Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tr553 spyware, and when i click links on sites i get redirected


  • This topic is locked This topic is locked
11 replies to this topic

#1 mrtaz4u

mrtaz4u

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 04 August 2015 - 10:48 PM

I have searched the boards and used every program mention, from ccleaner to emsisoft, jrt, malware bytes etc. I cleaned it and still no go. I even uninstall google chrome and i still get the pop ups. Malware bytes keeps telling me its blocking tr553. I have attached frst logs. Please help. I work from home so this is very annoying.

 

Thanks

Attached Files



BC AdBot (Login to Remove)

 


m

#2 mrtaz4u

mrtaz4u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 04 August 2015 - 10:54 PM

I also have ads by Jabuticaba that wont go away



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 05 August 2015 - 08:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2047625657-3916351942-114977860-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 BITCOMET_HELPER_SERVICE; A:\Program Files\BitComet\tools\BitCometService.exe -service [X]
S2 gupdate; "A:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "A:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 Hamachi2Svc; "A:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S3 IEEtwCollectorService; %SystemRoot%\system32\IEEtwCollector.exe /V [X]
R2 MsDepSvc; "A:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [X]
R2 MSSQL$SQLEXPRESS; "A:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [X]
S4 NetMsmqActivator; "A:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 SQLAgent$SQLEXPRESS; "A:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [X]
S3 Steam Client Service; "A:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]
S2 WRSVC; "A:\Program Files\Webroot\WRSA.exe" -service [X]
R2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]
S0 ySnTdfRp; A:\Windows\System32\drivers\ySnTdfRp.sys [116224 2015-08-04] (Webroot)
S3 catchme; \??\A:\ComboFix\catchme.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
A:\Windows\System32\drivers\ySnTdfRp.sys
Task: {21DA8EF5-13E0-41D9-94E2-ED2ACB829F98} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {2C575025-DB4F-4B55-9907-87BF70140874} - \Elazt No Task File <==== ATTENTION
Task: {37B4BDA7-F732-42B0-ACD5-163CAE22750C} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {4D712CF0-9824-4B42-9B13-2E343F7F8B2A} - \WindApp Update No Task File <==== ATTENTION
Task: {5690A7AF-768C-4602-923E-D7050C20EA83} - \Web Tool Runner No Task File <==== ATTENTION
Task: {5FDFD014-D628-4B49-AF74-4BF01BBBB7B9} - \SMW_UpdateTask_Time_333936353032363639322d2a23452a2d4534415b573232 No Task File <==== ATTENTION
Task: {612831B9-E17C-426E-B27B-5CBC916D4FB6} - \Selection Tools Update No Task File <==== ATTENTION
Task: {658CF2E0-737D-4F61-9C82-9696ECF354BA} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {662316A6-70A8-4233-BFD9-7E407DDCF406} - \Crossbrowse No Task File <==== ATTENTION
Task: {6654BFC2-AC5A-45B4-B741-D3239476B5C6} - \SushiLeads No Task File <==== ATTENTION
Task: {718CE97D-D3DB-46B4-B737-E7617662BF2A} - \HDNINSTSCHD No Task File <==== ATTENTION
Task: {74420A15-36AF-4A79-B872-D2FA4C2CF867} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {8A900A19-7B47-4130-80E1-9A8AC53FE786} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {902457B3-6948-4E9B-A6E1-17E87D28E663} - \AI_Updater No Task File <==== ATTENTION
Task: {C212766C-397F-4508-9154-BD6AB8B53390} - \boosterpop No Task File <==== ATTENTION
Task: {E9EDC4E4-25E1-4D2E-9767-84F4530E096E} - \IEError No Task File <==== ATTENTION
Task: {ED2815DE-78A8-4157-B845-8126022A9D5E} - \Microsoft\Windows\Maintenance\Web Tool Updater No Task File <==== ATTENTION
Task: {F7284458-37C4-43C6-97FF-3F1C93D28D95} - \SMWUpd No Task File <==== ATTENTION
Task: {FF84E867-CE41-44A5-B038-1A94077C2F1A} - \Superclean No Task File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2047625657-3916351942-114977860-1007\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2047625657-3916351942-114977860-1007\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Classes\exefile: "%1" %* <===== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.


How is the computer running now?

#4 mrtaz4u

mrtaz4u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 05 August 2015 - 02:17 PM

Seems to be fixed. ill keep an eye over the next day or so.

 

Thanks again. Much appreciated



#5 mrtaz4u

mrtaz4u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 05 August 2015 - 02:20 PM

Spoke to soon. I just got a pop up from malware bytes blocking tr553.com. I am attaching my logs.

 

Edit:* half hour later. ---> Jabuticaba and pop ups are still happening.

