windows Update
21-06-2013 15:17:38 Windows Update
25-05-2014 21:36:23 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 21:34 - 2012-10-11 17:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {161EE76A-6C8F-496C-9664-3356354C4BF9} - System32\Tasks\{8E6B564A-B7E3-481E-A6EA-2B55EB2FDCD6} => Chrome.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {28E9A877-AABB-42B2-9D32-D3C0AD66F7EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-19] (Google Inc.)
Task: {70E56CAC-E7EC-4A8B-A512-6A9B894BD1C2} - System32\Tasks\{3D7BDDCF-48A7-402D-AB1E-13FCF0622D99} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {712B7648-B4FD-4B56-A409-F616A64BD62E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-19] (Google Inc.)
Task: {CAAD3212-6240-4EFB-A3B0-F19E0D63CB26} - System32\Tasks\D4W139L1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {E27C81A7-0D08-4A69-AB30-BDCC5C5B4698} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-02-23 14:29 - 2009-07-16 20:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-02-23 14:29 - 2009-07-16 20:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-06-09 10:03 - 2009-06-19 04:01 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2010-06-09 10:02 - 2009-07-01 08:13 - 00033448 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
2010-06-09 10:00 - 2009-07-10 09:06 - 00766632 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
2010-06-09 10:00 - 2009-07-10 09:06 - 00139944 _____ () C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
2010-02-09 13:34 - 2010-02-09 13:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-10-15 04:10 - 2009-10-15 04:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2010-06-09 10:02 - 2009-05-18 08:32 - 01416192 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dleaptpc.dll
2010-06-09 10:02 - 2009-06-19 04:02 - 00198656 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dleadrui.dll
2010-06-09 10:02 - 2009-05-22 02:31 - 00142336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dleaPRPR.DLL
2010-06-09 09:59 - 2009-05-26 15:22 - 00075264 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dleaCFG.DLL
2010-06-09 10:02 - 2009-06-19 04:00 - 00280576 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dleadr.dll
2010-02-23 14:42 - 2009-12-02 17:47 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-02-23 14:42 - 2009-12-02 17:47 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-06-09 09:59 - 2009-05-26 15:17 - 00086118 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll
2010-06-09 10:00 - 2009-05-29 09:08 - 00389120 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
2010-06-09 10:00 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
2010-06-09 10:00 - 2009-05-27 07:13 - 00081920 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacats.dll
2010-06-09 10:00 - 2009-05-29 09:09 - 01159168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll
2010-06-09 10:00 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
2010-06-09 10:00 - 2009-03-05 12:55 - 00059904 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
2010-06-09 09:57 - 2009-02-20 03:50 - 00381440 _____ () C:\Windows\system32\dleasm.dll
2010-06-09 09:57 - 2009-02-20 03:50 - 00028672 _____ () C:\Windows\system32\dleasmr.dll
2010-06-09 10:00 - 2009-06-22 08:08 - 00708608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epwizard.DLL
2010-06-09 10:00 - 2009-06-22 08:06 - 00159744 _____ () C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
2010-06-09 10:00 - 2009-06-22 08:06 - 00114688 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Eputil.DLL
2010-06-09 10:00 - 2009-06-22 08:05 - 00139264 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Imagutil.DLL
2010-06-09 10:00 - 2009-06-22 08:06 - 00061440 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epfunct.DLL
2010-06-09 10:00 - 2009-06-22 08:08 - 02203648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPWizRes.dll
2010-06-09 10:00 - 2009-06-22 08:08 - 00045056 _____ () C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
2010-06-09 10:00 - 2009-06-22 08:08 - 00196608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPOEMDll.dll
2010-06-09 10:00 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
2010-06-09 10:00 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1397 WLAN Mini-Card
Description: Dell Wireless 1397 WLAN Mini-Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (05/31/2014 09:00:55 PM) (Source: Virtual Disk Service) (EventID: 9) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014

Error: (05/31/2014 09:00:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-10-12 12:29:36.929
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Marilyn\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-12 12:29:36.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Marilyn\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-11 17:20:53.787
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-11 17:20:53.631
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-11 17:20:53.475
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-11 17:20:53.319
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-02-03 22:13:34.689
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-02-03 22:13:34.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 4056.36 MB
Available physical RAM: 2335.36 MB
Total Pagefile: 8110.91 MB
Available Pagefile: 6165.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.18 GB) (Free:143.66 GB) NTFS
Drive e: () (Removable) (Total:3.81 GB) (Free:0.4 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: BB4F8998)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:21 AM

Posted 01 June 2014 - 03:55 AM

Hi Jason

JRT and AdwCleaner have removed a lot for us, let's take care of some more now.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Marilyn\Desktop\Bleeping Computer.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log in the Desktop\Bleeping Computer folder (Fixlog.txt). Please post this in your next reply


Step 2
The lines in Chrome are better dealt with by using Chrome itself.

To reset Google Chrome
  • Click the Menu option button at the top right of the Google Chrome screen
  • Select Settings.
  • Click Show advanced settings and find the "Reset browser settings section.
  • Click Reset browser settings.
  • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.
Resetting your browser settings will impact the settings below:

Default search engine and saved search engines will be reset and to their original defaults.
Homepage button will be hidden and the URL that you previously set will be removed.
Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
Pinned tabs will be unpinned.
Content settings will be cleared and reset to their installation defaults.
Cookies and site data will be cleared.
Extensions and themes will be disabled.


Step 3
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 5".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
    .
    Java 6 Update 17 (64-bit)
    Java 6 Update 26

    .
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Step 4
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
In your next reply, please submit:
Fixlog.txt
and let me know how the other steps went.
Also let me know how the system is running now.


