Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspicion of Malware - (inc FRST LOG)


  • Please log in to reply

#1
cr00901124

cr00901124

    New Member

  • Member
  • Pip
  • 4 posts

I'm temporarily using a family member's laptop (long term).

I was doing a college assignment when a "Dropbox message" popped up - "share your screenshots with Dropbox" - however i didn't admit that screenshot" but there it was when I pasted in paint!! (of my assignment work), i'm worried that there is something malicious like spyware.

"Malwarebytes Home trial" detected 3175 non malware threats (potentially unwanted programs) and quarantined 2485 of them.
The relay chat on this site has advised me to run FRST - please see log below.
And thank you for all help so far!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2016
Ran by Deana (administrator) on DELL1525 (08-10-2016 19:40:55)
Running from C:\Users\Deana\Desktop
Loaded Profiles: Deana (Available Profiles: Deana)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
() C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Arainia Solutions) C:\Program Files\Gizmo\gservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.7.1.32\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.7.1.32\NIS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsui.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Inbox Toolbar\Inbox.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Arainia Solutions) C:\Program Files\Gizmo\gizmo.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.7.1.32\coNatHst.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Splice) C:\Users\Deana\AppData\Local\Apps\2.0\3YP8R2O8.B9W\CV7BRLL5.CBG\spli..tion_7666adb2bba943c5_0000.0000_9bb96b60832102ac\Splice.Install.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Splice) C:\Users\Deana\AppData\Local\Splice\Splice.WinClient\Splice.WinClient.exe
() C:\Users\Deana\AppData\Local\Splice\Splice.WinClient\SpliceUtility.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Deana\AppData\Local\Splice\Splice.WinClient\SpliceUtility.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2008-03-04] (Creative Technology Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-06] (Google)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)
HKLM\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM\...\Run: [fssui] => C:\Program Files\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2008-12-30] (Apple Computer, Inc.)
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2086912 2008-10-09] (Vodafone)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM\...\Run: [HF_G_Jul] => "C:\Program Files\AVG Secure Search\HF_G_Jul.exe"  /DoAction
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758280 2016-06-17] ()
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-10-23] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-10-23] (Google Inc.)
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Run: [Facebook Update] => C:\Users\Deana\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Run: [Dropbox Update] => C:\Users\Deana\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-13] (Dropbox, Inc.)
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Run: [uTorrent] => C:\Users\Deana\AppData\Roaming\uTorrent\uTorrent.exe [2375360 2016-09-30] (BitTorrent Inc.)
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Run: [GizmoDriveDelegate] => C:\Program Files\Gizmo\gizmo.exe [223640 2016-09-30] (Arainia Solutions)
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe [460216 2009-01-16] (Adobe Systems, Inc.)
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: G - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {31e525d3-a0d2-11dd-8f4d-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {35faa898-a1a4-11e5-ab85-00219bf0cada} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {4a920133-ddf2-11de-b145-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {7308fdf3-d671-11dd-b150-00234d946a18} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {7308fdf8-d671-11dd-b150-00234d946a18} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {7308fe04-d671-11dd-b150-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {7308fe05-d671-11dd-b150-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {7308ff5f-d671-11dd-b150-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {9ba9d963-3899-11de-994d-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {9ba9d987-3899-11de-994d-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {9ba9d989-3899-11de-994d-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {9ba9d9a1-3899-11de-994d-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {f35d9154-5e5a-11de-b773-f28d9f3d3f08} - F:\setup_vmc_lite.exe /checkApplicationPresence
AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-06] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2008-10-23]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gizmo.lnk [2016-09-30]
ShortcutTarget: Gizmo.lnk -> C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-03-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2008-10-23]
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Deana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Deana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2008-11-29]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Deana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Splice for Windows.lnk [2016-09-30]
ShortcutTarget: Splice for Windows.lnk -> C:\Users\Deana\AppData\Local\Splice\Splice.WinClient\Splice.WinClient.exe (Splice)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-10-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-10-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0E5D19BB-5339-434F-B09E-91A5E8E3F3AB}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5081023
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://uk.msn.com/
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={AFD04AD7-DB03-45B0-B241-7FB2BF381CCB}&mid=b41d0199dff947d1bc92d168dd142329-931055154b6ad30b546f145fab542c6fe4be2d7b&lang=en&ds=AVG&pr=pr&d=2011-09-28 16:56:46&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} URL = hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=D8FE563001CC333265556490&install_time=2011-06-25T12:24:35Z&src_id=12287&camp_id=2586&tb_version=2.5.20000.3
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=VWuL-VYZgp5nZ1OUaEHblndigxs?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={AFD04AD7-DB03-45B0-B241-7FB2BF381CCB}&mid=b41d0199dff947d1bc92d168dd142329-931055154b6ad30b546f145fab542c6fe4be2d7b&lang=en&ds=AVG&pr=pr&d=2011-09-28 16:56:46&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16] (McAfee, Inc.)
BHO: ALOT Toolbar Helper -> {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} -> C:\Program Files\alot\bin\BHO\alotBHO.dll [2011-04-20] (Vertro)
BHO: No Name -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-16] (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
Toolbar: HKLM - ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll [2011-04-20] (Vertro)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-16] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553570000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default [2016-10-08]
FF NewTab: Mozilla\Firefox\Profiles\hbyc7tgm.default -> hxxp://search.myemailxp.com?uid=undefined&uc=undefined&source=pd_gs_email_hotmail_p&page=newtab&implementation_id=Email_xp_0.0.2
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hbyc7tgm.default -> Yahoo!
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\hbyc7tgm.default -> Ask.com
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hbyc7tgm.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\hbyc7tgm.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
hxxp://search.myemailxp.com?uid=undefined&uc=undefined&source=pd_gs_email_hotmail_p&page=homepage&implementation_id=Email_xp_0.0.2
FF NetworkProxy: Mozilla\Firefox\Profiles\hbyc7tgm.default -> type", 2
FF Extension: (Firefox Hotfix) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\[email protected] [2016-09-30]
FF Extension: (No Name) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\[email protected] [2016-10-08] [not signed]
FF Extension: (My Email XP) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\[email protected] [2015-07-09] [not signed]
FF Extension: (ALOT Toolbar) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\[email protected] [2012-04-25] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-11-10] [not signed]
FF Extension: (No Name) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2016-10-08] [not signed]
FF Extension: (No Name) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2016-10-08] [not signed]
FF SearchPlugin: C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\searchplugins\ask-search.xml [2014-04-05]
FF SearchPlugin: C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\searchplugins\inbox-search.xml [2015-07-09]
FF SearchPlugin: C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\searchplugins\search.xml [2015-07-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.7.1.32\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.7.1.32\coFFAddon [2016-09-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-02] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-01-16] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-02-27] (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-16] (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-10] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1504278732-3331403366-2529910698-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Deana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1504278732-3331403366-2529910698-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Deana\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-07-30] (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U23) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Deana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Deana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Deana\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Deana\AppData\Local\Google\Chrome\User Data\Default [2016-10-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Deana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-09-30]
CHR Extension: (uTorrentControl_v2) - C:\Users\Deana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2015-12-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Deana\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Deana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-29]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-06-17] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-12-18] (Macrovision Europe Ltd.) [File not signed]
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [451904 2009-10-28] ()
R2 Gizmo Central; C:\Program Files\Gizmo\gservice.exe [34728 2016-09-30] (Arainia Solutions)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-06] (Google)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-10-23] (Citrix Online, a division of Citrix Systems, Inc.)
S2 gupdate1c9ac7b3e3f9900; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-07-09] (Google Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\22.7.1.32\NIS.exe [289080 2016-08-16] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-09-12] (IBM Corp.)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-10-09] (Vodafone) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\22.7.1.32\Definitions\BASHDefs\20160521.001\BHDrvx86.sys [1317624 2016-08-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1607010.020\ccSetx86.sys [137456 2016-08-10] (Symantec Corporation)
R1 GizmoDrv; C:\Windows\system32\Drivers\GizmoDrv.sys [25488 2016-09-30] (Arainia Solutions LLC)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\22.7.1.32\Definitions\IPSDefs\20160803.001\IDSVix86.sys [667352 2016-08-10] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1609053.sys [775592 2016-09-30] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [328808 2016-09-12] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [101992 2016-09-12] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [257608 2016-09-12] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [407880 2016-09-12] (IBM Corp.)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1607010.020\SRTSP.SYS [626416 2016-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1607010.020\SRTSPX.SYS [42744 2016-08-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NIS\1607010.020\SYMEFASI.SYS [1289944 2016-08-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [88312 2016-09-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1607010.020\Ironx86.SYS [230648 2016-08-10] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1607010.020\SYMTDIV.SYS [351416 2016-08-10] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\22.7.1.32\Definitions\SDSDefs\20160911.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\22.7.1.32\Definitions\SDSDefs\20160911.001\NAVEX15.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-08 19:40 - 2016-10-08 19:43 - 00038373 _____ C:\Users\Deana\Desktop\FRST.txt
2016-10-08 19:39 - 2016-10-08 19:40 - 00000000 ____D C:\FRST
2016-10-08 19:34 - 2016-10-08 19:36 - 01755136 _____ (Farbar) C:\Users\Deana\Desktop\FRST.exe
2016-10-08 19:33 - 2016-10-08 19:34 - 01755136 _____ (Farbar) C:\Users\Deana\Downloads\FRST.exe
2016-10-08 15:50 - 2016-10-08 15:50 - 00000000 ____D C:\Users\Deana\Desktop\Vocals
2016-10-08 15:22 - 2016-10-08 15:23 - 00000000 ____D C:\Users\Deana\Desktop\Pads
2016-10-08 15:08 - 2016-10-08 15:16 - 00000000 ____D C:\Users\Deana\Desktop\Strings
2016-10-08 15:00 - 2016-10-08 15:08 - 00000000 ____D C:\Users\Deana\Desktop\Keys
2016-10-08 14:54 - 2016-10-08 15:00 - 00000000 ____D C:\Users\Deana\Desktop\Bass
2016-10-08 14:45 - 2016-10-08 14:53 - 00000000 ____D C:\Users\Deana\Desktop\Guitar
2016-10-08 14:36 - 2016-10-08 14:44 - 00000000 ____D C:\Users\Deana\Desktop\FX
2016-10-08 14:16 - 2016-10-08 14:31 - 00000000 ____D C:\Users\Deana\Desktop\synth
2016-10-08 14:12 - 2016-10-08 14:13 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-08 14:09 - 2016-10-08 14:09 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-08 14:09 - 2016-10-08 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-08 14:09 - 2016-10-08 14:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-08 14:09 - 2016-10-08 14:09 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-08 14:09 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-08 14:09 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-08 14:09 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-08 13:59 - 2016-10-08 14:00 - 22851472 _____ (Malwarebytes ) C:\Users\Deana\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-08 12:44 - 2016-10-08 13:06 - 00000000 ____D C:\Users\Deana\Desktop\Perc n Voc
2016-10-08 12:16 - 2016-10-08 12:17 - 00000000 ____D C:\Users\Deana\Desktop\Drums
2016-10-08 11:48 - 2016-10-08 11:49 - 00000000 ____D C:\Users\Deana\AppData\Local\Splice
2016-10-08 11:46 - 2016-10-08 11:46 - 07752616 _____ (Splice) C:\Users\Deana\Downloads\install-splice (1).exe