Attached Files


Edited by mrtaz4u, 05 August 2015 - 03:12 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 06 August 2015 - 07:02 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.


Which browser do you normally use?
===

#7 mrtaz4u

mrtaz4u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 06 August 2015 - 09:26 AM

Still getting pop up and the tr553. :(

 

Would wiping the computer and reinstalling windows the best route to go?

 

 

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by bevon on Thu 08/06/2015 at  9:59:32.71.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: A:\Users\bevon.bevon-PC\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
A:\zoek-results2015-08-03-170513.log 45321 bytes
A:\zoek-results2015-08-05-014701.log 113521 bytes
 
==== System Restore Info ======================
 
8/6/2015 10:00:30 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
A:\Program Files\Webroot deleted successfully
A:\Users\work\AppData\Roaming\Apple Computer deleted successfully
A:\Users\bevon.bevon-PC\AppData\Local\VirtualStore deleted successfully
A:\Users\work\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
A:\Windows\SysNative\config\systemprofile\Searches deleted
"A:\PROGRA~2\Raptr\ltc_help32-99265.dll" deleted
"A:\PROGRA~2\Raptr" not deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: A:\Users\BEVON~1.BE~\AppData\Roaming\Mozilla\Firefox\Profiles\b6oxe4pe.default
user_pref("browser.search.defaultenginename.US", "Google");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="A:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn" [04/15/2015 09:03 PM]
 
==== Firefox Extensions ======================
 
AppDir: A:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: A:\Users\bevon.bevon-PC\AppData\Roaming\Mozilla\Firefox\Profiles\b6oxe4pe.default
3C39B899EB79C85746124ABF44B83587 - A:\Users\bevon.bevon-PC\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
 
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.130
 
 
Chrome Hotword Shared Module - bevon.bevon-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
ColorZilla - work\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp
LastPass - work\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
JetBrains IDE Support - work\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhgeddbohgjknpmjagkdomcpobmllji
agar.io server browser - work\AppData\Local\Google\Chrome\User Data\Default\Extensions\hongpdkjnjhijmdnogoicadboadgllhi
Chrome Hotword Shared Module - work\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
BrowserStack Local - work\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfiddfehmfdojjfdpfngagldgaaafcfo
BrowserStack - work\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkihdmlheodkdfojglpcjjmioefjahjb
Harvest Time Tracker - work\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fbpiglieekigmkeebmeohkelfpjjlaia
Page Analytics (by Google) - work\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh
Window Resizer - work\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh
Chrome Hotword Shared Module - work\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Poppit - work\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
Trello - work\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oflhioojkbelepjlnafgmgkkjhojphcg
 