Thanks.

Attached Files


BBPP6nz.png


#7 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 01 June 2014 - 08:55 PM

So far seems to be doing well.

 

I did not have the reset for Chrome (version 27). Found some info that says basically to delete the default user in the app data, is that what I should do?

 

I am not going to be able to work on this during the coming week, however, I will have my wife use it and see how it does. If I don't respond until next weekend, you will know why. Sorry but you know how schedules are.

 

Can I use TFC.exe on any computer at any time?

 

Thanks so much for your help to this point. Every time I have used this forum I have had excellent results and this time is no different.

 

Jason

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014
Ran by Marilyn at 2014-06-01 07:44:52 Run:1
Running from C:\Users\Marilyn\Desktop\Bleeping Computer
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(ArcadeWeb LLC) C:\Program Files (x86)\ArcadeWeb\tray.exe
HKLM\...\Run: [TrayIcRun] => C:\Program Files (x86)\ArcadeWeb\tray.exe [123904 2011-11-18] (ArcadeWeb LLC)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [TrayIcRun] => C:\Program Files (x86)\ArcadeWeb\tray.exe [123904 2011-11-18] (ArcadeWeb LLC)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: No Name - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} -  No File
BHO-x32: DealCabby - {B4CB561C-8DBF-4356-9A31-28F022E0C697} - C:\Users\Marilyn\AppData\Local\dealcabby\ie\dealcabby_20121009101501.dll ()
BHO-x32: No Name - {D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} -  No File
Toolbar: HKLM-x32 - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks-x32:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Extension: ArcadeWeb - C:\Users\Marilyn\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com [2011-11-18]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
C:\Users\Marilyn\AppData\Local\Temp\BackupSetup.exe
C:\Users\Marilyn\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Marilyn\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Marilyn\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Marilyn\AppData\Local\Temp\Quarantine.exe
C:\Users\Marilyn\AppData\Local\Temp\Shortcut_sweetpacks_5232013.exe
C:\Users\Marilyn\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marilyn\AppData\Local\Temp\WSSetup.exe
C:\Users\Marilyn\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_25442.exe
C:\Users\Marilyn\AppData\Local\Temp\{89532AD6-F3F9-455A-87A1-CF5AB4840870}-GoogleToolbarInstaller_updater_signed.exe
C:\Program Files (x86)\ArcadeWeb
C:\Users\Marilyn\AppData\Local\dealcabby
C:\Program Files\Updater By SweetPacks
Hosts:
Reboot:





*****************

[2840] C:\Program Files (x86)\ArcadeWeb\tray.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TrayIcRun => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TrayIcRun => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4CB561C-8DBF-4356-9A31-28F022E0C697} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B4CB561C-8DBF-4356-9A31-28F022E0C697} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCR\PROTOCOLS\Handler\cozi => Key deleted successfully.
HKCR\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
C:\Users\Marilyn\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value deleted successfully.
C:\Users\Marilyn\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\GenericUninstall.exe => Moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\hsbing_717_active.exe => Moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\mgsqlite3.dll => Moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\Shortcut_sweetpacks_5232013.exe => Moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\WSSetup.exe => Moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_25442.exe => Moved successfully.
C:\Users\Marilyn\AppData\Local\Temp\{89532AD6-F3F9-455A-87A1-CF5AB4840870}-GoogleToolbarInstaller_updater_signed.exe => Moved successfully.
C:\Program Files (x86)\ArcadeWeb => Moved successfully.
C:\Users\Marilyn\AppData\Local\dealcabby => Moved successfully.
"C:\Program Files\Updater By SweetPacks" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needed a reboot.

==== End of Fixlog ====



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:21 AM

Posted 02 June 2014 - 12:39 AM

Hi Jason

Found some info that says basically to delete the default user in the app data, is that what I should do?

That should do the job just fine.

I am not going to be able to work on this during the coming week, however, I will have my wife use it and see how it does. If I don't respond until next weekend, you will know why.

Ok, thank you for letting me know.
Just reply to this thread when you return and we'll carry on.

Can I use TFC.exe on any computer at any time?

Yes, TFC will run on Win XP, Vista, Win7 and Win8.
It's excellent for cleaning the temp files and browser caches.
I always run it about once a week.

Thanks so much for your help to this point. Every time I have used this forum I have had excellent results and this time is no different.

Many thanks for that. :)

BBPP6nz.png


#9 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 07 June 2014 - 12:36 PM

I am back. 

 

I got Chrome reset. Went back in and there was a reset but it did not seem to work, so I renamed the default user and that worked. 

 

Seems to be doing good, but it did not get used much last week. 

 

Let me know what the next step will be. I will be using it this week to see what issues still may exist.

 

Thanks

 

Jason



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:21 AM

Posted 07 June 2014 - 04:30 PM

Hi Jason,

Nice to see you back.
Hope the week has been good for you.
 

I got Chrome reset. Went back in and there was a reset but it did not seem to work, so I renamed the default user and that worked.

:thumbup2:

2 things for you to do... so we can double check everything.

Step 1
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program (i suggest you untick this option and just use the free version)
  • Click Finish
  • If you are notified the Database is out of date click Update Now

    mbamnew_zpsdc989cc1.png
  • Click Scan Now >>
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
.

(Copy to clipboard for pasting into forum replies)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab >> Application Logs.

    mbamapplog_zps222887ef.png
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.
Step 2
I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • If asked, allow the activex control to install
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.