2016-10-08 11:37 - 2016-10-08 11:56 - 00000000 ____D C:\Users\Deana\Documents\Splice
2016-10-07 16:06 - 2016-10-07 16:06 - 00000000 ____D C:\Users\Deana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-06 01:49 - 2016-10-06 01:49 - 00009414 _____ C:\Users\Deana\Downloads\badges.zip
2016-10-06 01:22 - 2016-10-06 01:22 - 03703230 _____ C:\Users\Deana\Desktop\Exhibition-Guide-Compose-Manchester16-Digital-Version.pdf
2016-10-06 01:02 - 2016-10-06 01:02 - 00002285 _____ C:\Users\Deana\Downloads\UCAS_-_Compose_your_Future_Manchester.ics
2016-10-05 13:07 - 2016-10-05 13:07 - 00103689 _____ C:\Users\Deana\Desktop\all_birth_adoption_cert_form_d.pdf
2016-10-05 10:08 - 2016-10-05 11:05 - 00000000 ____D C:\Users\Deana\Desktop\Rexed
2016-10-05 09:54 - 2016-10-08 10:26 - 00000000 ____D C:\Users\Deana\AppData\Local\{39AE295A-08FB-4242-BEFE-F6ACA0F92D4E}
2016-10-04 15:18 - 2016-10-04 15:18 - 00000000 ____D C:\Users\Deana\AppData\Local\{6A69DB40-1286-4DA1-AA25-6AC93F6EAA02}
2016-10-04 14:47 - 2016-10-04 14:47 - 00000754 _____ C:\Users\Deana\Desktop\odd bars.txt
2016-10-04 03:25 - 2016-10-04 03:25 - 00085533 _____ C:\Users\Deana\Downloads\Desolation-Music-by-Callum-Rawlinson.pdf
2016-10-04 03:23 - 2016-10-04 03:23 - 00085533 _____ C:\Users\Deana\Desktop\Desolation - Music by Callum Rawlinson.pdf
2016-10-04 03:19 - 2016-10-04 03:23 - 00000952 _____ C:\Users\Deana\AppData\Roaming\midisheetmusic.config.ini
2016-10-04 03:19 - 2016-10-04 03:19 - 00084901 _____ C:\Users\Deana\Desktop\Be You.pdf
2016-10-04 03:13 - 2016-10-04 03:13 - 01404928 _____ C:\Users\Deana\Desktop\MidiSheetMusic-2.6.exe
2016-10-04 03:12 - 2016-10-04 03:12 - 00003432 _____ C:\Users\Deana\Desktop\Desolation - Music by Callum Rawlinson.mid
2016-10-04 03:11 - 2016-07-11 06:40 - 02072064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-04 03:08 - 2016-07-11 08:00 - 01260032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-04 00:00 - 2016-07-15 22:32 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-04 00:00 - 2016-07-15 22:31 - 12841472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-04 00:00 - 2016-07-15 22:29 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-04 00:00 - 2016-07-15 22:27 - 09755136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-04 00:00 - 2016-07-15 22:27 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-04 00:00 - 2016-07-15 22:27 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-04 00:00 - 2016-07-15 22:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-04 00:00 - 2016-07-15 22:26 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-04 00:00 - 2016-07-15 22:25 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-04 00:00 - 2016-07-15 22:25 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-04 00:00 - 2016-07-15 22:25 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-04 00:00 - 2016-07-15 22:25 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-04 00:00 - 2016-07-15 22:25 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-10-04 00:00 - 2016-07-15 22:25 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-04 00:00 - 2016-07-15 22:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-04 00:00 - 2016-07-15 22:25 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-10-04 00:00 - 2016-07-15 22:25 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-10-04 00:00 - 2016-07-15 22:24 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-04 00:00 - 2016-07-15 22:24 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-04 00:00 - 2016-07-15 22:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-04 00:00 - 2016-07-15 22:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-04 00:00 - 2016-07-15 22:24 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-10-03 19:48 - 2016-10-03 19:50 - 00000000 ____D C:\Users\Deana\Desktop\chord stuff
2016-10-02 19:02 - 2016-10-02 19:02 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-01 16:19 - 2016-10-03 16:57 - 58581334 _____ C:\Users\Deana\Desktop\Trap.wav
2016-10-01 14:26 - 2016-10-01 14:26 - 00000992 _____ C:\Users\Deana\Desktop\Alesis V25 Editor.lnk
2016-10-01 14:26 - 2016-10-01 14:26 - 00000000 ____D C:\Users\Deana\Documents\Alesis
2016-10-01 14:26 - 2016-10-01 14:26 - 00000000 ____D C:\Users\Deana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alesis V25 Editor
2016-10-01 14:25 - 2016-10-01 14:26 - 00000000 ____D C:\Program Files\Alesis
2016-10-01 14:25 - 2016-10-01 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alesis
2016-10-01 14:24 - 2016-10-01 14:24 - 00000000 ____D C:\ProgramData\inMusic
2016-10-01 14:21 - 2016-10-01 14:21 - 16916718 _____ C:\Users\Deana\Downloads\Install_Alesis_V25_FirmwareUpdateWin_1.0.0.9.zip
2016-10-01 14:21 - 2016-10-01 14:21 - 00000000 ____D C:\Users\Deana\Downloads\Install_Alesis_V25_FirmwareUpdateWin_1.0.0.9
2016-10-01 14:21 - 2016-10-01 14:21 - 00000000 ____D C:\Users\Deana\Downloads\alesis_v25_editor_v1.0.4_pc
2016-10-01 14:20 - 2016-10-01 14:21 - 05662032 _____ C:\Users\Deana\Downloads\alesis_v25_editor_v1.0.4_pc.zip
2016-09-30 23:38 - 2016-10-05 19:32 - 00000000 ____D C:\Users\Deana\Desktop\Dank
2016-09-30 22:35 - 2016-10-04 22:51 - 00000000 ____D C:\Users\Deana\Desktop\splice2
2016-09-30 22:26 - 2016-09-30 22:26 - 01738662 _____ C:\Users\Deana\Desktop\TB_90_GUITAR_LOOP_B_018.rx2.rx2
2016-09-30 22:23 - 2016-09-30 22:23 - 00000241 _____ C:\Users\Deana\Desktop\TB_90_GUITAR_LOOP_B_018.mid.mid
2016-09-30 22:13 - 2016-09-30 22:13 - 00000874 _____ C:\Users\Public\Desktop\ReCycle.lnk
2016-09-30 22:11 - 2016-09-30 22:12 - 00000000 ____D C:\Users\Deana\Desktop\recycle2
2016-09-30 22:10 - 2016-09-30 22:10 - 00000000 ____D C:\Users\Deana\Desktop\recycle
2016-09-30 22:08 - 2016-09-30 22:08 - 00000000 ____D C:\Users\Deana\AppData\Roaming\WinRAR
2016-09-30 22:08 - 2016-09-30 22:08 - 00000000 ____D C:\Users\Deana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-30 22:08 - 2016-09-30 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-30 22:08 - 2016-09-30 22:08 - 00000000 ____D C:\Program Files\WinRAR
2016-09-30 22:07 - 2016-09-30 22:08 - 01962408 _____ C:\Users\Deana\Downloads\wrar540.exe
2016-09-30 22:01 - 2016-09-30 22:01 - 00000000 ____D C:\Users\Deana\Downloads\Propellerhead Recycle v2.2.3 Full WiN - UGET [deepstatus]
2016-09-30 20:39 - 2016-09-30 20:39 - 00406528 _____ (Propellerhead Software AB) C:\Windows\system32\ReWire.dll
2016-09-30 20:39 - 2016-09-30 20:39 - 00338432 _____ (Propellerhead Software AB) C:\Windows\system32\REX Shared Library.dll
2016-09-30 20:32 - 2016-09-30 20:39 - 00000000 ____D C:\Users\Deana\AppData\Local\SpliceSettings
2016-09-30 20:30 - 2016-10-08 11:48 - 00000000 ____D C:\Users\Deana\AppData\Local\SquirrelTemp
2016-09-30 20:27 - 2016-10-01 14:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-30 20:22 - 2016-09-30 20:39 - 00000000 ____D C:\Users\Deana\Desktop\Splice
2016-09-30 20:22 - 2016-09-30 20:22 - 00000000 ____D C:\Users\Deana\AppData\Local\IsolatedStorage
2016-09-30 20:21 - 2016-09-30 20:19 - 06503984 _____ (Microsoft Corporation) C:\Users\Deana\Desktop\vcredist_x86.exe
2016-09-30 20:18 - 2016-09-30 20:18 - 00009663 _____ C:\Users\Deana\Downloads\Splice.Install.application
2016-09-30 20:15 - 2016-09-30 20:34 - 00000000 ____D C:\Users\Deana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice
2016-09-30 20:13 - 2016-09-30 22:13 - 00000000 ____D C:\Users\Deana\AppData\Roaming\Propellerhead Software
2016-09-30 20:13 - 2016-09-30 20:39 - 00000000 ____D C:\ProgramData\Propellerhead Software
2016-09-30 20:11 - 2016-10-08 11:37 - 00000000 ____D C:\Users\Deana\AppData\Local\Deployment
2016-09-30 20:11 - 2016-09-30 20:11 - 00000000 ____D C:\Users\Deana\AppData\Local\Apps\2.0
2016-09-30 20:07 - 2016-09-30 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2016-09-30 20:07 - 2016-09-30 20:07 - 00000864 _____ C:\Users\Public\Desktop\Reason.lnk
2016-09-30 20:05 - 2016-09-30 20:06 - 00538504 _____ () C:\Users\Deana\Downloads\install-splice.exe
2016-09-30 19:52 - 2016-09-30 22:13 - 00000000 ____D C:\Program Files\Propellerhead
2016-09-30 19:32 - 2016-09-30 19:50 - 00000000 ____D C:\Users\Deana\Documents\Gizmo
2016-09-30 19:32 - 2016-09-30 19:32 - 00025488 _____ (Arainia Solutions LLC) C:\Windows\system32\Drivers\gizmodrv.sys
2016-09-30 19:32 - 2016-09-30 19:32 - 00000826 _____ C:\Users\Public\Desktop\Gizmo.lnk
2016-09-30 19:32 - 2016-09-30 19:32 - 00000000 ____D C:\Users\Deana\AppData\Roaming\Gizmo
2016-09-30 19:32 - 2016-09-30 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gizmo Central
2016-09-30 19:32 - 2016-09-30 19:32 - 00000000 ____D C:\Program Files\Gizmo
2016-09-30 19:29 - 2016-09-30 19:30 - 08095640 _____ (Arainia Solutions) C:\Users\Deana\Downloads\gizmo-279-setup.exe
2016-09-30 19:18 - 2016-09-30 19:18 - 00000000 ____D C:\Users\Deana\AppData\LocalLow\Oracle
2016-09-30 19:06 - 2016-09-30 19:29 - 00000000 ____D C:\Users\Deana\Downloads\Propellerhead Reason 5
2016-09-30 19:05 - 2016-09-30 19:05 - 00000000 ____D C:\Users\Deana\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2016-09-30 19:04 - 2016-10-08 12:57 - 00000000 ____D C:\Users\Deana\AppData\Roaming\uTorrent
2016-09-30 19:04 - 2016-09-30 19:04 - 00002587 _____ C:\Users\Deana\Desktop\µTorrent.lnk
2016-09-30 19:04 - 2016-09-30 19:04 - 00002587 _____ C:\Users\Deana\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-09-30 19:03 - 2016-09-30 19:03 - 02375360 _____ (BitTorrent Inc.) C:\Users\Deana\Downloads\uTorrent (1).exe
2016-09-30 18:58 - 2016-09-30 18:58 - 02376392 _____ (BitTorrent Inc.) C:\Users\Deana\Downloads\BitTorrent.exe
2016-09-30 18:40 - 2016-09-30 18:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-09-30 18:13 - 2016-09-30 18:13 - 00000000 ____D C:\Users\Deana\Downloads\Reason_711_without_soundbanks
2016-09-30 17:57 - 2016-09-30 17:57 - 00000861 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-30 17:57 - 2016-09-30 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-09-30 17:55 - 2016-09-30 17:55 - 00000000 ____D C:\Program Files\VideoLAN
2016-09-30 17:54 - 2016-09-30 13:25 - 09525724 _____ C:\Users\Deana\Desktop\Skaggae 120bpm.wav
2016-09-30 17:53 - 2016-09-30 17:54 - 30533688 _____ C:\Users\Deana\Downloads\vlc-2.2.4-win32.exe
2016-09-30 17:42 - 2016-09-30 18:03 - 1083230812 _____ C:\Users\Deana\Downloads\Reason_711_without_soundbanks.zip
2016-09-12 20:21 - 2016-09-12 20:21 - 00257608 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2016-09-12 20:21 - 2016-09-12 20:21 - 00101992 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades.sys
2016-09-11 20:46 - 2016-09-11 20:46 - 00016384 _____ C:\Users\Deana\Documents\amended costings.xlr
2016-09-11 14:47 - 2016-09-11 14:47 - 00006738 _____ C:\Users\Deana\Downloads\renderConfirmation.htm
2016-09-11 14:22 - 2016-09-11 14:22 - 00017408 _____ C:\Users\Deana\Documents\cost 2016 send.xlr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-08 19:44 - 2009-06-29 14:57 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-08 19:31 - 2015-07-09 10:00 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000UA.job
2016-10-08 19:31 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-08 19:31 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-08 19:30 - 2012-04-15 15:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-08 18:56 - 2011-11-22 16:32 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000UA.job
2016-10-08 16:14 - 2013-05-27 16:22 - 00000000 ___RD C:\Users\Deana\Dropbox
2016-10-08 15:56 - 2011-11-22 16:32 - 00000904 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000Core.job
2016-10-08 15:25 - 2012-04-12 15:54 - 00000000 ____D C:\Users\Deana\AppData\Roaming\vlc
2016-10-08 15:19 - 2012-09-30 09:19 - 00000000 ____D C:\Users\Deana\AppData\LocalLow\uTorrentControl_v2
2016-10-08 15:19 - 2012-09-30 09:18 - 00000000 ____D C:\Program Files\uTorrentControl_v2
2016-10-08 15:18 - 2011-06-25 13:24 - 00000000 ____D C:\Program Files\PriceGong
2016-10-08 15:17 - 2013-03-27 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
2016-10-08 15:17 - 2013-03-27 17:13 - 00000000 ____D C:\Program Files\Inbox Toolbar
2016-10-08 15:17 - 2012-09-30 09:19 - 00000000 ____D C:\Users\Deana\AppData\Local\CRE
2016-10-08 14:31 - 2015-07-09 10:00 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000Core.job
2016-10-08 11:50 - 2009-03-22 15:11 - 00000820 _____ C:\Windows\Tasks\Google Software Updater.job
2016-10-08 11:44 - 2009-06-29 14:57 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-07 16:07 - 2013-05-27 16:17 - 00000000 ____D C:\Users\Deana\AppData\Roaming\Dropbox
2016-10-07 16:07 - 2009-04-12 21:16 - 00000680 _____ C:\Users\Deana\AppData\Local\d3d9caps.dat
2016-10-04 17:22 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-10-04 17:22 - 2006-11-02 11:33 - 00762822 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-04 17:15 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-04 17:00 - 2006-11-02 14:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-04 16:57 - 2010-11-25 18:38 - 00000000 ____D C:\Users\Deana\AppData\Local\CrashDumps
2016-10-04 15:26 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2016-10-04 15:04 - 2006-11-02 13:47 - 00306016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-02 12:30 - 2012-04-15 15:19 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-02 12:30 - 2011-07-23 16:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-02 12:30 - 2008-10-23 13:32 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-30 23:09 - 2015-07-09 10:00 - 00000000 ____D C:\Users\Deana\AppData\Local\Dropbox
2016-09-30 20:09 - 2011-06-25 13:24 - 00000000 ____D C:\Users\Deana\AppData\LocalLow\PriceGong
2016-09-30 18:48 - 2014-04-05 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-09-30 18:48 - 2013-03-27 17:13 - 00000000 ____D C:\Users\Deana\AppData\LocalLow\Inbox Toolbar
2016-09-30 18:44 - 2013-01-20 19:37 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2016-09-30 18:40 - 2013-01-20 19:39 - 00002133 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2016-09-30 18:38 - 2013-01-20 19:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-09-30 17:34 - 2016-07-30 13:56 - 00000000 ____D C:\Users\Deana\AppData\Local\{9F94D08D-4201-4534-82E5-4913EA4ECAE8}
2016-09-11 23:40 - 2016-07-24 16:39 - 00000000 ____D C:\Users\Deana\Documents\meat mains costing
2016-09-11 23:30 - 2008-11-21 18:28 - 00012956 _____ C:\Users\Deana\AppData\Roaming\wklnhst.dat
2016-09-11 22:27 - 2016-07-24 16:36 - 00000000 ____D C:\Users\Deana\Documents\Veg mains costings
2016-09-11 20:48 - 2016-07-24 22:28 - 00000000 ____D C:\Users\Deana\Documents\potato & Carb sides costings
2016-09-11 20:48 - 2016-07-21 19:34 - 00016384 _____ C:\Users\Deana\Downloads\Dees costings no gp.xls
2016-09-11 17:23 - 2009-10-25 19:02 - 00000000 ____D C:\ProgramData\Norton
2016-09-11 17:22 - 2013-01-20 19:39 - 00088312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2016-09-11 17:22 - 2013-01-20 19:39 - 00008234 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2016-09-11 17:21 - 2013-01-20 19:37 - 00000000 ____D C:\Program Files\Norton Internet Security
2016-09-11 17:20 - 2009-10-25 19:01 - 00000000 ____D C:\Program Files\NortonInstaller
2016-09-11 17:18 - 2010-06-13 16:39 - 00000000 ____D C:\Users\Public\Downloads\Norton
 