==== Chromium Startpages ======================
 
A:\Users\bevon.bevon-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
cations":1432514886.433951}},"https://www.fandango.com:443,https://www.fandango.com:443":{"geolocation":1,"last_used":{"geolocation":1428165907.312864}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"default_content_settings":{},"exit_type":"Normal","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-DAgP5Fx9fHg/AAAAAAAAAAI/AAAAAAAAAW8/5FM1m8B_Leo/s256-c/photo.jpg","gaia_info_update_time":"13083303582252786","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Default Profile","password_manager_enabled":true,"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"enabled":true,"extended_reporting_enabled":true},"selectfile":{"last_directory":"A:\\Users\\bevon.bevon-PC\\Downloads"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13083217097972433"},"signin":{"signedin_time":"13083217180896275"},"sync":{"memory_warning_count":0,"session_sync_guid":"session_synceXwcuaEv+MLUVvZ/Ia3TcQ==","shutdown_cleanly":false,"suppress_start":false},"sync_promo":{"startup_count":2},"translate_accepted_count":{"cs":0,"de":1,"en":0,"es":0,"fa":1,"fi":1,"fr":3,"he":1,"hr":0,"id":1,"it":0,"ja":3,"ko":1,"ms":0,"nl":0,"pl":2,"pt":2,"ru":1,"tr":0,"und":0,"zh-CN":1,"zh-TW":0},"translate_blocked_languages":["en"],"translate_denied_count_for_language":{"en":2},"translate_whitelists":{"de":"en","fi":"en","fr":"en","id":"en","ko":"en","pt":"en","ru":"en"},"zerosuggest":{"cachedresults":""}}
tps://www.googleapis.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13083342959008562","lastpingday":"13083318004037949","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"en_US","default_locale":"en","description":"Chrome Web Store Payments","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Chrome Web Store Payments","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.2.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.2.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13083342095046018","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/gcm","https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleapis.com/gcm/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"A:\\Program Files (x86)\\Google\\Chrome\\Application\\44.0.2403.130\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"pinned_tabs":[{"url":"https://mail.google.com/mail/u/0/#inbox/14efe484d6f7e522"}],"protection":{"macs":{"browser":{"show_home_button":"E9F2D5D4A37B2D1C8F12C291891821F1A30F24086129DE4AFB9A257980AAB38F"},"default_search_provider":{"keyword":"4585E082BCCF62EE06651E5965BF8A79545C2AA79F33112AAFF7EF4789F79CDB","name":"65CC1B139BEAE409DFE1D445C7960B900A5F28F9222CA7EE22CB2B5068E603FC","search_url":"5920B59105D76EC637AD6E52E138BBB5037AA647436B483C5469891DBAA424A2"},"default_search_provider_data":{"template_url_data":"4A58CDE1CEBAAC14719E3640FC3C9749D07E4096754D220455516B9243624D29"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"73FC09B3D8FFEB3F22D97640D0E09A66799756BD0FECBF82A61C894D5D923FDE","bepbmhgboaologfdajaanbcjmnhjmhfn":"D8AD0CB50DEF451F58900DD75B55D2B677548905436EE50D841A30DDEE54A397","eemcgdkfndhakfknompkggombfjjjeno":"415E7718C00DE55FCF6061B4C929421EE62EE5A6D880823D6E6F3EFB52B681E0","ennkphjdgehloodpbhlhldgbnhmacadg":"82F61D53776A9837CBA568072E8047D56640D560241A81BC89E0112629CE16FC","gfdkimpbcpahaombhbimeihdjnejgicl":"3F6D202125E6FDC057157CFE3AF0FAB261105E00BC7DE3932E343EAE5903DC32","kmendfapggjehodndflmmgagdbamhnfd":"DDDCCBBDC99180BAD8919E9803018C5977F296DB5A878306C599EE4254AEACBB","lccekmodgklaepjeofjdjpbminllajkg":"2214065BB0879B7D0D32E8885512EC3BB371EDB68C977D6CCF31F11C832F67B8","mfehgcgbbipciphmccgaenjidiccnmng":"90AF98C5B42736FF628D3D45201C68E9FAA572C746A6F90C225F03D4A4DCA07F","mfffpogegjflfpflabcdkioaeobkgjik":"2501361B76C6D85CFA0096EE3BFD1FDCAD9A13369E9534A96F6FD0A100C5460E","mgndgikekgjfcpckkfioiadnlibdjbkf":"4307DF11824DC982315577F0DE69FCBB8455CDD7FAD65DBB738BBDE134DC9163","mhjfbmdgcfjbbpaeojofohoefgiehjai":"E5EF803DC4B5074C243BD1DC52BB0AFB329EA0B15511E23A82E9BF4518D3015F","nbpagnldghgfoolbancepceaanlmhfmd":"0F4871A52ABC8C9950341D0AE5ABBED54AB2583CE4F911CBB12B0C369737A600","neajdppkdcdipfabeoofebfddakdcjhd":"1F61EAB6AF7107D9EDD3EDF55A11F11744115E7CB4B33403F3D707E5E5A271F1","nkeimhogjdpnpccoofpliimaahmaaome":"469FEEE63D73C9A5FD8C3190415B2F8310AF40E08B7182E802507E5F02EF1D60","nmmhkkegccagdldgiimedpiccmgmieda":"5EFE3505F52C6D295BE718672DB5E27DC516BEC699A8B683571F390879ECB7A1","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"3BE9D6C4E66061035DCDCEB618892E5FE4E456860C07B5648738950BCAF4923C"}},"google":{"services":{"account_id":"6374411619C0003356CFBB46BAB70224258D47213572469C7F1D741F81B869C7","last_username":"DD68CCB96BA0AE5EDF2931CCF2CE8D29D389016F18FEAED1E7B2FA88C2341E09","username":"8C2DD9B17D03A2AC759F1071B268BC1E1289CFEAAAB63A0A8208DA282DFBFDED"}},"homepage":"B380B8826C5EFD94D913D9D05FC0ECF1C3B6A887F659BB24367E2E98169784B7","homepage_is_newtabpage":"1E54E0181C86FE3D36E9E01418A09E8160C550FA400DB6F475DCAE1B51AF104B","pinned_tabs":"A6D8C8F5A13529A6F67F5A2740F8EA9CC01E67CA66BCA462784B27F0456D7D53","prefs":{"preference_reset_time":"1A647FC64B74ACD409978AC9993C885DF34AF782CE9B6F6CDE84E6EBC6278D41"},"profile":{"reset_prompt_memento":"0558264CA8538B35B57C137690D02B10DCFCFD3D0EF203D2F8815F9599AB1A8D"},"safebrowsing":{"incidents_sent":"8B4995F420494082E1AB6D19014FD7F4F106B5E58C0E4FA7C0D37306C3487A62"},"search_provider_overrides":"5E2BF14700C6AA2A7C39E23590043FC3A0EAAC195DBA5E1EFFCFC112536FFF82","session":{"restore_on_startup":"4AA964E72BE995FF2BDCD6C6633BB4C16139C1747DDC2FA458AF23DC3D6B301A","startup_urls":"97E9E18991A2D87C020506F4D1745ED9678F136ECB4F056B7877526DBF7EDB85"},"software_reporter":{"prompt_reason":"B5BDAF3DE692FC5AAA93BB676499C064280F93806EEE8DEF5650085CE70BB63F","prompt_seed":"3A9E11731CDDCF481DFB080F7B978657E0F2DA0D82F1C87E020D6E21ECAF2215","prompt_version":"58749B9E1CC0416A9C16F8185877FDFC3F4B2866B36B70A7154D1D89BDD601AC"},"sync":{"remaining_rollback_tries":"649FE2F73CF7E11DEEE560A627F3BDDFB1F34ED516585FCF488618D46C323D76"}},"super_mac":"6DC22B530C8C800BC55CB0C09E7850E04C08193DBF1B527F599D29D941B0ADD2"}}
 