In your next reply, please submit:
MBAM scan report
Eset scan report (if anything is found)


Thanks.

Edited by Starbuck, 07 June 2014 - 04:31 PM.

BBPP6nz.png


#11 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 08 June 2014 - 07:13 AM

 
Eset Scanner did not find anything, but I attached the log anyway.
 
Let me know what is next.
 
Thanks
 
Jason
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/7/2014
Scan Time: 11:15:50 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.08.01
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marilyn
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296297
Time Elapsed: 20 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [b64bf6807cff3ff738683e98788b9d63], 
 
Registry Values: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, SSWEETPACKS, Quarantined, [b64bf6807cff3ff738683e98788b9d63]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.TidyNetwork.A, C:\Users\Marilyn\AppData\Local\TNT2, Quarantined, [51b0f3837605fb3bc81514714cb6b34d], 
 
Files: 40
PUP.Optional.WebCake.A, C:\Program Files (x86)\WBDesktop.Updater.1.0.0.17.exe, Quarantined, [4cb5e2943843aa8c7abeb656fd046898], 
PUP.Optional.InstallIQ.A, C:\Users\Marilyn\Downloads\pdflite_d2173097.exe, Quarantined, [dd24ef87dc9f8fa730654eca12ef7a86], 
PUP.Optional.SweetIM, C:\Windows\Installer\aa541.msi, Quarantined, [20e17501611a60d6474a325fb54fe51b], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\pinnedSearch_FindWide.htm, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\INSTALL.TNT, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\Autorun.inf, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\crx.tar, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\ffassist.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\GLOBALUNINSTALL.TNT, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\hmac.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\ie8starter.exe, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\iehpr.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\iestage2.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\IEToolbar.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\IEToolbar64.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\log.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\npTNT2Ghost.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\OldStyleSB.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\PARTNER.TNT, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\passport.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\passport64.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\pinnedSearch.htm, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\progress.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\regsvr.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\RemoteSkin.wms, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\sqlite.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\tnt2chrome.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\TNT2User.exe, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\TNT2UserPS.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\TNT2UserPS64.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\TntMagicDel.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\UnInjLib.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\UnInjLib64.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\UNINSTALL.TNT, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\UninstallDlg.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\untar.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\UPDATE.TNT, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\xpi.tar, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
PUP.Optional.FindWide, C:\Users\Marilyn\AppData\Local\TNT2\2.0.0.1534\zipunzip.1.dll, Quarantined, [5ca53541146780b68c3c05db36cd5aa6], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=a9a3370db663b04bb6c97bc1b2e7d18a
# engine=8686
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-08 06:49:07
# local_time=2014-06-08 01:49:07 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5122 16777213 100 76 112713810 129945837 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 79279704 153753597 0 0
# scanned=227517
# found=0
# cleaned=0
# scan_time=3714
 


#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:21 AM

Posted 08 June 2014 - 11:26 AM

Hi Jason,

It's always a good sign when Eset finds nothing.
Things look good now.

If there are no more issues with the system, we can finish off the cleaning process.

BBPP6nz.png


#13 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 08 June 2014 - 12:44 PM

Seems to be working quite well. There are Windows updates to install at some point, but I assume that is part of finishing it off along with other updates.



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:21 AM

Posted 08 June 2014 - 03:35 PM

Hi Jason,
 

There are Windows updates to install at some point, but I assume that is part of finishing it off along with other updates.

Yes i will explain what needs updating as well as explaining how to remove the tools we have used.

Updates

Adobe Reader X (10.1.4) .... out of date
Version XI (11.0.07) .... Latest version.
Go to http://get.adobe.com/reader/
Untick the optional offer to install McAfee Security Scan Plus.
Then click on Install Now.

Adobe Flash Player 10 (Version: 10.1.102.64) ... Out of Date
Version 13.0.0.214 ..... Latest version.
Go to http://get.adobe.com/flashplayer/
Untick the optional offer to install McAfee Security Scan Plus.
Then click on Install Now.

Did you update Java as per Step 3 of Post #6 ?

Windows Update:
Start >> All Programs >> Windows Update.
Update ALL Critical updates and any other Windows updates for services/programs that you use.

Let's finish the cleaning process and remove the tools we have used.
We'll also set you a fresh restore point.

Step 1
Restart MBAM.
Click on the History tab >> Quarantine
Tick to select any items and then click the Delete button.
Close MBAM.

It is up to you if you want to keep MBAM.
It is handy to have ..... update it and run a scan once a week.
If you want to remove it... it can be removed using the Remove Programs feature in Control Panel.


Step 2
Download Delfix and save it to your desktop.
  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
  • Create registry backup
  • Purge system restore

    delf_zpsb39a5ff3.png
    .
  • Click the Run button.
When the tool has finished, a log will open in notepad.... but i don't actually need this report

Eset can be removed using the Remove Programs feature in Control Panel.

Note:
DelFix will also remove TFC, if you want to get this again .... the link is further down this post


To find out how you may have been infected....read this topic:
How did i get infected?


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program

Update your AntiVirus Software regularly

Use a Firewall

Only install one software Firewall

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:
Malwarebytes Anti-Malware
SUPERAntiSypware
Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Use an alternative browser to Internet Explorer:
Some excellent alternatives to MS Internet Explorer are:

Firefox
For added security, add the NoScript extension to this browser:
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
also consider adding:
WOT - Safe Browsing Tool

Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
Btw: you don't have to make a contribution.