==================== Files in the root of some directories =======
 
2016-10-04 03:19 - 2016-10-04 03:23 - 0000952 _____ () C:\Users\Deana\AppData\Roaming\midisheetmusic.config.ini
2008-11-21 18:28 - 2016-09-11 23:30 - 0012956 _____ () C:\Users\Deana\AppData\Roaming\wklnhst.dat
2010-11-25 19:26 - 2010-11-25 19:26 - 0000552 _____ () C:\Users\Deana\AppData\Local\d3d8caps.dat
2009-04-12 21:16 - 2016-10-07 16:07 - 0000680 _____ () C:\Users\Deana\AppData\Local\d3d9caps.dat
2008-11-24 12:42 - 2012-09-30 12:28 - 0035840 _____ () C:\Users\Deana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-19 14:11 - 2011-06-01 19:58 - 0001940 _____ () C:\Users\Deana\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2008-08-20 17:45 - 2008-08-20 17:45 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml
2008-09-22 15:21 - 2008-09-22 15:21 - 0127092 ____R () C:\ProgramData\DeviceManager.xml.rc4
 
Files to move or delete:
====================
C:\Users\Deana\install_flash_player.exe
 
 
Some files in TEMP:
====================
C:\Users\Deana\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Deana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_cexrd.dll
C:\Users\Deana\AppData\Local\Temp\install-splice.exe
C:\Users\Deana\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Deana\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Deana\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Deana\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Deana\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Deana\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Deana\AppData\Local\Temp\setup.exe
C:\Users\Deana\AppData\Local\Temp\TB_2CB1.exe
C:\Users\Deana\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Deana\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Deana\AppData\Local\Temp\{2155F2E7-0A81-4B8B-AD85-9BAA59C358BB}-GoogleToolbarInstaller_updater_signed.exe
C:\Users\Deana\AppData\Local\Temp\{358A8272-C5C9-455F-96F0-7E7631AD9316}-DropboxClient_5.4.24.exe
C:\Users\Deana\AppData\Local\Temp\{D0210D52-E7B2-429A-A530-D6AF5269CA84}-GoogleUpdateSetup.exe
C:\Users\Deana\AppData\Local\Temp\~spA66F.tmp.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-04 17:30
 
==================== End of FRST.txt ============================
 
 
 
 
ADDITIONAL.
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-10-2016
Ran by Deana (08-10-2016 19:45:25)
Running from C:\Users\Deana\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-10-23 07:20:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1504278732-3331403366-2529910698-500 - Administrator - Disabled)
Deana (S-1-5-21-1504278732-3331403366-2529910698-1000 - Administrator - Enabled) => C:\Users\Deana
Guest (S-1-5-21-1504278732-3331403366-2529910698-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
Alesis V25 Editor (HKLM\...\V25Editor) (Version:  - )
ALOT Toolbar (HKLM\...\alotToolbar) (Version:  - ALOT) <==== ATTENTION
ALWIL Software Security 4.8.1296.0 (HKLM\...\ALWIL Software Security 4.8.1296.0) (Version:  - )
Amazing Adventures The Lost Tomb 1.0.0.5 (HKLM\...\Amazing Adventures The Lost Tomb 1.0.0.5) (Version:  - )
Bejeweled 2 Deluxe 1.1 (HKLM\...\Bejeweled 2 Deluxe 1.1) (Version:  - )
Bejeweled Blitz (HKLM\...\Bejeweled Blitz) (Version:  - PopCap Games)
Big Fish Games Client (HKLM\...\BFGC) (Version: 1.2.5.17 - )
Big Kahuna Words (HKLM\...\Big Kahuna Words_is1) (Version:  - )
Bing Bar (HKLM\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Chuzzle Deluxe 1.01 (HKLM\...\Chuzzle Deluxe 1.01) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.74.00 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.103.4 - Alps Electric)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.13 - Dell Inc.)
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Dropbox (HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Dropbox) (Version: 11.4.22 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FlipShare (HKLM\...\{4ACBE725-9800-54D0-4B4B-4B1BD3E97E7E}) (Version: 4.1.4.50640 - Flip Video)
Gizmo Central (HKLM\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth (HKLM\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
GrandPrix Championship 2 (HKLM\...\{8F66B207-0241-4D0E-8F8E-DB20D8B939C3}) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Margrave Manor (HKLM\...\Margrave Manor) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Crimson Skies (HKLM\...\Crimson Skies 1.0) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.24.0 - Dell)
Mozilla Firefox 43.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-GB)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery in London ™ (HKLM\...\BFG-Mystery in London) (Version:  - )
Mystery P.I. - The Lottery Ticket 1.0.0.5 (HKLM\...\Mystery P.I. - The Lottery Ticket 1.0.0.5) (Version:  - )
Mysteryville 2 (remove only) (HKLM\...\Mysteryville 2) (Version:  - )
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
Norton Internet Security (HKLM\...\NIS) (Version: 22.7.1.32 - Symantec Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.0 (HKLM\...\{92B79901-C57D-409F-8D2F-4E5337383569}) (Version: 3.0.9358 - OpenOffice.org)
Opera 9.63 (HKLM\...\{1BC4026B-1957-4514-9058-2B542557F143}) (Version: 9.63 - Opera Software ASA)
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Plato DVD Ripper Professional 6.66.14 (HKLM\...\Plato DVD Ripper Professional_is1) (Version:  - Plato Global Creativity)
Prism Video File Converter (HKLM\...\Prism) (Version:  - NCH Software)
QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
QuickTime (HKLM\...\QuickTime) (Version:  - )
Rapport (Version: 3.5.1609.100 - Trusteer) Hidden
Reason 5.0 (HKLM\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
ReCycle 2.2.3 (HKLM\...\ReCycle2.2_32_is1) (Version: 2.2.3 - Propellerhead Software AB)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
SAMSUNG CDMA Modem Driver Set (HKLM\...\SAMSUNG CDMA Modem) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.0.0.60203 - Samsung Electronics Co., Ltd.)
Samsung PC Studio (Version: 3.0.0.60203 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Splice for Windows (HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\6dc0c1241910b832) (Version: 0.0.1.79 - Splice)
Splice Windows Client (HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Splice) (Version: 1.2.22 - Splice)
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
The Official DSA Theory Test for Motorcyclists (HKLM\...\InstallShield_{B138D49F-B412-4B4A-9198-374EE0D593B7}) (Version: 1.4.1 - Driving Standards Agency)
The Official DSA Theory Test for Motorcyclists (Version: 1.4.1 - Driving Standards Agency) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1609.100 - Trusteer)
V25 Firmware Updater 1.0.0  (HKLM\...\{4F32B54C-C555-46BF-A7EF-DA3300E9C675}) (Version: 1.0.0 - Alesis)
vast DVD Ripper version 1.9.0.0 (HKLM\...\vast DVD Ripper_is1) (Version:  - )
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version:  - Sakar)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.5.11690 - Vodafone)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinX Free DVD Ripper 4.5.14 (HKLM\...\WinX Free DVD Ripper_is1) (Version:  - Digiarty Software,Inc.)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Deana\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Deana\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\Deana\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Deana\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\1.3.27.77\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Deana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{DE9AD55E-D493-4FA0-9B3F-E9CA5DB7EBD6}\InprocServer32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\1.3.27.77\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Deana\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\1.3.27.77\psuser.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1A62DE1A-5A22-42BD-8269-929DA77A2AE8} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-11-06] (Google) <==== ATTENTION
Task: {446409D5-9E1F-4AD8-A568-198FA369E266} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000Core => C:\Users\Deana\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-13] (Dropbox, Inc.)
Task: {55B2F342-06F2-4F16-BC84-EC2885E9D65F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-09] (Google Inc.)
Task: {59A241DE-06C5-4949-8BEB-01BADC034CAA} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files\Gizmo\gizmo.exe [2016-09-30] (Arainia Solutions)
Task: {7959F03D-F292-4552-8C89-5B87EB44CD29} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe [2011-06-25] (NCH Software)
Task: {9BFA9261-ABCD-49BB-A5B0-D7BC80F89142} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000Core => C:\Users\Deana\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {9C17C86A-44F4-4573-B273-053E40CE872A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000UA => C:\Users\Deana\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {A1FDDA0A-9E94-4149-9294-C38BC191D3E9} - System32\Tasks\NCH Software\prismShakeIcon => C:\Program Files\NCH Software\Prism\Prism.exe [2011-06-25] (NCH Software)
Task: {B258D9B0-D4B5-4527-9C50-78B5875F5496} - System32\Tasks\{AFA339AA-DCBC-4377-BF89-F7B5EDEB9324} => pcalua.exe -a C:\Users\Deana\Desktop\LimeWireWin.exe -d C:\Users\Deana\Desktop
Task: {BC33CF59-E03C-4F7B-8DA7-F13C509B147E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-09] (Google Inc.)
Task: {C2365EA3-6645-477F-A03C-0252FB6DB4E7} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {CD8C619B-9ABD-425C-BDC4-CA0AB2254232} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {EAF24003-5421-477E-9D7B-8F5AC601EC30} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {EC2DCE9D-73D4-460C-B336-5B3B3FCD134E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-02] (Adobe Systems Incorporated)
Task: {EF53A72B-182A-4506-BCF3-DEE7B71C0F84} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000UA => C:\Users\Deana\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-13] (Dropbox, Inc.)
Task: {F51240AE-93FE-4E88-B9F4-253E17DE539C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000Core.job => C:\Users\Deana\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000UA.job => C:\Users\Deana\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000Core.job => C:\Users\Deana\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1504278732-3331403366-2529910698-1000UA.job => C:\Users\Deana\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Deana\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html
Shortcut: C:\Users\Deana\Favorites\NCH Software Download.lnk -> hxxp://www.nchsoftware.com/index.html
 