A:\Users\work\AppData\Local\Google\Chrome\User Data\Default\Preferences
r9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"account_id":"bfindley@ihealthspot.com","last_username":"bfindley@ihealthspot.com"}},"homepage":"https://www.google.com/","homepage_is_newtabpage":true,"pinned_tabs":[{"url":"https://mail.google.com/mail/u/0/#inbox"},{"url":"https://mail.google.com/mail/u/0/#inbox"},{"url":"http://docs.emmet.io/cheat-sheet/"},{"url":"https://ihealthspot.harvestapp.com/time"},{"url":"https://www.evernote.com/Home.action?_sourcePage=9ksNwwUIdj_iMUD9T65RG_YvRLZ-1eYO3fqfqRu0fynRL_1nukNa4gH1t86pc1SP&__fp=tt6ucG9eRpo3yWPvuidLz-TPR6I9Jhx8&hpts=1438868688515&showSwitchService=true&login=Sign+in&login=true&username=findleyb%40gmail.com&hptsh=v%2B6qDHv5CpsjcckETYDw9oZ5KZQ%3D#n=c205bf1d-e4bc-4e7b-a57b-c35af81fc784&ses=4&sh=2&sds=5&"},{"url":"https://ihealthspot.slack.com/"},{"url":"https://trello.com/c/KIfDSCwe/308-ih-oal-wo#"},{"url":"https://web.whatsapp.com/"}],"protection":{"macs":{"browser":{"show_home_button":"70E4194B33CBEEC21E5346327444D3E0813330090DE981141F50E52E176274B2"},"default_search_provider":{"keyword":"4585E082BCCF62EE06651E5965BF8A79545C2AA79F33112AAFF7EF4789F79CDB","name":"65CC1B139BEAE409DFE1D445C7960B900A5F28F9222CA7EE22CB2B5068E603FC","search_url":"5920B59105D76EC637AD6E52E138BBB5037AA647436B483C5469891DBAA424A2"},"default_search_provider_data":{"template_url_data":"4A58CDE1CEBAAC14719E3640FC3C9749D07E4096754D220455516B9243624D29"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"C6EF0F9D9FB25F43A6DDAA834716E0C41FB3CBA06E0F02DE5AE47ABC84CE31BE","ahfgeienlihckogmohjhadlkjgocpleb":"069E6F6E7A061DE6DF83E472A1A30B3460B253E0ACC1DCC709478C6138E5E601","aohghmighlieiainnegkcijnfilokake":"D4112E91DA0A2BC51E21F6821B96AAF6B2397E170BC0FD38B60EA1F8F4363694","apdfllckaahabafndbhieahigkjlhalf":"01FB9B7A4CD425ABADDA0CDCB3CFCA4BFADDAB2BAAE34710A92B4D3C51B16234","bepbmhgboaologfdajaanbcjmnhjmhfn":"D8AD0CB50DEF451F58900DD75B55D2B677548905436EE50D841A30DDEE54A397","bhlhnicpbhignbdhedgjhgdocnmhomnp":"C0D13C00E0A36DFD0F449900F2CE87D1353EBDDBD197ED5367FDC83904E4DE23","blpcfgokakmgnkcojhhkbfbldkacnbeo":"5FE6521BFE9A755AB7FA0233AD69381C4C968BDFFB86AEFA30FA2922EF24511A","cfhdojbkjhnklbpkdaibdccddilifddb":"9E648FA12A2E9F5B9257AF7221FDDBC49FCBD83E6B47AF830D610CBC2919509A","coobgpohoikkiipiblmjeljniedjpjpf":"8CC05DF4B3FE50D1085FBA838BA28AE123FC5A216D8E06069406F722F2F16AB5","eemcgdkfndhakfknompkggombfjjjeno":"8490B3C681C93BB8388AAF14405EF9B3B2EB45F54FD270012F4BA38BF362F71C","ennkphjdgehloodpbhlhldgbnhmacadg":"371CDC0D4E9F89E30330BF7A8D0EEA2E6D1C014D1814FA6A3A00194F6B88584F","fahmaaghhglfmonjliepjlchgpgfmobi":"DC0C14583BC2D6C976CB65EB06AB5A00F080804A324578EA5A26FE3053F6479C","felcaaldnbdncclmgdcncolpebgiejap":"D0D176ECFFC08254D8374AE714806A9B940BAC8A2BAF9E6E21C556E201B67C82","gfdkimpbcpahaombhbimeihdjnejgicl":"95BF48ECF51D1E26E08892D448EE91B3A47BFEBCB09BA924B33C528581326F27","hdokiejnpimakedhajhdlcegeplioahd":"B7A2FC2E39B31291B7DAC67987BDB9C5F4DFF181E92B8808C70738A733C5E4C8","hmhgeddbohgjknpmjagkdomcpobmllji":"76B9E30F16704518B1BE92B8E10D441C347FB0C8C88BBADB2B6ECCEC67BE6C2E","hongpdkjnjhijmdnogoicadboadgllhi":"2FC8CA4B1200D55F02C6B559FDE03E8AC491D20D9865BBE1D474D488F130A299","icppfcnhkcmnfdhfhphakoifcfokfdhg":"C8C99E1CC656BF18E00B05B97F8B4C228C2F3EDE76E98C54B0A9F58E15A851BD