Opera

Keep a backup of your registry
Keeping a regular backup of your registry will help when something goes wrong.
Use a program like:
Erunt

A full tutorial on how to set up and use Erunt can be found here:
Erunt tutorial

Keep your system clean of temp files etc, using a 'Cleaner':

Cleaners are programs that will help to clean out your:
Windows temp files
Current user temp files
Cookies
Temporary Internet flies
Browser history
Recycle bin
Etc.......
In other words.... all the rubbish that you accumulate over the course of your browsing and day to day usage of your pc.
Programs like:
TFC by OldTimer
ATF Cleaner

Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly.
Alternatively, turn on the Automatic Updates.

Peer to Peer programs
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

Edited by Starbuck, 08 June 2014 - 03:38 PM.

BBPP6nz.png


#15 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 09 June 2014 - 09:55 PM

Guess I may have spoken too soon. The computer had not been used for quite some time because of the issues and then because I did not have time to look at it. As a result the Windows updates were many and my internet is a little slow, so it took quite a long time to do the updates. As a result I think it may have allowed some other items in before I got everything updated.

 

I found the following items in the programs and features that I don't think were there previously:

 

Rapid Finda
Search protect
knctr phone - This one just popped up a window and that is what got me looking.
Whitesmoke Translator

 

I got all but Whitesmoke translator unistalled. I then ran Malwarebytes and it found Contsasurf. After I saw it in the logs, I went to the the Programs and Features and it was there also and I don't think it was there before. I then quarantined it with Malwarebytes and restarted and it does not show up in the Prog and Features. I have not removed the quaratined items.

 

I have posted the Malwarebytes scan log below.

 

I got Adobe reader, Adobe Flash, and Windows updated. I installed Firefox and plan to remove Chrome, but decided to stop now and let you know. I can maybe get it figured out with some search help, but you know this stuff much better, so I thought I would get your advice since I already have a thread open.

 

I think we are close. I just wasn't able to plug the holes quite fast enough.

 

Let me know what else you need from me.

 

Thanks

 

Jason

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/9/2014
Scan Time: 8:53:11 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.09.11
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marilyn

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 299163
Time Elapsed: 39 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 4
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe, 6664, Delete-on-Reboot, [b7b8de98512a86b04f59cca6d22f8977]
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe, 3924, Delete-on-Reboot, [fa75a8cea6d575c1d3d5482a3ec37f81]
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe, 6556, Delete-on-Reboot, [541b7303b7c4f83e27facfca59a93ec2]
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe, 5256, Delete-on-Reboot, [541b7303b7c4f83e27facfca59a93ec2]

Modules: 1
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.dll, Delete-on-Reboot, [541b7303b7c4f83e27facfca59a93ec2],

Registry Keys: 21
PUP.Optional.ConstaSurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ConstaSurf, Quarantined, [b7b8de98512a86b04f59cca6d22f8977],
PUP.Optional.ConstaSurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update ConstaSurf, Quarantined, [fa75a8cea6d575c1d3d5482a3ec37f81],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [28472d4913686dc91d03f18135cd20e0],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [28472d4913686dc91d03f18135cd20e0],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\ConstaSurf, Quarantined, [4f20d0a6d0abd95d07ac9a1025dd8b75],
PUP.Optional.ConstaSurf.A, HKU\S-1-5-21-2117863956-4018225900-484196923-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ConstaSurf, Quarantined, [630c84f2cfacc571eac83674fb0703fd],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2117863956-4018225900-484196923-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, Quarantined, [9ad5df975e1d3501eb79febc82807e82],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{d7356335-81bf-4769-bfbd-2e2889138641}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{52654f2b-3a13-4569-ab52-ef4201f79221}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{41E2BE59-5C34-46AB-B743-6678BC94F42C}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41E2BE59-5C34-46AB-B743-6678BC94F42C}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{52654f2b-3a13-4569-ab52-ef4201f79221}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D7356335-81BF-4769-BFBD-2E2889138641}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ConstaSurf, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],

Registry Values: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2117863956-4018225900-484196923-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [9ad5df975e1d3501eb79febc82807e82]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf, Delete-on-Reboot, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin, Delete-on-Reboot, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\TEMP, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],