==================== Loaded Modules (Whitelisted) ==============
 
2008-10-23 13:41 - 2008-07-03 13:29 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-10-23 13:41 - 2008-07-03 13:28 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2016-09-30 19:32 - 2016-09-30 19:32 - 00059304 _____ () C:\Program Files\Gizmo\gshell.dll
2007-09-11 01:45 - 2007-09-11 01:45 - 00124832 _____ () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2016-06-17 23:13 - 2016-06-17 23:13 - 00198216 _____ () C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
2009-10-28 12:57 - 2009-10-28 12:57 - 00451904 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2009-10-28 12:52 - 2009-10-28 12:52 - 01581056 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2008-10-23 13:45 - 2010-07-06 10:06 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2009-10-21 10:38 - 2009-04-11 07:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2013-03-27 17:13 - 2015-06-22 04:27 - 02458032 ____N () C:\Program Files\Inbox Toolbar\Inbox.exe
2016-06-17 23:13 - 2016-06-17 23:13 - 01758280 ____N () C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
2016-09-30 19:32 - 2016-09-30 19:32 - 00166816 _____ () C:\Program Files\Gizmo\GImage.dll
2016-09-30 19:32 - 2016-09-30 19:32 - 00315800 _____ () C:\Program Files\Gizmo\gmanager.dll
2016-09-30 19:32 - 2016-09-30 19:32 - 00404384 _____ () C:\Program Files\Gizmo\gdatabase.dll
2016-09-30 19:32 - 2016-09-30 19:32 - 00394656 _____ () C:\Program Files\Gizmo\gdrive.dll
2008-07-29 15:55 - 2008-07-29 15:55 - 00969728 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2016-09-11 14:42 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\Deana\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-11 14:42 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\Deana\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2016-07-17 17:55 - 2016-07-06 18:01 - 17602240 _____ () C:\Users\Deana\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
2016-10-08 11:48 - 2016-05-17 05:02 - 00026112 _____ () C:\Users\Deana\AppData\Local\Splice\Splice.WinClient\x86\Splice-SAS.dll
2016-10-08 11:48 - 2016-05-17 05:02 - 02304512 _____ () C:\Users\Deana\AppData\Local\Splice\Splice.WinClient\x86\libsndfile-1.dll
2016-10-08 11:48 - 2016-05-17 05:02 - 00276992 _____ () C:\Users\Deana\AppData\Local\Splice\Splice.WinClient\x86\libFLAC_dynamic.dll
2016-10-08 11:48 - 2016-10-05 21:42 - 00074240 _____ () C:\Users\Deana\AppData\Local\Splice\Splice.WinClient\SpliceUtility.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:90D89144 [129]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [210]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Deana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{8CCA8E7C-80F7-40CC-AEBE-9376C2FD360A}] => (Allow) C:\Program Files\Dell\MediaDirect\MediaDirect.exe
FirewallRules: [{DD81B648-1F51-485F-A5E0-8E8F4F989329}] => (Allow) C:\Program Files\Dell\MediaDirect\PCMService.exe
FirewallRules: [{9F1EF73E-DD8E-49DB-A597-5C7964A5C3C3}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe
FirewallRules: [{77C5565B-BCCA-4011-87CD-AA84C4CD17A8}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe
FirewallRules: [{7635F890-31D8-49EB-B5D4-82CE092D2449}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{F0494029-1297-495A-87E4-544AE760A745}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{CBB04CFB-84B1-4152-8680-2BEF17DEA92B}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{59CA0B27-AD55-404E-A352-B3C1B4FDF453}] => (Allow) svchost.exe
FirewallRules: [{9D3CBF34-C06D-4C55-BF0E-F16D05F580F0}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{42ED005A-46C0-42DD-8A3D-5DFD547D05FA}C:\program files\limewire download client\limewireclient.exe] => (Allow) C:\program files\limewire download client\limewireclient.exe
FirewallRules: [UDP Query User{0953EDED-08E7-4A88-83AE-43C9891BCE31}C:\program files\limewire download client\limewireclient.exe] => (Allow) C:\program files\limewire download client\limewireclient.exe
FirewallRules: [TCP Query User{21BD515B-6E0E-4151-8581-66D988205C3C}C:\program files\limewire download client\limewireclient.exe] => (Allow) C:\program files\limewire download client\limewireclient.exe
FirewallRules: [UDP Query User{0FE1A0C9-AAEE-4C8D-A4E3-7D4BD8D4155A}C:\program files\limewire download client\limewireclient.exe] => (Allow) C:\program files\limewire download client\limewireclient.exe
FirewallRules: [{362B9D32-E86D-408C-BD10-065ADDA207D1}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2FAF89FD-74CB-4B30-898B-2C33E295D6A8}] => (Allow) LPort=2869
FirewallRules: [{212D0755-534D-4F27-AA44-0C02589F230A}] => (Allow) LPort=1900
FirewallRules: [{DA5B1DC8-425F-43FC-8484-40AAD22BB01A}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{FA482298-AFAC-4575-81A8-6B73E66453F9}] => (Allow) LPort=80
FirewallRules: [{84122195-C68E-4B8F-AB64-B97B0586780D}] => (Allow) LPort=80
FirewallRules: [{4EA7247B-A482-4C27-BFF3-8B1713C8A5DD}] => (Allow) LPort=80
FirewallRules: [{3D5A9DF2-DCDB-424A-8E86-2EC71FC71B56}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{E12FD63A-5DED-433F-9558-44B6E8B6DB6C}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{3079018F-4E52-4CDD-8B69-2EEECA740287}] => (Allow) C:\Users\Deana\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5EB6A414-C09A-434C-B02A-CD65C7DFF15E}] => (Allow) C:\Users\Deana\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F8D356C5-A065-4086-B0DC-7F47070A9313}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E725AF99-6C13-49C0-8D8B-CCA3D27F7CB1}] => (Allow) C:\Users\Deana\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{B4B78EA5-213E-4E8E-B3BF-D0C70A3C7DA8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CA0D204D-FF84-4B47-87CD-CBA1A8334D03}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{49CC69A9-B2B5-47D7-8530-D6B5A9991385}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2516A767-BDC4-49C0-A954-8439A1B6D12B}] => (Allow) C:\Users\Deana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{07B99DC1-4BA0-4AF4-88C9-4533D6F67346}] => (Allow) C:\Users\Deana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E64A3826-F00B-4DC9-830E-882ECEA25344}] => (Allow) C:\Users\Deana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A75C574C-FD73-482B-B6B7-A158AA9D173D}] => (Allow) C:\Users\Deana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A1CB466E-8D0D-49C5-A231-D9ECB6C0D61D}] => (Allow) C:\Users\Deana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{90373D80-9C2B-4CF7-B0C8-8810EE07F71E}] => (Allow) C:\Users\Deana\AppData\Roaming\uTorrent\uTorrent.exe
 
==================== Restore Points =========================
 
10-07-2016 21:18:42 Installed Rapport
16-07-2016 23:54:34 Windows Update
17-07-2016 16:29:58 Installed Rapport
24-07-2016 23:45:42 Windows Update
30-07-2016 10:58:13 Installed Rapport
30-09-2016 18:46:32 Installed Rapport
30-09-2016 20:19:25 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
01-10-2016 14:22:56 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
01-10-2016 14:24:33 Installed V25 Firmware Updater 1.0.0 
03-10-2016 23:35:01 Windows Update
04-10-2016 03:00:29 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/08/2016 03:11:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DEANA\DOCUMENTS\SPLICE\SAMPLES\PACKS\SOUNDS OF KSHMR VOL. 2\LIVE_INSTRUMENTS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/08/2016 03:11:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DEANA\DOCUMENTS\SPLICE\SAMPLES\PACKS\SOUNDS OF KSHMR VOL. 2\LIVE_INSTRUMENTS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/08/2016 03:05:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DEANA\DOCUMENTS\SPLICE\SAMPLES\PACKS\CINEMATIC MOODS 2\PL0370_ACID_WAV_CINEMATIC_MOODS_2\PRIME_LOOPS_-_CINEMATIC_MOODS_2> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/08/2016 03:05:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DEANA\DOCUMENTS\SPLICE\SAMPLES\PACKS\CINEMATIC MOODS 2\PL0370_ACID_WAV_CINEMATIC_MOODS_2\PRIME_LOOPS_-_CINEMATIC_MOODS_2> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/08/2016 03:05:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DEANA\DOCUMENTS\SPLICE\SAMPLES\PACKS\CINEMATIC MOODS 2\PL0370_ACID_WAV_CINEMATIC_MOODS_2> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/08/2016 03:05:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DEANA\DOCUMENTS\SPLICE\SAMPLES\PACKS\CINEMATIC MOODS 2\PL0370_ACID_WAV_CINEMATIC_MOODS_2> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/08/2016 03:04:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DEANA\DOCUMENTS\SPLICE\SAMPLES\PACKS\THE GOLDEN HIP HOP PRINCIPLE\90_BPM\SPARKLE_-_CM> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/08/2016 03:04:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DEANA\DOCUMENTS\SPLICE\SAMPLES\PACKS\THE GOLDEN HIP HOP PRINCIPLE\90_BPM\SPARKLE_-_CM> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/08/2016 03:04:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DEANA\DOCUMENTS\SPLICE\SAMPLES\PACKS\THE GOLDEN HIP HOP PRINCIPLE\90_BPM> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (10/08/2016 03:04:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\DEANA\DOCUMENTS\SPLICE\SAMPLES\PACKS\THE GOLDEN HIP HOP PRINCIPLE\90_BPM> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (12/28/2009 03:55:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:56:08 on 28/12/2009 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-08 20:43:51.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-08 20:43:50.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-08 20:43:49.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-08 20:43:45.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-08 20:43:43.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-08 20:43:42.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-08 20:41:25.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-08 20:41:24.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-08 20:41:23.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-08 20:41:21.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 73%
Total physical RAM: 3061.31 MB
Available physical RAM: 804.8 MB
Total Virtual: 6324.88 MB
Available Virtual: 2027.75 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:136.74 GB) (Free:35.04 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=136.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 

 

 

 

 


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello cr00901124 and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'll have a look through your logs and post some further instructions. :)

  • 0

#3
cr00901124

cr00901124

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

The laptop is running adequately considering its "lower spec", I have had no concerns up until today when this issue happened. 

I have little knowledge of exactly what could have caused this (if infected at all) as there are many processes running in the background that i can not identify as 'necessary' because It was not myself that installed these programs. I have not installed anything that would cause concern since receiving the "already potentially affected" system. Hope this helps.


  • 0

#4
cr00901124

cr00901124

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Would you like me to export the log that "Malware-Bytes" generated before I ran FRST


  • 0

#5
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi cr00901124

Ok. Lets do some tidy up. Not much other than some unwanted stuff.

I'll leave the malwarebytes log for just now, but may ask for it later.

First some advice

P2P Warning: !

IMPORTANT I have noticed that there are signs of uTorrent P2P (Peer to Peer) File Sharing Program on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Risks of Peer to Peer systems
P2P programs: Popular and perilous

If you continue to use P2P programs it is likely that you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to do this, you can do so by:
  • Please go to Start Menu -> Control Panel -> Programs and Features for Windows 7 and Vista. Add or Remove Programs for win XP.
  • Click on uTorrent.
  • Click uninstall.
If you decide to keep the programs in spite of the risks involved, do not use them until I have finished cleaning your computer and have given you the all clear.


Step1 - Remove unwanted programs

Please uninstall the following unwanted programs:

ALOT Toolbar
McAfee Security Scan Plus

Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall.
Click uninstall.
Repeat the above steps for all the other programs to remove.


Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   9.34KB   30 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step3 - Run AdwCleaner

    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner1_zpsfhqm5c1w.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options
    adwcleaner2_zpsewujy48f.jpg
    tick to reset -
    proxy
    winsock
    TCP/IP Settings
    IPSec
    IE policies
    Chrome policies
    Chrome preferences
  • When finished, please click Cleaning button.
  • when cleaning is finished, you may be prompted to restart your computer.
  • Upon completion, a log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Things for your next post:
  • fixlog.txt
  • AdwCleaner[C*].txt
  • How is your computer running now?

  • 0

#6
cr00901124

cr00901124

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

I removed all the programs in question (inc utorrent)

 

below are both logs (fix log & adw)

The laptop is still taking random screenshots!