","jlpkojjdgbllmedoapgfodplfhcbnbpn":"C01608F9A055043579251E8AEE5B52A9274E5785FD88BB9061A2C61499152499","kmendfapggjehodndflmmgagdbamhnfd":"AC19B3C5885C19218D7AF17B1CC4698CADC05F1D2F41E1222890E2A7E6739749","lccekmodgklaepjeofjdjpbminllajkg":"4A1483F25962C60F8AA0D820C3A2D3CC1D13A35C1D50F381443621884742E014","mfehgcgbbipciphmccgaenjidiccnmng":"3F9B399B302EDB37DEB6421D152A77E70EE857BFC751CEA869D92F7C2954096A","mfffpogegjflfpflabcdkioaeobkgjik":"130AE2BB77662EE8522796B815C04B88D57F90202CC3E852CB79BF23193F5F20","mfiddfehmfdojjfdpfngagldgaaafcfo":"FAE817DCDA521A4E9B5ECA6EE7E98DE0C9AFBAC988012ACA41BA3AA0AA566EEE","mgndgikekgjfcpckkfioiadnlibdjbkf":"EDC11CFCC142315CEDE6BFA2EA571A2C82F0A9D4A8A74C230BA08C805CF612C8","mhjfbmdgcfjbbpaeojofohoefgiehjai":"127F7E4953458E43DF8CF3439FF085D36C01EBA8D8A6FF12534E40A77C777A50","nbpagnldghgfoolbancepceaanlmhfmd":"B990133970A0B47DDC14DF368D2A6DDA31EAD8FCF286D5562A855145A2FE9438","nckgahadagoaajjgafhacjanaoiihapd":"E3CA9FEC469AE5E0C4496819FB0356864C5C4A3FDF38987D25AC173F760E6C79","neajdppkdcdipfabeoofebfddakdcjhd":"F78C6FDED699D63442403383AADB622BAD245257EAEB01E02339AD3FC5968195","nkeimhogjdpnpccoofpliimaahmaaome":"7AD5896FEDAABBE41A810C6950A5973025D19A454D4B779F87C0F1E9F28F56A7","nkihdmlheodkdfojglpcjjmioefjahjb":"50CBC7F44BF6B288A050F498D6F3D692570CB939017E39EE075DEF3662E721E9","nmmhkkegccagdldgiimedpiccmgmieda":"F8BCE5DEC33C472C0B2E58C60DA0B2AC97176427A547EC6C24D49AE6408F40E9","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"39E52F63FA44D6DA862820040895D883DD594BB4B5ACD899547A70C8850A49D8","pjkljhegncpnkpknbcohdijeoejaedia":"C40FA559562C6FADA2EB7161AC64B03084BC24140B53281BA26C6EC415B18BE3"}},"google":{"services":{"account_id":"DAFA7DF69EF640C578AB826FA1C36651578AC9F3B299908BE4B888D04D0F747C","last_username":"97EA1FE50A609E502D393572B216C32C91D08360656EC763651150D5377F1DB1","username":"8C2DD9B17D03A2AC759F1071B268BC1E1289CFEAAAB63A0A8208DA282DFBFDED"}},"homepage":"89C6D8176330888F1F754BA2BE866B3847B89304926A1518BB11F37274C355EE","homepage_is_newtabpage":"7A1BF3F1E2DFBC1B2B0053349E8F80B765544D10A143EA860611A3E1EE441FC8","pinned_tabs":"8A7C2F33D6DC3597280AC90153579B47F9AC3DE16373D5451BB79AC76BD950E5","prefs":{"preference_reset_time":"1A647FC64B74ACD409978AC9993C885DF34AF782CE9B6F6CDE84E6EBC6278D41"},"profile":{"reset_prompt_memento":"0558264CA8538B35B57C137690D02B10DCFCFD3D0EF203D2F8815F9599AB1A8D"},"safebrowsing":{"incidents_sent":"8B4995F420494082E1AB6D19014FD7F4F106B5E58C0E4FA7C0D37306C3487A62"},"search_provider_overrides":"5E2BF14700C6AA2A7C39E23590043FC3A0EAAC195DBA5E1EFFCFC112536FFF82","session":{"restore_on_startup":"F51FF968621C25A713BEFA7446C0143187870359848116F4C53E6BDA4BA353DF","startup_urls":"E272D2FFDBCC849F801D9BAFB50890B975C056746B37121B66FB56E7952F8613"},"software_reporter":{"prompt_reason":"B5BDAF3DE692FC5AAA93BB676499C064280F93806EEE8DEF5650085CE70BB63F","prompt_seed":"3A9E11731CDDCF481DFB080F7B978657E0F2DA0D82F1C87E020D6E21ECAF2215","prompt_version":"58749B9E1CC0416A9C16F8185877FDFC3F4B2866B36B70A7154D1D89BDD601AC"},"sync":{"remaining_rollback_tries":"626445C2F864C7B91F86CA9BA55F2EBD92720105287ED6B1D5726B2961548845"}},"super_mac":"86E5C8121F11A64DE0B2430673910E09348D6A29032A19A22E33FDC5998ADCBE"},"session":{"restore_on_startup":5,"startup_urls":["https://www.google.com/"]},"sync":{"remaining_rollback_tries":0}}
 