Files: 32
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe, Delete-on-Reboot, [b7b8de98512a86b04f59cca6d22f8977],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe, Delete-on-Reboot, [fa75a8cea6d575c1d3d5482a3ec37f81],
PUP.Optional.Conduit.A, C:\Users\Marilyn\AppData\Local\Temp\nsi87BA.exe, Quarantined, [1d52ef874e2d55e188f0e1a3aa57af51],
PUP.Optional.Conduit.A, C:\Users\Marilyn\AppData\Local\Temp\SearchProtectINT.exe, Quarantined, [2e4196e06615ad890318140bb948b14f],
PUP.Optional.Conduit.A, C:\Users\Marilyn\AppData\Local\Temp\nsj8E34.exe, Quarantined, [521d62141d5eff3762162e56f60bf20e],
PUP.Optional.Conduit.A, C:\Users\Marilyn\AppData\Local\Temp\nso3E7A.exe, Quarantined, [5d12adc9d9a2d363c2b67b099b6619e7],
PUP.Optional.Conduit.A, C:\Users\Marilyn\AppData\Local\Temp\nso4223.exe, Quarantined, [5a15a4d24239f4426513a0e48d74768a],
PUP.Optional.Conduit.A, C:\Users\Marilyn\AppData\Local\Temp\nsj8A8B.exe, Quarantined, [244bde9899e266d0285004802dd4ab55],
PUP.Optional.Conduit.A, C:\Users\Marilyn\AppData\Local\Temp\nskA585\SpSetup.exe, Quarantined, [df900373ed8e3303f286067e33cedb25],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\0, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\7za.exe, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\ConstaSurf.FirstRun.exe, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\ConstaSurf.ico, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\ConstaSurfBHO.dll, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\ConstaSurfUninstall.exe, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\updateConstaSurf.InstallState, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\7za.exe, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\BrowserAdapterS.7z, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.BrowserAdapter.exe, Delete-on-Reboot, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowse64.exe, Delete-on-Reboot, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurf.PurBrowseG.zip, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\ConstaSurfBAApp.dll, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.InstallState, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\{0782648b-1717-4fef-ac58-8cb3ce03adb3}.dll, Delete-on-Reboot, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.Bromon.dll, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.BroStats.dll, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.BrowserAdapterS.dll, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.CompatibilityChecker.dll, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.FFUpdate.dll, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.IEUpdate.dll, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.ConstaSurf.A, C:\Program Files (x86)\ConstaSurf\bin\plugins\ConstaSurf.PurBrowseG.dll, Quarantined, [541b7303b7c4f83e27facfca59a93ec2],
PUP.Optional.Trovi.A, C:\Users\Marilyn\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ({"apps":{"shortcuts_have_been_created":true},"browser":{"clear_lso_data_enabled":true,"last_known_google_url":"https://www.google.com/","last_prompted_google_url":"https://www.google.com/","pepper_flash_settings_enabled":true,"show_home_button":true,"window_placement":{"bottom":718,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":728,"work_area_left":0,"work_area_right":1366,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"default_search_provider":{"alternate_urls":[],"enabled":true,"encodings":"","icon_url":"http://www.siteadvisor.com/favicon.ico","id":"7","image_url":"","image_url_post_params":"","instant_url":"","instant_url_post_params":"","keyword":"mcafee","name":"McAfee","new_tab_url":"","prepopulate_id":"0","search_terms_replacement_key":"","search_url":"http://search.yahoo.com/search?fr=mcafee&type=A211US440&p={searchTerms}","search_url_post_params":"","suggest_url":"","suggest_url_post_params":"","synced_guid":"F59B2EC8-1D34-435D-B539-435BA415D1B6"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"13046830732853002","next_check":"13046848438810757"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"install_signature":{"expire_date":"2014-08-30","ids":["aohghmighlieiainnegkcijnfilokake","bepbmhgboaologfdajaanbcjmnhjmhfn","fheoggkfdfchfphceeifdbepaooicaho"],"invalid_ids":[],"salt":"hU41bhDYgT+BI5eO7ihdstPxhMhVCsuSbClxhQp/oyY=","signature":"he64qzAkvbx9VG5NMO5ub7aib6Cu3SECGeI+JM6rOZsZBSgMzwgB4nlb8cuWPQp6cYuqg2mDBoPWXuxFb/x3WeF6p+vMY0dZPr6jmza8lMzz3NoKHyPTmwD06/QhOGO60otgbDijjEHMNACVWzE5YV1dmtaZh+j1FoUsCEbYrHAs/Hb5DlqYktus7CzSirlZvWTV6ZAByPHv3uvt/f7jEDWXgMmq4ggFr2kNHoqwH9pBoJkvM9PfNVpztPrHRhwWhHWJ7yMH5DQwu5D6sPZLL8MIfbUhTBmbiYaoQO58q1HPIb/iAYA9aEF4y6Oj7lgReicAtOEOID3ECrKJBTDAfQ==","signature_format_version":2,"timestamp":"13046636389057923"},"known_disabled":[],"last_chrome_version":"35.0.1916.114","settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","webstorePrivate"],"manifest_permissions":[]},"app_launcher_ordinal":"t","content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13046636369287721","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Chrome Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Store","permissions":["webstorePrivate","management"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\web_store","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"aohghmighlieiainnegkcijnfilokake":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"w","content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636386337923","lastpingday":"13046770807289000","location":1,"manifest":{"api_console_project_id":"619683526622","app":{"launch":{"local_path":"main.html"}},"container":"GOOGLE_DRIVE","current_locale":"en_US","default_locale":"en_US","description":"Create and edit documents ","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB","manifest_version":2,"name":"Google Docs","offline_enabled":true,"update_url":"https://clients2.google.com/service/update2/crx","version":"0.6"},"page_ordinal":"n","path":"aohghmighlieiainnegkcijnfilokake\\0.6_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true,"active_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"app_launcher_ordinal":"x","content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13046636395430923","lastpingday":"13046770807289000","location":1,"manifest":{"app":{"launch":{"web_url":"https://drive.google.com/?usp=chrome_app"},"urls":["http://docs.google.com/","http://drive.google.com/","https://docs.google.com/","https://drive.google.com/"]},"background":{"allow_js_access":false},"current_locale":"en_US","default_locale":"en_US","description":"Google Drive: create, share and keep all your stuff in one place.