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 04-10-2016
Ran by Deana (08-10-2016 23:48:23) Run:1
Running from C:\Users\Deana\Desktop
Loaded Profiles: Deana (Available Profiles: Deana)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
() C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\Inbox Toolbar\Inbox.exe
() C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758280 2016-06-17] ()
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: G - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {31e525d3-a0d2-11dd-8f4d-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {35faa898-a1a4-11e5-ab85-00219bf0cada} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {4a920133-ddf2-11de-b145-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {7308fdf3-d671-11dd-b150-00234d946a18} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {7308fdf8-d671-11dd-b150-00234d946a18} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {7308fe04-d671-11dd-b150-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {7308fe05-d671-11dd-b150-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {7308ff5f-d671-11dd-b150-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {9ba9d963-3899-11de-994d-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {9ba9d987-3899-11de-994d-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {9ba9d989-3899-11de-994d-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {9ba9d9a1-3899-11de-994d-00219bf0cada} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\...\MountPoints2: {f35d9154-5e5a-11de-b773-f28d9f3d3f08} - F:\setup_vmc_lite.exe /checkApplicationPresence
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-03-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={AFD04AD7-DB03-45B0-B241-7FB2BF381CCB}&mid=b41d0199dff947d1bc92d168dd142329-931055154b6ad30b546f145fab542c6fe4be2d7b&lang=en&ds=AVG&pr=pr&d=2011-09-28 16:56:46&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} URL = hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=D8FE563001CC333265556490&install_time=2011-06-25T12:24:35Z&src_id=12287&camp_id=2586&tb_version=2.5.20000.3
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=VWuL-VYZgp5nZ1OUaEHblndigxs?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={AFD04AD7-DB03-45B0-B241-7FB2BF381CCB}&mid=b41d0199dff947d1bc92d168dd142329-931055154b6ad30b546f145fab542c6fe4be2d7b&lang=en&ds=AVG&pr=pr&d=2011-09-28 16:56:46&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16] (McAfee, Inc.)
BHO: ALOT Toolbar Helper -> {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} -> C:\Program Files\alot\bin\BHO\alotBHO.dll [2011-04-20] (Vertro)
BHO: No Name -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll [2011-04-20] (Vertro)
Toolbar: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
FF NewTab: Mozilla\Firefox\Profiles\hbyc7tgm.default -> hxxp://search.myemailxp.com?uid=undefined&uc=undefined&source=pd_gs_email_hotmail_p&page=newtab&implementation_id=Email_xp_0.0.2
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hbyc7tgm.default -> Yahoo!
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\hbyc7tgm.default -> Ask.com
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hbyc7tgm.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\hbyc7tgm.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
hxxp://search.myemailxp.com?uid=undefined&uc=undefined&source=pd_gs_email_hotmail_p&page=homepage&implementation_id=Email_xp_0.0.2
FF NetworkProxy: Mozilla\Firefox\Profiles\hbyc7tgm.default -> type", 2
FF Extension: (No Name) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\[email protected] [2016-10-08] [not signed]
FF Extension: (My Email XP) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\[email protected] [2015-07-09] [not signed]
FF Extension: (ALOT Toolbar) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\[email protected] [2012-04-25] [not signed]
FF Extension: (No Name) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2016-10-08] [not signed]
FF Extension: (No Name) - C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2016-10-08] [not signed]
FF SearchPlugin: C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\searchplugins\ask-search.xml [2014-04-05]
FF SearchPlugin: C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\searchplugins\inbox-search.xml [2015-07-09]
FF SearchPlugin: C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\searchplugins\search.xml [2015-07-09]
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-16] (McAfee, Inc.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-06-17] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Deana\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
Task: {1A62DE1A-5A22-42BD-8269-929DA77A2AE8} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-11-06] (Google) <==== ATTENTION
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:90D89144 [129]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [210]
C:\Program Files\AskPartnerNetwork
C:\Program Files\Inbox Toolbar
C:\Users\Deana\AppData\LocalLow\Inbox Toolbar
C:\Users\Deana\install_flash_player.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
C:\Program Files\McAfee Security Scan
C:\Program Files\alot
*****************

Restore point was successfully created.
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
[2456] C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe => process closed successfully.
C:\Program Files\Inbox Toolbar\Inbox.exe
[2968] C:\Program Files\Inbox Toolbar\Inbox.exe => process closed successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
[1672] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe => process closed successfully.
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value removed successfully.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31e525d3-a0d2-11dd-8f4d-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{31e525d3-a0d2-11dd-8f4d-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35faa898-a1a4-11e5-ab85-00219bf0cada}" => key removed successfully.
HKCR\CLSID\{35faa898-a1a4-11e5-ab85-00219bf0cada} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a920133-ddf2-11de-b145-00219bf0cada}" => key removed successfully.
HKCR\CLSID\{4a920133-ddf2-11de-b145-00219bf0cada} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7308fdf3-d671-11dd-b150-00234d946a18}" => key removed successfully.
HKCR\CLSID\{7308fdf3-d671-11dd-b150-00234d946a18} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7308fdf8-d671-11dd-b150-00234d946a18}" => key removed successfully.
HKCR\CLSID\{7308fdf8-d671-11dd-b150-00234d946a18} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7308fe04-d671-11dd-b150-00219bf0cada}" => key removed successfully.
HKCR\CLSID\{7308fe04-d671-11dd-b150-00219bf0cada} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7308fe05-d671-11dd-b150-00219bf0cada}" => key removed successfully.
HKCR\CLSID\{7308fe05-d671-11dd-b150-00219bf0cada} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7308ff5f-d671-11dd-b150-00219bf0cada}" => key removed successfully.
HKCR\CLSID\{7308ff5f-d671-11dd-b150-00219bf0cada} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba9d963-3899-11de-994d-00219bf0cada}" => key removed successfully.
HKCR\CLSID\{9ba9d963-3899-11de-994d-00219bf0cada} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba9d987-3899-11de-994d-00219bf0cada}" => key removed successfully.
HKCR\CLSID\{9ba9d987-3899-11de-994d-00219bf0cada} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba9d989-3899-11de-994d-00219bf0cada}" => key removed successfully.
HKCR\CLSID\{9ba9d989-3899-11de-994d-00219bf0cada} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba9d9a1-3899-11de-994d-00219bf0cada}" => key removed successfully.
HKCR\CLSID\{9ba9d9a1-3899-11de-994d-00219bf0cada} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f35d9154-5e5a-11de-b773-f28d9f3d3f08}" => key removed successfully.
HKCR\CLSID\{f35d9154-5e5a-11de-b773-f28d9f3d3f08} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => not found.
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe => not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => key removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => key removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}" => key removed successfully.
HKCR\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}" => key removed successfully.
HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => key removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => key not found.
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} => key not found.
HKCR\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}" => key removed successfully.
HKCR\CLSID\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} => value not found.
HKCR\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} => key not found.
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found.
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\inbox" => key removed successfully.
HKCR\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} => key not found.
Firefox "newtab" removed successfully.
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hbyc7tgm.default -> Yahoo! => not found
Firefox SearchEngineOrder.1 removed successfully.
Firefox SelectedSearchEngine removed successfully.
Firefox "homepage" removed successfully.
hxxp://search.myemailxp.com?uid=undefined&uc=undefined&source=pd_gs_email_hotmail_p&page=homepage&implementation_id=Email_xp_0.0.2 => Error: No automatic fix found for this entry.
Firefox Proxy settings were reset.
C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\[email protected] => not found.
C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\[email protected] => moved successfully
C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\[email protected] => moved successfully
C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => not found.
C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} => not found.
C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\searchplugins\ask-search.xml => moved successfully
C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\searchplugins\inbox-search.xml => moved successfully
C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\searchplugins\search.xml => moved successfully
HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => key not found.
"C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll" => not found.
APNMCP => service removed successfully.
McComponentHostService => service not found.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}" => key removed successfully.
"HKU\S-1-5-21-1504278732-3331403366-2529910698-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A62DE1A-5A22-42BD-8269-929DA77A2AE8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A62DE1A-5A22-42BD-8269-929DA77A2AE8}" => key removed successfully.
C:\Windows\System32\Tasks\Google Software Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Software Updater" => key removed successfully.
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe => moved successfully
C:\Windows\Tasks\Google Software Updater.job => moved successfully
C:\ProgramData\TEMP => ":90D89144" ADS removed successfully..
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully..
C:\Program Files\AskPartnerNetwork => moved successfully
"C:\Program Files\Inbox Toolbar" => not found.
C:\Users\Deana\AppData\LocalLow\Inbox Toolbar => moved successfully
C:\Users\Deana\install_flash_player.exe => moved successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"C:\Program Files\McAfee Security Scan" => not found.
"C:\Program Files\alot" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 196839852 B
Java, Flash, Steam htmlcache => 547 B
Windows/system/drivers => 710738735 B
Edge => 0 B
Chrome => 766838074 B
Firefox => 477145042 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 25189452 B
LocalService => 132244 B
NetworkService => 10127903 B
Deana => 366448004 B

RecycleBin => 2934378626 B
EmptyTemp: => 5.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:11:15 ====

 

# AdwCleaner v6.021 - Logfile created 09/10/2016 at 01:19:07
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-07.1 [Local]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : Deana - DELL1525
# Running from : C:\Users\Deana\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Deana\AppData\Local\AskPartnerNetwork
[-] Folder deleted: C:\Users\Deana\AppData\Local\Conduit
[-] Folder deleted: C:\Users\Deana\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Deana\AppData\LocalLow\PriceGong
[-] Folder deleted: C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\Smartbar
[-] Folder deleted: C:\Users\Deana\AppData\Roaming\Mozilla\Firefox\Profiles\hbyc7tgm.default\ValueApps
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\Ask
[-] Folder deleted: C:\ProgramData\Tarma Installer
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Ask
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Tarma Installer
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games
[-] Folder deleted: C:\Program Files\iWin.com Games
[-] Folder deleted: C:\Program Files\PriceGong
[-] Folder deleted: C:\Program Files\WinZip Registry Optimizer
[-] Folder deleted: C:\Program Files\Yontoo Layers
[-] Folder deleted: C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search