A:\Users\work\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences
incognito_preferences":{},"install_time":"13083276700999976","lastpingday":"13083318003852064","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"account_id":"105765743479485645349","last_username":"seactiononline@gmail.com"}},"homepage":"http://www.claro-search.com/?affID=113597&tt=3712_3&babsrc=HP_clro&mntrId=c43f51d20000000000004ceb42088366","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"70E4194B33CBEEC21E5346327444D3E0813330090DE981141F50E52E176274B2"},"default_search_provider":{"keyword":"4585E082BCCF62EE06651E5965BF8A79545C2AA79F33112AAFF7EF4789F79CDB","name":"65CC1B139BEAE409DFE1D445C7960B900A5F28F9222CA7EE22CB2B5068E603FC","search_url":"5920B59105D76EC637AD6E52E138BBB5037AA647436B483C5469891DBAA424A2"},"default_search_provider_data":{"template_url_data":"4A58CDE1CEBAAC14719E3640FC3C9749D07E4096754D220455516B9243624D29"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"6B1F7CA72B2A2CFED28A8388BC687076A857144A11DE27C8F46E3D286E2CB509","aciahcmjmecflokailenpkdchphgkefd":"8747F75803946F5E4EFEE415C51686D9105AE4069A2FB3D7B2608D98ACF6CDC2","ahfgeienlihckogmohjhadlkjgocpleb":"2CEF2067EB60E29597A75719DDDA220B169D191B010055938F3367AAEB89B184","aohghmighlieiainnegkcijnfilokake":"C7207189EEBF1AFE794E972D9E9C52D66A433A0EC78017435A43AB01B654E31B","apdfllckaahabafndbhieahigkjlhalf":"693B2C1FC5E0870F64455A8679D71B08B4F8B7DEF06E5DB9FF9F4F2F029B48D8","bepbmhgboaologfdajaanbcjmnhjmhfn":"D8AD0CB50DEF451F58900DD75B55D2B677548905436EE50D841A30DDEE54A397","blpcfgokakmgnkcojhhkbfbldkacnbeo":"42A32FE95F34D9F1B06C4F77534700437C310C0CB60D065B0B1639C2343B5DFE","cfhdojbkjhnklbpkdaibdccddilifddb":"479BFDD7884D9E5732F2F762CAF4A512E8E2D66B802E965B9D9049039B09C28B","coobgpohoikkiipiblmjeljniedjpjpf":"CBDEF0CA324E5B8647C1F008D2783C270248FFE8516B3A7D72F49EFE6BF6CCEB","eemcgdkfndhakfknompkggombfjjjeno":"9A6FBA0B0E96A87389AF1E250C145DA507D37BB844B28A4CD6B7C574D80F42BA","ennkphjdgehloodpbhlhldgbnhmacadg":"C8301ADE9716F8B64B486AD15146DD332165ABBDB409981A85ED6241CECB66DF","fbpiglieekigmkeebmeohkelfpjjlaia":"F687990B5A9EE08B66392E679D2D070CFC187602D00AE95766DEC8E7FCA6C9BF","felcaaldnbdncclmgdcncolpebgiejap":"76E17C114C37822889DBCA1C1BAF2FE052581E7B253C96C4A727C399BEC30831","fnbdnhhicmebfgdgglcdacdapkcihcoh":"3B05E777D47717D794C2F71A03FCD89DCF969A4F8DDB4DA527B2845982D6C28E","gfdkimpbcpahaombhbimeihdjnejgicl":"79DE55982C1D85BE5A06A7957F5F85CE17927648AB3BA72EC8DBD60BC734B2F4","ghbmnnjooekpmoecnnnilnnbdlolhkhi":"B39998F62226AAADA557298DE31675A08D1F0CABD560ABA622A5A3984824F086","kkelicaakdanhinjdeammmilcgefonfh":"5B5650E5FB7987332762F1132CB631101FEEAE3D06DA90875A6C6224751F6F48","kmendfapggjehodndflmmgagdbamhnfd":"81DCF00B9A16760F74FAEFC6B24A40180DC8CFC23BB66B723AF457250B221127","laddjnahcdblbgdpbfmlllllmcimepem":"17725AB00828289447FB3301052F07B41FBB31214EA2195C819167AB46C7167F","lccekmodgklaepjeofjdjpbminllajkg":"FD907337766012D2358969E267CB9C39F11150F3FE185E8D90E787B08683A6C8","mcbkbpnkkkipelfledbfocopglifcfmi":"DAB8AC9E366837A4C9FFE650CDD0071C5755939820E35B8DD7BA01EF03FE9224","mfehgcgbbipciphmccgaenjidiccnmng":"6B01F35A2E99D20069E62BD0DA4DB1501BBF42FB3A169E74973377609FB296CE","mfffpogegjflfpflabcdkioaeobkgjik":"DDC26737B8F6FB720D9AE954BCABBED70ED4170B58C208A08DC94F836E7C75B7","mgndgikekgjfcpckkfioiadnlibdjbkf":"6164FCE3BC544D626E8820806D001E5D3F4E407A14AF381F2DEE2EFB97050234","mhjfbmdgcfjbbpaeojofohoefgiehjai":"AD3A210A0CF315735C6C713C65624CD1A2E211F74F76EFC1A966A86BD35593E7","nbpagnldghgfoolbancepceaanlmhfmd":"153DE72079C05DA5DA2448ECCEA20B511ACD0ECA0A3BEFB0E50C09D14BC683ED","neajdppkdcdipfabeoofebfddakdcjhd":"CDC1E6FFFFE0E71154CDAA78C93B29AB6EB828B27CBA222E37F899CDCF6CDBC0","nkeimhogjdpnpccoofpliimaahmaaome":"7C2AC2EF1382FE57BEBC828B42F901C696A96E196A2928562DC4A029B5574BBE","nmmhkkegccagdldgiimedpiccmgmieda":"84ACD4B2E2CB1A98110E880D4807A3735CAE55F041D6C30E6200A9470D900E6F","oflhioojkbelepjlnafgmgkkjhojphcg":"CCF810007407F6F8CC35AA742D79BAD947D5F1674E421B62AED42E7ED553123C","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"D12916C35A8A4A89DFC241E47745E18DC4B051B19ADBBBB1FC2A3E916BEA41D3","pjkljhegncpnkpknbcohdijeoejaedia":"4434259ADFAB5ECC65E436DB08F36C2127809BF54B8C0D298E1F1C022FB6F538"}},"google":{"services":{"account_id":"42C73611D8AC871BABAE1FED300976155023C83C99F51C67E0DDA77A54053D00","last_username":"EEE7480D4642DEBFCC6E437CE5371C5747A389AC437D0C2425BB160AD22DCB34","username":"8C2DD9B17D03A2AC759F1071B268BC1E1289CFEAAAB63A0A8208DA282DFBFDED"}},"homepage":"52784B1612359E048AF7E2ACDC0318CCEFC12040A2C5B431E7856C898868F1FA","homepage_is_newtabpage":"2E5199BA092C990CC694D73435651C45CCC63877612876BD2A7CA25449D0BECC","pinned_tabs":"AAF87C01071CF0E8438F8CEFE0AEAD0E688AABB62571F06BE9DC3459F2721AB3","prefs":{"preference_reset_time":"1A647FC64B74ACD409978AC9993C885DF34AF782CE9B6F6CDE84E6EBC6278D41"},"profile":{"reset_prompt_memento":"0558264CA8538B35B57C137690D02B10DCFCFD3D0EF203D2F8815F9599AB1A8D"},"safebrowsing":{"incidents_sent":"8B4995F420494082E1AB6D19014FD7F4F106B5E58C0E4FA7C0D37306C3487A62"},"search_provider_overrides":"5E2BF14700C6AA2A7C39E23590043FC3A0EAAC195DBA5E1EFFCFC112536FFF82","session":{"restore_on_startup":"34A974ABA24FF19E2CD6BD72DDB74C98BF2BAAF40546C12E5782FB3EF556B349","startup_urls":"D45ADCEBD7DBE8C94C09D3D03B02990D19AD8D7835EE56B1268B045D5D1E0BD2"},"software_reporter":{"prompt_seed":"3A9E11731CDDCF481DFB080F7B978657E0F2DA0D82F1C87E020D6E21ECAF2215","prompt_version":"58749B9E1CC0416A9C16F8185877FDFC3F4B2866B36B70A7154D1D89BDD601AC"},"sync":{"remaining_rollback_tries":"626445C2F864C7B91F86CA9BA55F2EBD92720105287ED6B1D5726B2961548845"}},"super_mac":"480DB16D5D8071B651B6F40F4B0A01874B32884B06543E7C21D2704D4DDDB44F"},"session":{"restore_on_startup":1,"startup_urls":["http://www.google.com/"]},"sync":{"remaining_rollback_tries":0}}
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_CLASSES_ROOT\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{6310F7BE-4600-408A-8B2A-83EEA1C06065} deleted successfully
 