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB","manifest_version":2,"name":"Google Drive","offline_enabled":true,"options_page":"https://drive.google.com/settings","permissions":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"update_url":"http://clients2.google.com/service/update2/crx","version":"6.3"},"page_ordinal":"n","path":"apdfllckaahabafndbhieahigkjlhalf\\6.3_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"bepbmhgboaologfdajaanbcjmnhjmhfn":{"ack_external":true,"active_permissions":{"api":["audioCapture","hotwordPrivate","management","power","tabs","webConnectable"],"explicit_host":["*://*.google.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":137,"disable_reasons":1,"events":[],"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636379720923","lastpingday":"13046770807289000","location":10,"manifest":{"background":{"page":"background.html"},"description":"This extension allows you to say âOk Googleâ and start speaking your search.","externally_connectable":{"ids":["dnhpdliibojhegemfjheidglijccjfmc"],"matches":["*://*.google.com/*","chrome://newtab/"]},"icons":{"128":"images/icon-128.png","16":"images/icon-16.png","48":"images/icon-48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXIZX6oiu1YU4WTZBC5FCFw08u8fPtm75p6l9IzYaCCOjJh47sg1M5eatyBuVVvC2ahku3PzgquBZQZcRkr6kd9sa8jHUBeTQsvPv8yFicYlAqdguFtEK2kbXN2Ff5i61kIe79I6hZKlTJ6KsxiAcOPQpV1uIgJFyrFxTyC1u+WwIDAQAB","manifest_version":2,"minimum_chrome_version":"31","name":"Google Voice Search Hotword (Beta)","options_page":"options.html","permissions":["*://*.google.com/*","audioCapture","hotwordPrivate","management","power","tabs"],"platforms":[{"lang":"de","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_de/"},{"lang":"de","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_de/"},{"lang":"de","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_de/"},{"lang":"en-GB","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_en-gb/"},{"lang":"en-GB","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_en-gb/"},{"lang":"en-GB","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_en-gb/"},{"lang":"fr","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_fr/"},{"lang":"fr","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_fr/"},{"lang":"fr","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_fr/"},{"lang":"ru","nacl_arch":"arm","sub_package_path":"_platform_specific/arm_ru/"},{"lang":"ru","nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_ru/"},{"lang":"ru","nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_ru/"},{"nacl_arch":"arm","sub_package_path":"_platform_specific/arm_/"},{"nacl_arch":"x86-32","sub_package_path":"_platform_specific/x86-32_/"},{"nacl_arch":"x86-64","sub_package_path":"_platform_specific/x86-64_/"}],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.5019","web_accessible_resources":["audio/1_short_Open_16_16.wav"]},"path":"bepbmhgboaologfdajaanbcjmnhjmhfn\\0.1.1.5019_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":true,"was_installed_by_oem":false},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"z","content_settings":[],"creation_flags":153,"events":[],"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13046636390921923","lastpingday":"13046770807289000","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"http://www.youtube.com/?feature=ytca"},"web_content":{"enabled":true,"origin":"http://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","manifest_version":2,"name":"YouTube","permissions":["appNotifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"4.2.6"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"booedmolknjekdopkepjjeckmjkdpfgl":{"active_permissions":{"api":["tabs","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["chrome://newtab/*","chrome://settings-frame/*","http://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["chrome://settings-frame/*"]},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046834679042127","location":5,"manifest":{"background":{"persistent":true,"scripts":["bk.js"]},"content_scripts":[{"js":["cs.js"],"matches":["chrome://settings-frame/*"]}],"content_security_policy":"default-src 'self'; script-src chrome://resources 'self' chrome://settings-frame 'unsafe-eval'; frame-src 'self' chrome://settings-frame; style-src 'self' 'unsafe-inline';object-src 'self';","description":"Extutil","incognito":"spanning","key":"MIAfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+ea9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Extutil","permissions":["chrome://newtab/","tabs","webNavigation","webRequest","webRequestBlocking","http://*/*","https://*/*","chrome://settings-frame/"],"version":"0.1"},"path":"C:\\Users\\Marilyn\\AppData\\Local\\Temp\\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"yn","content_settings":[],"creation_flags":153,"events":[],"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13046636392835923","lastpingday":"13046770807289000","location":1,"manifest":{"app":{"launch":{"web_url":"http://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","manifest_version":2,"name":"Google Search","permissions":[],"update_url":"http://clients2.google.com/service/update2/crx","version":"0.0.0.20"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"dnhpdliibojhegemfjheidglijccjfmc":{"active_permissions":{"api":["hotwordPrivate","tabs","webConnectable"],"explicit_host":["*://*.google.com/*","chrome://newtab/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636369287721","location":5,"manifest":{"background":{"persistent":false,"scripts":["manager.js"]},"externally_connectable":{"matches":["*://*.google.com/*","chrome://newtab/"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDagiQy1VGkO2CHJSjVh7eU5GtuBuOlg2/cTZt7203AcevqpcDd+65S2/yd9KAELYcU6pK8nHVGYBMI6s0u+0RgXfIJ0eFOlTlgfAQWHvg8ovHtJlFJd1COrOkbntD9+s9Jobr3ldmow87aZF1bVHUY4khVP56cZe6adlVw2wK31QIDAQAB","manifest_version":2,"minimum_chrome_version":"32","name":"hotword helper","permissions":["*://*.google.com/*","chrome://newtab/","hotwordPrivate","tabs"],"version":"0.0.1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\hotword_helper","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"eemcgdkfndhakfknompkggombfjjjeno":{"active_permissions":{"api":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs"],"explicit_host":["chrome://favicon/*","chrome://resources/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636369272721","location":5,"manifest":{"chrome_url_overrides":{"bookmarks":"main.html"},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","description":"Bookmark Manager","icons":{},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Bookmark