***** [ Files ] *****

[-] File deleted: C:\Users\Deana\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
[-] File deleted: C:\Windows\system32\roboot.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\BackWeb.Client.ScriptHelper-7288971
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Search.BrowserWndAPI
[-] Key deleted: HKLM\SOFTWARE\Classes\Search.BrowserWndAPI.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Search.PugiObj
[-] Key deleted: HKLM\SOFTWARE\Classes\Search.PugiObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKU\.DEFAULT\Software\AVG Secure Search
[-] Key deleted: HKU\.DEFAULT\Software\AVG Security Toolbar
[-] Key deleted: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\AppDataLow\Toolbar
[-] Key deleted: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
[-] Key deleted: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[-] Key deleted: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
[-] Key deleted: HKU\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\AskPartnerNetwork
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\AVG Secure Search
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1504278732-3331403366-2529910698-1000\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Secure Search
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Toolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\Tarma Installer
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ROC_roc_dec12]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "CT3220468.BT_Stats.enc" -  "eyJsYXN0X2xvZyI6MTQwMTYzMzM1OCwidXVpZCI6MzAyMDQ3Mzc1NTkxNzksInNlcV9pZCI6MzQsInNzYiI6MTM0ODk5MzE4MX0="
[-] Chrome preferences cleaned: "CT3220468.BT_Usage.enc" -  "eyJ1dWlkIjozMDIwNDczNzU1OTE3OSwic2VxX2lkIjozfQ=="
[-] Chrome preferences cleaned: "CT3220468.CBOpenMAMSettings.enc" -  "MA=="
[-] Chrome preferences cleaned: "CT3220468.ENABALE_HISTORY" -  "{\"dataType\":\"string\",\"data\":\"true\"}"
[-] Chrome preferences cleaned: "CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE" -  "{\"dataType\":\"string\",\"data\":\"true\"}"
[-] Chrome preferences cleaned: "CT3220468.FirstTime" -  "true"
[-] Chrome preferences cleaned: "CT3220468.FirstTimeFF3" -  "true"
[-] Chrome preferences cleaned: "CT3220468.LoginRevertSettingsEnabled" -  true
[-] Chrome preferences cleaned: "CT3220468.PG_ENABLE" -  "ZmFsc2U="
[-] Chrome preferences cleaned: "CT3220468.PG_ENABLE.enc" -  "ZEhKMVpRPT0="
[-] Chrome preferences cleaned: "CT3220468.RestartDialogFirstTime" -  "false"
[-] Chrome preferences cleaned: "CT3220468.RestartDialogShouldDisplay" -  "false"
[-] Chrome preferences cleaned: "CT3220468.RevertSettingsEnabled" -  true
[-] Chrome preferences cleaned: "CT3220468.SF_JUST_INSTALLED.enc" -  "RkFMU0U="
[-] Chrome preferences cleaned: "CT3220468.SF_STATUS.enc" -  "RU5BQkxFRA=="
[-] Chrome preferences cleaned: "CT3220468.SF_USER_ID.enc" -  "Y2lkXzIzNjIwMTMxNzI3OTIzMjAwOTE="
[-] Chrome preferences cleaned: "CT3220468.UserID" -  "UN76600708985825746"
[-] Chrome preferences cleaned: "CT3220468._key_cl_active" -  "%B9%BF%EA%B6%E8%B6%E8%B6%B3%B6%EB%EA%BA%B3%BA%EB%E8%BF%B3%BF%BA%B6%B6%B3%E7%BE%B8%B6%BC%BD%BC%BD%E7%BE%E9%BD"
[-] Chrome preferences cleaned: "CT3220468._key_cl_active.enc" -  "MzlkMGIwYjAtMGVkNC00ZWI5LTk0MDAtYTgyMDY3NjdhOGM3"
[-] Chrome preferences cleaned: "CT3220468._key_edilia__uID" -  "%B7%EB%BD%EB%EA%B7%EC%BD%B3%BA%B7%BA%BA%B3%BA%B6%E8%EB%B3%E8%B6%BA%E7%B3%E9%E7%B8%B9%BE%EC%BD%B7%EB%BC%E7%EB"
[-] Chrome preferences cleaned: "CT3220468._key_edilia__uID.enc" -  "MWU3ZWQxZjctNDE0NC00MGJlLWIwNGEtY2EyMzhmNzFlNmFl"
[-] Chrome preferences cleaned: "CT3220468.addressBarTakeOverEnabledInHidden" -  "true"
[-] Chrome preferences cleaned: "CT3220468.autoDisableScopes" -  -1
[-] Chrome preferences cleaned: "CT3220468.cb_experience_000.enc" -  "MTc="
[-] Chrome preferences cleaned: "CT3220468.cb_firstuse0100.enc" -  "MQ=="
[-] Chrome preferences cleaned: "CT3220468.cb_user_id_000.enc" -  "Q0I5MjU4NTk0MTEyNjhfMTM1ODMyOTI5NTk1NF9GaXJlZm94"
[-] Chrome preferences cleaned: "CT3220468.cbcountry_001.enc" -  "R0I="
[-] Chrome preferences cleaned: "CT3220468.cbfirsttime.enc" -  "U3VuIFNlcCAzMCAyMDEyIDA5OjE5OjQwIEdNVCswMTAwIChHTVQgRGF5bGlnaHQgVGltZSk="
[-] Chrome preferences cleaned: "CT3220468.countryCode" -  "GB"
[-] Chrome preferences cleaned: "CT3220468.defaultSearch" -  "FALSE"
[-] Chrome preferences cleaned: "CT3220468.discover-experiments-photopop" -  "ā%A8%F4%E7%F3%EB%A8%C0%A8%F6%EE%F5%FA%F5%F6%F5%F6%E5%F4%E7%A8%B2%A8%FC%EB%F8%F9%EF%F5%F4%A8%C0%B7%B6ă"
[-] Chrome preferences cleaned: "CT3220468.discover-experiments-photopop.enc" -  "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0="
[-] Chrome preferences cleaned: "CT3220468.discover-periodic-reports" -  "ā%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BE%BD%B7%B9%B7%B9%BE%BB%BA%B7%BE%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3ă"
[-] Chrome preferences cleaned: "CT3220468.discover-periodic-reports.enc" -  "eyJwaW5nXzAiOlsxMzg3MTMxMzg1NDE4LDE0NDAwMDAwXX0="
[-] Chrome preferences cleaned: "CT3220468.discover-user-id" -  "%A8%BE%BC%EB%EB%EA%BD%B8%BC%B3%BF%E9%E7%B9%B3%BA%BB%BB%B8%B3%BF%EA%BB%BA%B3%B7%EC%E9%BB%EA%E9%BC%EB%E8%BE%EA%EB%A8"
[-] Chrome preferences cleaned: "CT3220468.discover-user-id.enc" -  "Ijg2ZWVkNzI2LTljYTMtNDU1Mi05ZDU0LTFmYzVkYzZlYjhkZSI="
[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned: "CT3220468.enableAlerts" -  "always"
[-] Chrome preferences cleaned: "CT3220468.enableFix404ByUser" -  "FALSE"
[-] Chrome preferences cleaned: "CT3220468.enableSearchFromAddressBar" -  "FALSE"
[-] Chrome preferences cleaned: "CT3220468.firstTimeDialogOpened" -  "true"
[-] Chrome preferences cleaned: "CT3220468.fixPageNotFoundError" -  "true"
[-] Chrome preferences cleaned: "CT3220468.fixPageNotFoundErrorByUser" -  "true"
[-] Chrome preferences cleaned: "CT3220468.fixPageNotFoundErrorInHidden" -  "true"
[-] Chrome preferences cleaned: "CT3220468.fixUrls" -  true
[-] Chrome preferences cleaned: "CT3220468.fullUserID" -  "UN76600708985825746.UP.20140326145032"
[-] Chrome preferences cleaned: "CT3220468.ground-country-code" -  "%A8%CD%C8%A8"
[-] Chrome preferences cleaned: "CT3220468.ground-country-code.enc" -  "IkdCIg=="
[-] Chrome preferences cleaned: "CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES" -  "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L),savelocation=0,closeonexternalclick=0"
[-] Chrome preferences cleaned: "CT3220468.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc" -  "cmVzaXphYmxlPTAsc2F2ZXJlc2l6ZWRzaXplPTAsdGl0bGViYXI9MCxjbG9zZW9uZXh0ZXJuYWxjbGljaz0xLHNhdmVsb2NhdGlvbj0wLG9wZW5wb3NpdGlvbj1vZmZzZXQ6KDI1OzMwKQ=="
[-] Chrome preferences cleaned: "CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc" -  "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc2Nyb2xsYmFycz1ubyx0aXRsZWJhcj15ZXMsc2F2ZXJlc2l6ZWRzaXplPW5v"
[-] Chrome preferences cleaned: "CT3220468.impression_counter" -  "%B7"
[-] Chrome preferences cleaned: "CT3220468.impression_counter.enc" -  "MQ=="
[-] Chrome preferences cleaned: "CT3220468.impression_session_counter" -  "%B6"
[-] Chrome preferences cleaned: "CT3220468.impression_session_counter.enc" -  "MA=="
[-] Chrome preferences cleaned: "CT3220468.impression_session_id" -  "%A8%EA%EB%BA%E8%B6%BA%E9%EB%B3%EA%BA%BA%B6%B3%BA%BD%EC%BF%B3%E7%BF%EA%B7%B3%BB%EA%EB%EC%B6%E9%EB%E9%BB%B9%B9%EA%A8"
[-] Chrome preferences cleaned: "CT3220468.impression_session_id.enc" -  "ImRlNGIwNGNlLWQ0NDAtNDdmOS1hOWQxLTVkZWYwY2VjNTMzZCI="
[-] Chrome preferences cleaned: "CT3220468.impression_session_last_active" -  "%B7%B9%BE%BD%B7%B9%B8%B8%BB%BC%B7%BB%B6"
[-] Chrome preferences cleaned: "CT3220468.impression_session_last_active.enc" -  "MTM4NzEzMjI1NjE1MA=="
[-] Chrome preferences cleaned: "CT3220468.installId" -  "fft5F1F.tmp.exe"
[-] Chrome preferences cleaned: "CT3220468.installType" -  "XPE"
[-] Chrome preferences cleaned: "CT3220468.isCheckedStartAsHidden" -  true
[-] Chrome preferences cleaned: "CT3220468.isEnableAllDialogs" -  "{\"dataType\":\"string\",\"data\":\"true\"}"
[-] Chrome preferences cleaned: "CT3220468.isFirstTimeToolbarLoading" -  "false"
[-] Chrome preferences cleaned: "CT3220468.isNewTabEnabled" -  true
[-] Chrome preferences cleaned: "CT3220468.isPerformedSmartBarTransition" -  "true"
[-] Chrome preferences cleaned: "CT3220468.isToolbarShrinked" -  "{\"dataType\":\"string\",\"data\":\"false\"}"
[-] Chrome preferences cleaned: "CT3220468.isWelcomPage" -  "{\"dataType\":\"boolean\",\"data\":\"true\"}"