==== Empty IE Cache ======================
 
A:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
A:\Users\bevon.bevon-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
A:\Users\work\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
A:\Users\bevon.bevon-PC\AppData\Local\Mozilla\Firefox\Profiles\b6oxe4pe.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
A:\Users\bevon.bevon-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
A:\Users\work\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
A:\Users\work\AppData\Local\Google\Chrome SxS\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== A:\zoek_backup content ======================
 
A:\zoek_backup (files=875 folders=241 963999061 bytes)
 
==== Empty Temp Folders ======================
 
A:\Users\bevon.bevon-PC\AppData\Local\Temp will be emptied at reboot
A:\Users\Default\AppData\Local\temp emptied successfully
A:\Users\Default User\AppData\Local\temp emptied successfully
A:\Users\koryn\AppData\Local\temp emptied successfully
A:\Users\MSSQL$SQLEXPRESS\AppData\Local\temp emptied successfully
A:\Users\Public\AppData\Local\temp emptied successfully
A:\Users\work\AppData\Local\temp emptied successfully
A:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
A:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
A:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
A:\Windows\Temp successfully emptied
A:\Users\BEVON~1.BE~\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
A:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"A:\PROGRA~2\Raptr"  not found
 
==== EOF on Thu 08/06/2015 at 10:17:40.76 ======================
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 06 August 2015 - 01:15 PM

Before reinstalling windows I would remove Chrome.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

#9 mrtaz4u

mrtaz4u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 06 August 2015 - 01:44 PM

Hi, I did that yesterday. I even did it to firefox. i removed both and reinstalled it. Both still have the pop ups. Even IE. 

 

Thanks for your help. I think its best I just reinstall everything. That way I know I wont have any more problems. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 07 August 2015 - 06:13 AM

Last thing if I'm not to late.

In I/E: http://www.ehow.com/...-off-flash.html
•1 Launch Internet Explorer. Click "Tools" and click "Internet Options." Click the "Programs" tab.

•2 Open the "Manage add-ons" button. Click the drop-down list under "Show" and select "Run without permission."

•3 Click "Shockwave Flash Object" under the "Adobe System Incorporated" section. Click the "Disable" button. Reboot your system.

Disable Flash in IE10 Windows 8.
http://www.eightforums.com/browsers-mail/27982-disable-flash-ie10.html

___

#11 mrtaz4u

mrtaz4u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 07 August 2015 - 06:15 PM

@nasdaq, i tried it but still problems. I just reinstalled windows. Thanks so much for trying. You are awesome. :)



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 08 August 2015 - 07:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users