Manager","permissions":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs","chrome://favicon/","chrome://resources/"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\bookmark_manager","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"ennkphjdgehloodpbhlhldgbnhmacadg":{"active_permissions":{"api":[],"explicit_host":["chrome://settings-frame/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636369287721","location":5,"manifest":{"app":{"background":{"scripts":["settings_app.js"]}},"description":"Settings","display_in_launcher":false,"icons":{"128":"settings_app_icon_128.png","16":"settings_app_icon_16.png","32":"settings_app_icon_32.png","48":"settings_app_icon_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB","manifest_version":2,"name":"Settings","permissions":["chrome://settings-frame/"],"version":"0.2"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\settings_app","preferences":{},"regular_only_preferences":{},"running":false,"was_installed_by_default":false,"was_installed_by_oem":false},"fheoggkfdfchfphceeifdbepaooicaho":{"ack_external":true,"ack_prompt_count":1,"active_permissions":{"api":["nativeMessaging","tabs","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["http://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["http://*/*","https://*/*"]},"content_settings":[],"creation_flags":9,"disable_reasons":1,"events":[],"exclude_from_sideload_wipeout":true,"external_first_run":true,"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636389057923","lastpingday":"13046770807289000","location":6,"manifest":{"background":{"persistent":true,"scripts":["background.js"]},"content_scripts":[{"all_frames":true,"js":["ContentScript.js"],"matches":["http://*/*","https://*/*"],"run_at":"document_end"},{"all_frames":true,"js":["ContentOnDocStart.js"],"matches":["http://*/*","https://*/*"],"run_at":"document_start"}],"content_security_policy":"script-src 'self' 'unsafe-eval'; object-src 'self'","description":"SiteAdvisor","icons":{"128":"Resources/128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrOrksCVomv4HZxXZu6eb3fMbFPlYcSWHnBa0eGSLlBx4YJU3hgqATLB9FrVu1I2kjEKU02kDNejzwnooAjAMpQLMN6rDnVLt/xgvBvwfUcqVOX2vmJvzBFUNhrShiAco662ZtJRD2B4MshsjoggFtWvpBDi3VXRzpr1I0jA0tUwIDAQAB","manifest_version":2,"name":"SiteAdvisor","page_action":{"default_icon":"Resources/button_grey.gif","default_popup":"popup.html","default_title":"SiteAdvisor"},"permissions":["webRequest","webRequestBlocking","tabs","http://*/*","https://*/*","nativeMessaging"],"update_url":"http://clients2.google.com/service/update2/crx","version":"3.65.135.1"},"path":"fheoggkfdfchfphceeifdbepaooicaho\\3.65.135.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"flpcjncodpafbgdpnkljologafpionhb":{"active_permissions":{"api":["tabs","webNavigation"],"explicit_host":["chrome://favicon/*","chrome://resources/*","chrome://settings-frame/*","http://*/*","http://search.conduit.com/*","http://search.qasite.com/*","http://www.qatrovi.com/*","http://www.trovi.com/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["chrome://settings-frame/*","http://search.conduit.com/*","http://search.qasite.com/*","http://www.qatrovi.com/*","http://www.trovi.com/*"]},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046834679053127","location":5,"manifest":{"background":{"page":"background___background.html","persistent":true},"content_scripts":[{"js":["cs.js"],"matches":["http://search.conduit.com/*","http://search.qasite.com/*","http://www.qatrovi.com/*","http://www.trovi.com/*","chrome://settings-frame/*"]}],"content_security_policy":"default-src 'self'; script-src chrome://resources 'self' chrome://settings-frame 'unsafe-eval'; frame-src 'self' chrome://settings-frame; style-src 'self' 'unsafe-inline';object-src 'self';","description":"Managera","incognito":"spanning","key":"MIAfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Managera","permissions":["tabs","webNavigation","http://search.conduit.com/*","http://search.qasite.com/*","http://www.qatrovi.com/*","http://www.trovi.com/*","chrome://favicon/","chrome://resources/","chrome://settings-frame/","chrome://resources/","http://*/*","https://*/*"],"version":"0.1"},"path":"C:\\Users\\Marilyn\\AppData\\Local\\Temp\\38fdaae5-8e0e-493c-88ec-e05c3be06e42","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"gfdkimpbcpahaombhbimeihdjnejgicl":{"active_permissions":{"api":["feedbackPrivate"],"explicit_host":["chrome://resources/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["feedbackPrivate.onFeedbackRequested"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636369287721","location":5,"manifest":{"app":{"background":{"scripts":["js/event_handler.js"]},"content_security_policy":"default-src 'none'; script-src 'self' chrome://resources; style-src 'unsafe-inline' *; img-src *; media-src 'self'"},"description":"User feedback extension","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"32":"images/icon32.png","64":"images/icon64.png"},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMZElzFX2J1g1nRQ/8S3rg/1CjFyDltWOxQg+9M8aVgNVxbutEWFQz+oQzIP9BB67mJifULgiv12ToFKsae4NpEUR8sPZjiKDIHumc6pUdixOm8SJ5Rs16SMR6+VYxFUjlVW+5CA3IILptmNBxgpfyqoK0qRpBDIhGk1KDEZ4zqQIDAQAB","manifest_version":2,"name":"Feedback","permissions":["feedbackPrivate","chrome://resources/"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\feedback","preferences":{},"regular_only_preferences":{},"running":false,"was_installed_by_default":false,"was_installed_by_oem":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13046636369272721","location":5,"manifest":{"app":{"launch":{"web_url":"https://www.google.com/cloudprint"},"urls":["https://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"icons":{},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\cloud_print","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"n","content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13046636369287721","location":5,"manifest":{"app":{"launch":{"web_url":"http://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\chrome_app","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"neajdppkdcdipfabeoofebfddakdcjhd":{"active_permissions":{"api":["systemPrivate","ttsEngine"],"explicit_host":["https://www.google.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["ttsEngine.onPause","ttsEngine.onResume","ttsEngine.onSpeak","ttsEngine.onStop"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636369287721","location":5,"manifest":{"background":{"persistent":false,"scripts":["tts_extension.js"]},"description":"Component extension providing speech via the Google network text-to-speech service.","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GSbNUMGygqQTNDMFGIjZNcwXsHLzkNkHjWbuY37PbNdSDZ4VqlVjzbWqODSe+MjELdv5Keb51IdytnoGYXBMyqKmWpUrg+RnKvQ5ibWr4MW9pyIceOIdp9GrzC1WZGgTmZismYR3AjaIpufZ7xDdQQv+XrghPWCkdVqLN+qZDA1HU+DURznkMICiDDSH2sU0egm9UbWfS218bZqzKeQDiC3OnTPlaxcbJtKUuupIm5knjze3Wo9Ae9poTDMzKgchg0VlFCv3uqox+wlD8sjXBoyBCCK9HpImdVAF1a7jpdgiUHpPeV/26oYzM9/grltwNR3bzECQgSpyXp0eyoegwIDAQAB","manifest_version":2,"name":"Google Network Speech","permissions":["systemPrivate","ttsEngine","https://www.google.com/"],"tts_engine":{"voices":[{"event_types":["start","end","error"],"gender":"female","lang":"en-US","remote":true,"voice_name":"Google US English"},{"event_types":["start","end","error"],"gender":"male","lang":"en-GB","remote":true,"voice_name":"Google UK English Male"},{"event_types":["start","end","error"],"gender":"female","lang":"en-GB","remote":true,"voice_name":"Google UK English Female"},{"event_types":["start","end","error"],"gender":"female","lang":"es-ES","remote":true,"voice_name":"Google Español"},{"event_types":["start","end","error"],"gender":"female","lang":"fr-FR","remote":true,"voice_name":"Google Français"},{"event_types":["start","end","error"],"gender":"female","lang":"it-IT","remote":true,"voice_name":"Google Italiano"},{"event_types":["start","end","error"],"gender":"female","lang":"de-DE","remote":true,"voice_name":"Google Deutsch"},{"event_types":["start","end","error"],"gender":"female","lang":"ja-JP","remote":true,"voice_name":"Google æ¥æ¬äºº"},{"event_types":["start","end","error"],"gender":"female","lang":"ko-KR","remote":true,"voice_name":"Google íêµ­ì"},{"event_types":["start","end","error"],"gender":"female","lang":"zh-CN","remote":true,"voice_name":"Google 中å½ç"}]},"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\network_speech_synthesis","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["alarms","desktopCapture","webConnectable","webrtcAudioPrivate","webrtcLoggingPrivate","system.cpu"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636369287721","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["https://*.google.com/hangouts*","*://localhost/*"]},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Google+ Hangouts","permissions":["alarms","desktopCapture","system.cpu","webrtcAudioPrivate","webrtcLoggingPrivate"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\hangout_services","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webRequestInternal","webview"],"explicit_host":["https://checkout.google.com/*","https://sandbox.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636383698923","lastpingday":"13046770807289000","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"en_US","default_locale":"en","description":"Google Wallet for digital goods","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Google Wallet","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://checkout.google.com/","https://sandbox.google.com/checkout/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.0.6.1"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.1_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13046636369287721","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"y","content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13046636388517923","lastpingday":"13046770807289000","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\7_1","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"homepage":"","homepage_is_newtabpage":false,"intl":{"accept_languages":"en-US,en"},"invalidator":{"client_id":"5ZHxCD9kCs3Th2jUA/hL8g=="},"media":{"device_id_salt":"7dpd+ikqU924hoSX7d0YpA=="},"net":{"http_server_properties":{"servers":{"1295336.fls.doubleclick.net:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":false},"2926037.fls.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"4167672.fls.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"accounts.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"ad.doubleclick.net:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":3,"6":46},"supports_spdy":true},"ad.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"ajax.googleapis.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"analytics.twitter.com:443":{"supports_spdy":true},"apis.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"clients1.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"clients2.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true},"clients2.googleusercontent.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"cm.g.doubleclick.net:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":22,"6":5},"supports_spdy":true},"cm.g.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"encrypted-tbn0.gstatic.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"encrypted-tbn3.gstatic.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":false},"fbstatic-a.akamaihd.net:443":{"supports_spdy":true},"fls.doubleclick.net:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"fonts.googleapis.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"fonts.googleapis.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"google.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"googleads.g.doubleclick.net:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"googleads.g.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"googleads4.g.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"graph.facebook.com:443":{"supports_spdy":true},"m.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"oauth.googleusercontent.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"pagead2.googlesyndication.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"pagead2.googlesyndication.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"partner.googleadservices.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"pubads.g.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"s0.2mdn.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"s1.2mdn.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"ssl.gstatic.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"stats.g.doubleclick.net:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"themes.googleusercontent.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"themes.googleusercontent.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"tpc.googlesyndication.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"twitter.com:443":{"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google-analytics.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":3,"6":15},"supports_spdy":true},"www.google.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.googleadservices.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.googleapis.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"www.googletagmanager.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.googletagservices.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.gstatic.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":4,"6":31},"supports_spdy":true},"www.gstatic.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false}},"version":2}},"pinned_tabs":[],"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{},"pref_version":1},"created_by_version":"35.0.1916.114","exit_type":"Crashed","exited_cleanly":true,"icon_version":2,"managed_user_id":"","name":"First user","per_host_zoom_levels":{}},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":[""],"startup_urls_migration_time":"13046636369272721"},"translate_blocked_languages":["en"],"translate_whitelists":{}}), Replaced,[006f1066542790a65ba4edaf7c888878]

Physical Sectors: 0
(No malicious items detected)


(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users