[-] Chrome preferences cleaned: "CT3220468.lastVersion" -  "10.29.0.520"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_appStateReportTime" -  "%B7%B9%BF%BC%BD%B6%BA%B7%B7%BE%BE%BA%B9"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_appStateReportTime.enc" -  "MTM5NjcwNDExODg0Mw=="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_appState_Clarity_Active" -  "%F5%F4"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_appState_Clarity_Active.enc" -  "b24="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_appState_CouponBuddy.enc" -  "b24="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_appState_PriceGong.enc" -  "b24="
[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned: "CT3220468.mam_gk_appsDefaultEnabled" -  "%F4%FB%F2%F2"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_appsDefaultEnabled.enc" -  "bnVsbA=="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_calledSetupService" -  "%B7"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_calledSetupService.enc" -  "MQ=="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_currentBadgeValue" -  "%B7"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_currentBadgeValue.enc" -  "MQ=="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_currentVersion" -  "%B7%B4%B7%B9%B4%B6%B4%B7%BD"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_currentVersion.enc" -  "MS4xMy4wLjE3"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_eventsCache" -  "ā%A8%BA%BC%B6%BE%B8%E7%EC%E9%B3%EB%BD%BE%B7%B3%BA%B7%E8%BD%B3%BF%E8%BA%B7%B3%B8%E9%B9%EB%BA%EB%EB%BF%EC%BF%EA%BE%A8%C0ā%A8%FA%F5%F6%EF%E9%A8%C0%A8%F9%EE%F5%FD%C8%E7%EA%ED%EB%A8%B2%A8%EA%E7%FA%E7%A8%C0%A8%A8%B2%A8%FB%F4%EF%F7%FB%EB%CF%EA%A8%C0%A8%BA%BC%B6%BE%B8%E7%EC%E9%B3%EB%BD%BE%B7%B3%BA%B7%E8%BD%B3%BF%E8%BA%B7%B3%B8%E9%B9%EB%BA%EB%EB%BF%EC%BF%EA%BE%A8%B2%A8%EB%FC%EB%F4%FA%DA%F8%EF%ED%ED%EB%F8%DA%EF%F3%EB%A8%C0%B7%B9%BF%BC%BD%B6%BA%B7%B7%BF%B8%B7%B7ă%B2%A8%BD%E9%B7%EA%BC%BA%EC%E8%B3%BD%EC%EA%E9%B3%BA%E9%BA%E7%B3%E8%B9%EB%E7%B3%EC%EC%BF%E8%BB%BE%BD%EB%EC%EC%BF%B9%A8%C0ā%A8%FA%F5%F6%EF%E9%A8%C0%A8%E9%F8%EB%E7%FA%EB%C7%F6%F6%A8%B2%A8%EA%E7%FA%E7%A8%C0ā%A8%EF%EA%A8%C0%A8%E7%F6%F6%B7%B9%A8%B2%A8%F9%EB%FA%FA%EF%F4%ED%F9%A8%C0ā%A8%F4%E7%F3%EB%A8%C0%A8%E7%F6%F6%B7%B9%A8%B2%A8%FB%F8%F2%A8%C0%A8%EE%FA%FA%F6%C0%B5%B5%F9%FA%F5%F8%E7%ED%EB%B4%E9%F5%F4%EA%FB%EF%FA%B4%E9%F5%F3%B5%F3%E7%F3%B5%B9%F8%EA%F6%E7%F8%FA%FF%E7%F6%F6%F9%B5%EB%EA%EF%F2%EF%E7%B5%EB%EA%EF%F2%EF%E7%B4%EE%FA%F3%F2%A8%B2%A8%F9%E9%F8%EF%F6%FA%DB%F8%F2%A8%C0%F4%FB%F2%F2%B2%A8%F5%F6%FA%EF%F5%F4%F9%CA%EF%E7%F2%F5%ED%A8%C0ā%A8%EA%EF%F9%F6%F2%E7%FF%D4%E7%F3%EB%A8%C0%A8%CA%EF%F9%E9%F5%FC%EB%F8%A6%DA%EB%F9%FA%A8%B2%A8%E7%F6%F6%CA%EB%F9%E9%A8%C0%A8%DD%E7%FA%E9%EE%EF%F4%ED%A6%FC%EF%EA%EB%F5%C5%A6%DA%EE%EF%F9%A6%E7%F6%F6%A6%EF%F4%FA%EB%F2%F2%EF%ED%EB%F4%FA%F2%FF%A6%F5%EC%EC%EB%F8%F9%A6%ED%F8%EB%E7%FA%A6%E9%F2%EF%F6%F9%A6%EC%F5%F8%A6%FF%F5%FB%A6%FA%F5%A6%FD%E7%FA%E9%EE%A6%F4%EB%FE%FA%B4%A8%B2%A8%F6%F8%EF%FC%E7%E9%FF%D6%F5%F2%EF%E9%FF%DB%F8%F2%A8%C0%A8%EE%FA%FA%F6%C0%B5%B5%EC%E7%F9%FA%E9%F5%F4%FA%EB%F4%FA%B4%E9%F5%F4%EA%FB%EF%FA%B4%E9%F5%F3%B5%F2%EB%ED%E7%F2%B5%F6%F8%EF%FC%E7%E9%FF%B4%EE%FA%F3%F2%A8%B2%A8%FA%EB%F8%F3%F9%D5%EC%DB%F9%EB%DB%F8%F2%A8%C0%A8%EE%FA%FA%F6%C0%B5%B5%EC%E7%F9%FA%E9%F5%F4%FA%EB%F4%FA%B4%E9%F5%F4%EA%FB%EF%FA%B4%E9%F5%F3%B5%F2%EB%ED%E7%F2%B5%FA%EB%F8%F3%F9%B4%EE%FA%F3%F2%A8ă%B2%A8%EF%F9%CE%EF%EA%EA%EB%F4%A8%C0%EC%E7%F2%F9%EBăă%B2%A8%FB%F4%EF%F7%FB%EB%CF%EA%A8%C0%A8%BD%E9%B7%EA%BC%BA%EC%E8%B3%BD%EC%EA%E9%B3%BA%E9%BA%E7%B3%E8%B9%EB%E7%B3%EC%EC%BF%E8%BB%BE%BD%EB%EC%EC%BF%B9%A8%B2%A8%EB%FC%EB%F4%FA%DA%F8%EF%ED%ED%EB%F8%DA%EF%F3%EB%A8%C0%B7%B9%BF%BC%BD%B6%BA%B7%B7%BF%B8%B8%B6ăă"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_eventsCache.enc" -  "eyI0NjA4MmFmYy1lNzgxLTQxYjctOWI0MS0yYzNlNGVlOWY5ZDgiOnsidG9waWMiOiJzaG93QmFkZ2UiLCJkYXRhIjoiIiwidW5pcXVlSWQiOiI0NjA4MmFmYy1lNzgxLTQxYjctOWI0MS0yYzNlNGVlOWY5ZDgiLCJldmVudFRyaWdnZXJUaW1lIjoxMzk2NzA0MTE5MjExfSwiN2MxZDY0ZmItN2ZkYy00YzRhLWIzZWEtZmY5YjU4N2VmZjkzIjp7InRvcGljIjoiY3JlYXRlQXBwIiwiZGF0YSI6eyJpZCI6ImFwcDEzIiwic2V0dGluZ3MiOnsibmFtZSI6ImFwcDEzIiwidXJsIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vbWFtLzNyZHBhcnR5YXBwcy9lZGlsaWEvZWRpbGlhLmh0bWwiLCJzY3JpcHRVcmwiOm51bGwsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5hbWUiOiJEaXNjb3ZlciBUZXN0IiwiYXBwRGVzYyI6IldhdGNoaW5nIHZpZGVvPyBUaGlzIGFwcCBpbnRlbGxpZ2VudGx5IG9mZmVycyBncmVhdCBjbGlwcyBmb3IgeW91IHRvIHdhdGNoIG5leHQuIiwicHJpdmFjeVBvbGljeVVybCI6Imh0dHA6Ly9mYXN0Y29udGVudC5jb25kdWl0LmNvbS9sZWdhbC9wcml2YWN5Lmh0bWwiLCJ0ZXJtc09mVXNlVXJsIjoiaHR0cDovL2Zhc3Rjb250ZW50LmNvbmR1aXQuY29tL2xlZ2FsL3Rlcm1zLmh0bWwifSwiaXNIaWRkZW4iOmZhbHNlfX0sInVuaXF1ZUlkIjoiN2MxZDY0ZmItN2ZkYy00YzRhLWIzZWEtZmY5YjU4N2VmZjkzIiwiZXZlbnRUcmlnZ2VyVGltZSI6MTM5NjcwNDExOTIyMH19"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_existingUsersRecoveryDone" -  "%B7"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_existingUsersRecoveryDone.enc" -  "MQ=="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_first_time" -  "%B7"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_first_time.enc" -  "MQ=="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_lastLoginTime" -  "%B7%B9%BF%BC%BD%B6%BA%B7%B8%BD%BF%B8%B6"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_lastLoginTime.enc" -  "MTM5NjcwNDEyNzkyMA=="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_localization.enc" -  "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6eyJUZXh0IjoiU2F2ZSBtb25leSJ9LCJkbWJ1bGxldDIiOnsiVGV4dCI6IkZpbmQgd2hhdCdzIHJpZ2h0IGZvciB5b3UifSwiZG1idWxsZXQzIjp7IlRleHQiOiJHZXQgdGhlIG1vc3Qgb3V0IG9mIHRoZSB3ZWIifSwiRE1wcml2YWN5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIG1heSBpbmNsdWRlIENvbmR1aXQgYXBwcyBhbmQgdGhpcmQtcGFydHkgYXBwcy4gQ2xpY2sgaGVyZSBmb3IgbW9yZSBpbmZvcm1hdGlvbiBhbmQgcHJpdmFjeSBwb2xpY2llcyJ9LCJkbXRpdGxlIjp7IlRleHQiOiJMZXQgdGhlIEJlc3QgT2ZmZXJzXHJcbkNvbWUgUmlnaHQgdG8gWW91ISJ9LCJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIgZXhwZXJpZW5jZSBieSBvZmZlcmluZyB5b3UgZ3JlYXQgZGVhbHMsIGNvdXBvbnMsIHJlbGF0ZWQgY29udGVudCBhbmQgbXVjaCBtb3JlLiJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnlNb3JlIjp7IlRleHQiOiJWYWx1ZSBBcHBzIHNlbGVjdHMgdGhlIGFwcHMgdGhhdCBicmluZyB5b3UgdGhlIGJlc3QgZGFpbHkgb2ZmZXJzIGJhc2VkIG9uIHlvdXIgYnJvd3NpbmcgaW5mb3JtYXRpb24uIn0sImdhZGdldERlc2NyaXB0aW9uU2Vjb25kYXJ5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIG1heSByZXF1aXJlIHVzZSBvZiB5b3VyIHBlcnNvbmFsIGluZm9ybWF0aW9uLCBpbmNsdWRpbmcgeW91ciBJbnRlcm5ldCBQcm90b2NvbCBhZGRyZXNzLCB0aGUgd2VicGFnZXMgeW91IHZpc2l0IGFuZCB0aGVpciBjb250ZW50LiJ9LCJnYWRnZXRFbmFibGUiOnsiVGV4dCI6IlRyeSBpdCBub3cifSwiZ2FkZ2V0Tm9UaGFua3MiOnsiVGV4dCI6IkN1c3RvbWl6ZSJ9LCJnYWRnZXRUZXJtc0FuZFByaXZhY3lQb2xpY3kiOnsiVGV4dCI6IlRlcm1zICYgUHJpdmFjeSBQb2xpY2llcyJ9LCJnYWRnZXRUZXJtc1RleHQiOnsiVGV4dCI6IkJ5IGNsaWNraW5nIFwiVHJ5IGl0IG5vd1wiLCB5b3UgYWdyZWUgdG8gdGhlIGFjY2VzcywgY29sbGVjdGlvbiBhbmQgdXNhZ2Ugb2YgeW91ciBpbmZvcm1hdGlvbiBieSBWYWx1ZSBBcHBzIGluIGFjY29yZGFuY2Ugd2l0aCB0aGUge3t7dGVybXNBbmRQcml2YWN5UG9saWN5SGFuZGxlcn19fS4gU2VlIG91ciB7e3tjb250ZW50UG9saWN5SGFuZGxlcn19fSBmb3IgbW9yZSBpbmZvcm1hdGlvbi4ifSwibmV3QXBwQ2xpY2tIZXJlIjp7IlRleHQiOiJjbGljayBoZXJlIn0sIm5ld2FwcGxlYXJubW9yZSI6eyJUZXh0IjoiTGVhcm4gbW9yZSJ9LCJuZXdBcHBNb3JlSW5mbyI6eyJUZXh0IjoiRm9yIG1vcmUgaW5mb3JtYXRpb24gb24gcHJpdmFjeSBwb2xpY3kge3t7cHJpdmFjeVBvbGljeUhhbmRsZXJ9fX0ifSwibmV3YXBwdGV4dCI6eyJUZXh0IjoiQ29uZHVpdCBWYWx1ZSBBcHBzIGJyaW5ncyB5b3UgW0FwcCBuYW1lXSJ9LCJuZXdHYWRnZXRUZXJtc1RleHQiOnsiVGV4dCI6IkJ5IGNsaWNraW5nIFwiT0tcIiwgeW91IGFncmVlIHRvIHRoZSBhY2Nlc3MsIGNvbGxlY3Rpb24gYW5kIHVzYWdlIG9mIHlvdXIgaW5mb3JtYXRpb24gYnkgVmFsdWUgQXBwcyBwcm92aWRlcnMgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSB7e3t0ZXJtc0FuZFByaXZhY3lQb2xpY3lIYW5kbGVyfX19LiJ9LCJzZXR0aW5nc0NhbmNlbCI6eyJUZXh0IjoiQ2FuY2VsIn0sInNldHRpbmdzQ291cG9uQnVkZHlEZXNjcmlwdGlvbiI6eyJUZXh0IjoiQ291cG9uIEJ1ZGR5IHNhdmVzIHlvdSBtb25leSBieSBzZXJ2aW5nIHlvdSB0aGUgYmVzdCBjb3Vwb25zIGFuZCBkZWFscyBhdCB0aG91c2FuZHMgb2YgdGhlIGxhcmdlc3Qgb25saW5lIG1lcmNoYW50cy4gQ291cG9uIEJ1ZGR5IHJlY29nbml6ZXMgd2hlcmUgeW91IGFyZSBicm93c2luZyBhbmQgYWxlcnRzIHlvdSBvZiB0aGUgYmVzdCBkZWFscyByaWdodCBvbiB0aGUgc2l0ZSB5b3UgYXJlIHZpc2l0aW5nLiJ9LCJzZXR0aW5nc0NvdXBvbkJ1ZGR5TmFtZSI6eyJUZXh0IjoiQ291cG9uIEJ1ZGR5In0sInNldHRpbmdzRGlhbG9nVGl0bGUiOnsiVGV4dCI6IkFyZSB5b3Ugc3VyZSB5b3Ugd2FudCB0byBjYW5jZWwgVmFsdWUgQXBwcz8ifSwic2V0dGluZ3NFbmFibGUiOnsiVGV4dCI6IkVuYWJsZSJ9LCJzZXR0aW5nc0VuYWJsZWQiOnsiVGV4dCI6IkVuYWJsZWQifSwic2V0dGluZ3NQcmljZUdvbmdEZXNjcmlwdGlvbiI6eyJUZXh0IjoieW91ciBvbmxpbmUgc2hvcHBpbmcgYXNzaXN0YW50LiBVc2UgUHJpY2VHb25nIHRvIGZpbmQgdGhlIGJlc3Qgb25saW5lIGRlYWxzIGFuZCBnZXQgb25saW5lIGNvdXBvbnMganVzdCB3aGVuIHlvdSBuZWVkIGl0LiJ9LCJzZXR0aW5nc1ByaWNlR29uZ05hbWUiOnsiVGV4dCI6IlByaWNlIEdvbmcifSwic2V0dGluZ3NQcml2YWN5UG9saWN5Ijp7IlRleHQiOiJQcml2YWN5IFBvbGljeSJ9LCJzZXR0aW5nc1NhdmUiOnsiVGV4dCI6IlNhdmUifSwic2V0dGluZ3NUZXJtc09mVXNlIjp7IlRleHQiOiJUZXJtcyBvZiBVc2UifSwibGFzdFVwZGF0ZVRpbWUiOjEzOTY3MDQxMTg1Mjl9"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_mamEnabled" -  "%EC%E7%F2%F9%EB"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_mamEnabled.enc" -  "ZmFsc2U="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_newApps" -  "%E1ā%A8%EF%EA%A8%C0%A8%E7%F6%F6%B7%B9%A8%B2%A8%F4%E7%F3%EB%A8%C0%A8%CA%EF%F9%E9%F5%FC%EB%F8%A6%DA%EB%F9%FA%A8%B2%A8%EA%EB%F9%E9%F8%EF%F6%FA%EF%F5%F4%A8%C0%A8%DD%E7%FA%E9%EE%EF%F4%ED%A6%FC%EF%EA%EB%F5%C5%A6%DA%EE%EF%F9%A6%E7%F6%F6%A6%EF%F4%FA%EB%F2%F2%EF%ED%EB%F4%FA%F2%FF%A6%F5%EC%EC%EB%F8%F9%A6%ED%F8%EB%E7%FA%A6%E9%F2%EF%F6%F9%A6%EC%F5%F8%A6%FF%F5%FB%A6%FA%F5%A6%FD%E7%FA%E9%EE%A6%F4%EB%FE%FA%B4%A8%B2%A8%E7%EA%EA%EB%EA%C7%FA%A8%C0%A8%B7%B9%BF%BC%BD%B6%BA%B7%B7%BE%BC%BE%B9%A8ă%E3"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_newApps.enc" -  "W3siaWQiOiJhcHAxMyIsIm5hbWUiOiJEaXNjb3ZlciBUZXN0IiwiZGVzY3JpcHRpb24iOiJXYXRjaGluZyB2aWRlbz8gVGhpcyBhcHAgaW50ZWxsaWdlbnRseSBvZmZlcnMgZ3JlYXQgY2xpcHMgZm9yIHlvdSB0byB3YXRjaCBuZXh0LiIsImFkZGVkQXQiOiIxMzk2NzA0MTE4NjgzIn1d"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_pgUnloadedOnce.enc" -  "dHJ1ZQ=="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_settings1.12.0.5" -  "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B9%B7%B8%B7%BB%A8%B2%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B8%BA%B6%B2%A8%F9%FA%E7%F3%F6%A8%C0%A8%B7%B6%B6%BF%E5%B7%A8%B2%A8%EF%F9%DA%EB%F9%FA%A8%C0%FA%F8%FB%EB%B2%A8%DB%F9%EB%F8%C9%F5%FB%F4%FA%F8%FF%C9%F5%EA%EB%A8%C0%A8%CD%C8%A8%B2%A8%EF%F9%DD%EB%F2%E9%F5%F3%EB%CB%FE%F6%EB%F8%EF%EB%F4%E9%EB%CB%F4%E7%E8%F2%EB%EA%C8%FF%CA%EB%EC%E7%FB%F2%FA%A8%C0%EC%E7%F2%F9%EB%B2%A8%CE%E7%EA%D6%CD%A8%C0%EC%E7%F2%F9%EB%B2%A8%F4%EB%FD%C7%F6%F6%F9%CB%FE%F6%EB%F8%EF%EB%F4%E9%EB%A8%C0%FA%F8%FB%EB%B2%A8%D4%EB%FD%C7%F6%F6%F9%C8%ED%C9%F5%F2%F5%F8%A8%C0%A8%CC%BD%CC%CB%CC%BA%A8%B2%A8%FA%F8%E7%E9%F1%EF%F4%ED%A8%C0ā%A8%ED%E7%A8%C0%FA%F8%FB%EB%B2%A8%EA%E8%A8%C0%FA%F8%FB%EBă%B2%A8%F9%EB%F8%FC%EF%E9%EB%F9%A8%C0%E1ā%A8%F4%E7%F3%EB%A8%C0%A8%E9%F5%F4%EC%EF%ED%FB%F8%E7%FA%EF%F5%F4%A8%B2%A8%FB%F8%F2%A8%C0%A8%EE%FA%FA%F6%C0%B5%B5%E9%F2%EF%EB%F4%FA%F9%EB%F8%FC%EF%E9%EB%B4%F3%E7%F3%B4%E9%F5%F4%EA%FB%EF%FA%B3%F9%EB%F8%FC%EF%E9%EB%F9%B4%E9%F5%F3%B5%E9%F5%F4%EC%EF%ED%FB%F8%E7%FA%EF%F5%F4%C5%E9%FA%EF%EA%C3%C9%DA%B9%B8%B8%B6%BA%BC%BE%AC%F9%FA%E7%F3%F6%C3%B7%B6%B6%BF%E5%B7%AC%E9%F5%FB%F4%FA%F8%FF%C3%CD%C8%AC%E8%F8%F5%FD%F9%EB%F8%C3%CB%C8%C8%D8%D5%DD%D9%CB%D8%AC%E8%F8%F5%FD%F9%EB%F8%FC%EB%F8%F9%EF%F5%F4%C3%CB%C8%C8%D8%D5%DD%D9%CB%D8%DC%CB%D8%D9%CF%D5%D4%A8%B2%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B8%BA%B6ă%B2ā%A8%F4%E7%F3%EB%A8%C0%A8%E7%F6%F6%F9%CA%E7%FA%E7%A8%B2%A8%FB%F8%F2%A8%C0%A8%EE%FA%FA%F6%C0%B5%B5%E9%F2%EF%EB%F4%FA%F9%EB%F8%FC%EF%E9%EB%B4%F3%E7%F3%B4%E9%F5%F4%EA%FB%EF%FA%B3%F9%EB%F8%FC%EF%E9%EB%F9%B4%E9%F5%F3%B5%E7%F6%F6%F9%EA%E7%FA%E7%C5%E9%FA%EF%EA%C3%C9%DA%B9%B8%B8%B6%BA%BC%BE%AC%F9%FA%E7%F3%F6%C3%B7%B6%B6%BF%E5%B7%AC%E9%F5%FB%F4%FA%F8%FF%C3%CD%C8%AC%E8%F8%F5%FD%F9%EB%F8%C3%CB%C8%C8%D8%D5%DD%D9%CB%D8%AC%E8%F8%F5%FD%F9%EB%F8%FC%EB%F8%F9%EF%F5%F4%C3%CB%C8%C8%D8%D5%DD%D9%CB%D8%DC%CB%D8%D9%CF%D5%D4%AC%AC%F2%F5%E9%E7%F2%C3%CB%C8%D2%D5%C9%C7%D2%CB%A8%B2%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B8%BA%B6ă%B2ā%A8%F4%E7%F3%EB%A8%C0%A8%F2%F5%E9%E7%F2%EFĀ%E7%FA%EF%F5%F4%A8%B2%A8%FB%F8%F2%A8%C0%A8%EE%FA%FA%F6%C0%B5%B5%F2%F5%E9%E7%F2%EFĀ%E7%FA%EF%F5%F4%F9%EB%F8%FC%EF%E9%EB%B4%F3%E7%F3%B4%E9%F5%F4%EA%FB%EF%FA%B4%E9%F5%F3%B5%ED%EB%FA%F6%F8%F5%EA%FB%E9%FA%FA%F8%E7%F4%F9%F2%E7%FA%EF%F5%F4%C5%F6%C3%F3%E7%F3%AC%F2%C3%CB%C8%D2%D5%C9%C7%D2%CB%A8%B2%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B7%BA%BA%B6ă%B2ā%A8%F4%E7%F3%EB%A8%C0%A8%F2%F5%ED%EF%F4%A8%B2%A8%FB%F8%F2%A8%C0%A8%EE%FA%FA%F6%C0%B5%B5%F3%E7%F3%B3%E7%F2%EF%FC%EB%B3%F3%F9%ED%B4%E9%F5%F4%EA%FB%EF%FA%B3%EA%E7%FA%E7%B4%E9%F5%F3%A8%B2%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B8%BA%B6ă%B2ā%A8%F4%E7%F3%EB%A8%C0%A8%FB%F9%E7%ED%EB%A8%B2%A8%FB%F8%F2%A8%C0%A8%EE%FA%FA%F6%C0%B5%B5%F3%E7%F3%B3%FB%F9%E7%ED%EB%B4%E9%F5%F4%EA%FB%EF%FA%B3%EA%E7%FA%E7%B4%E9%F5%F3%B5%A8%B2%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B8%BA%B6ă%B2ā%A8%F4%E7%F3%EB%A8%C0%A8%F9%EB%FA%FB%F6%C7%F6%EF%A8%B2%A8%FB%F8%F2%A8%C0%A8%EE%FA%FA%F6%C0%B5%B5%E9%B4%F9%EB%FA%FB%F6%E7%F6%EF%B4%FA%F5%F5%F2%E8%E7%F8%B4%E9%F5%F4%EA%FB%EF%FA%B3%F9%EB%F8%FC%EF%E9%EB%F9%B4%E9%F5%F3%B5%D6%F8%F5%F6%EB%F8%FA%EF%EB%F9%B5%F0%F9%F5%F4%B5%C9%DA%B9%B8%B8%B6%BA%BC%BE%B5%C9%C9%B5%CD%C8%A8%B2%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B8%BA%B6ă%B2ā%A8%F4%E7%F3%EB%A8%C0%A8%E7%F6%F6%F9%C9%F5%F4%EC%EF%ED%A8%B2%A8%FB%F8%F2%A8%C0%A8%EE%FA%FA%F6%C0%B5%B5%E9%F2%EF%EB%F4%FA%F9%EB%F8%FC%EF%E9%EB%B4%F3%E7%F3%B4%E9%F5%F4%EA%FB%EF%FA%B3%F9%EB%F8%FC%EF%E9%EB%F9%B4%E9%F5%F3%B5%E7%F6%F6%F9%C9%F5%F4%EC%EF%ED%C5%E9%FA%EF%EA%C3%C9%DA%B9%B8%B8%B6%BA%BC%BE%AC%F9%FA%E7%F3%F6%C3%B7%B6%B6%BF%E5%B7%AC%E9%F5%FB%F4%FA%F8%FF%C3%CD%C8%AC%E8%F8%F5%FD%F9%EB%F8%C3%CB%C8%C8%D8%D5%DD%D9%CB%D8%AC%E8%F8%F5%FD%F9%EB%F8%FC%EB%F8%F9%EF%F5%F4%C3%CB%C8%C8%D8%D5%DD%D9%CB%D8%DC%CB%D8%D9%CF%D5%D4%AC%F2%F5%E9%E7%F2%C3%CB%C8%D2%D5%C9%C7%D2%CB%A8%B2%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B8%BA%B6ă%E3ă%B2%A8%F2%E7%F9%FA%DB%F6%EA%E7%FA%EB%DA%EF%F3%EB%A8%C0%B7%B9%BE%BD%B7%B9%B7%B6%BB%BF%BC%BB%B8ă"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_settings1.12.0.5.enc" -  "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMTUiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwMDlfMSIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiR0IiLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsdCI6ZmFsc2UsIkhhZFBHIjpmYWxzZSwibmV3QXBwc0V4cGVyaWVuY2UiOnRydWUsIk5ld0FwcHNCZ0NvbG9yIjoiRjdGRUY0IiwidHJhY2tpbmciOnsiZ2EiOnRydWUsImRiIjp0cnVlfSwic2VydmljZXMiOlt7Im5hbWUiOiJjb25maWd1cmF0aW9uIiwidXJsIjoiaHR0cDovL2NsaWVudHNlcnZpY2UubWFtLmNvbmR1aXQtc2VydmljZXMuY29tL2NvbmZpZ3VyYXRpb24/Y3RpZD1DVDMyMjA0Njgmc3RhbXA9MTAwOV8xJmNvdW50cnk9R0ImYnJvd3Nlcj1FQkJST1dTRVImYnJvd3NlcnZlcnNpb249RUJCUk9XU0VSVkVSU0lPTiIsImludGVydmFsIjoyNDB9LHsibmFtZSI6ImFwcHNEYXRhIiwidXJsIjoiaHR0cDovL2NsaWVudHNlcnZpY2UubWFtLmNvbmR1aXQtc2VydmljZXMuY29tL2FwcHNkYXRhP2N0aWQ9Q1QzMjIwNDY4JnN0YW1wPTEwMDlfMSZjb3VudHJ5PUdCJmJyb3dzZXI9RUJCUk9XU0VSJmJyb3dzZXJ2ZXJzaW9uPUVCQlJPV1NFUlZFUlNJT04mJmxvY2FsPUVCTE9DQUxFIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoibG9jYWxpemF0aW9uIiwidXJsIjoiaHR0cDovL2xvY2FsaXphdGlvbnNlcnZpY2UubWFtLmNvbmR1aXQuY29tL2dldHByb2R1Y3R0cmFuc2xhdGlvbj9wPW1hbSZsPUVCTE9DQUxFIiwiaW50ZXJ2YWwiOjE0NDB9LHsibmFtZSI6ImxvZ2luIiwidXJsIjoiaHR0cDovL21hbS1hbGl2ZS1tc2cuY29uZHVpdC1kYXRhLmNvbSIsImludGVydmFsIjoyNDB9LHsibmFtZSI6InVzYWdlIiwidXJsIjoiaHR0cDovL21hbS11c2FnZS5jb25kdWl0LWRhdGEuY29tLyIsImludGVydmFsIjoyNDB9LHsibmFtZSI6InNldHVwQXBpIiwidXJsIjoiaHR0cDovL2Muc2V0dXBhcGkudG9vbGJhci5jb25kdWl0LXNlcnZpY2VzLmNvbS9Qcm9wZXJ0aWVzL2pzb24vQ1QzMjIwNDY4L0NDL0dCIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoiYXBwc0NvbmZpZyIsInVybCI6Imh0dHA6Ly9jbGllbnRzZXJ2aWNlLm1hbS5jb25kdWl0LXNlcnZpY2VzLmNvbS9hcHBzQ29uZmlnP2N0aWQ9Q1QzMjIwNDY4JnN0YW1wPTEwMDlfMSZjb3VudHJ5PUdCJmJyb3dzZXI9RUJCUk9XU0VSJmJyb3dzZXJ2ZXJzaW9uPUVCQlJPV1NFUlZFUlNJT04mbG9jYWw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MjQwfV19LCJsYXN0VXBkYXRlVGltZSI6MTM4NzEzMTA1OTY1Mn0="
[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned: "CT3220468.mam_gk_settings1.13.0.17.enc" -  "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDA0MDUiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwOV8wIiwiUlRLIjoiSDRzSUFBQUFBQUFFQU95OUIyQWNTWllsSmk5dHludCUyZlN2VksxJTJiQjBvUWlBWUJNazJKQkFFT3pCaU0zbWt1d2RhVWNqS2FzcWdjcGxWbVZkWmhaQXpPMmR2UGZlZSUyYiUyYjk5OTU3NzczM3VqdWRUaWYzMyUyZjglMmZYR1prQVd6MnprcmF5WjRoZ0tySUh6OSUyYmZCOCUyZkluWjNkJTJmWiUyYiUyZjkzZHV6djM3dTd0N081djd6NTR0SFB3NlA2OSUyZnljQUFQJTJmJTJmalAyekF4Z0FBQUElM2QiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IkdCIiwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQiOmZhbHNlLCJIYWRQRyI6ZmFsc2UsIm5ld0FwcHNFeHBlcmllbmNlIjp0cnVlLCJOZXdBcHBzQmdDb2xvciI6IkY3RkVGNCIsInRyYWNraW5nIjp7ImdhIjp0cnVlLCJkYiI6dHJ1ZX0sInNlcnZpY2VzIjpbeyJuYW1lIjoiY29uZmlndXJhdGlvbiIsInVybCI6Imh0dHA6Ly9jbGllbnRzZXJ2aWNlLm1hbS5jb25kdWl0LXNlcnZpY2VzLmNvbS9jb25maWd1cmF0aW9uP2N0aWQ9Q1QzMjIwNDY4JnN0YW1wPTEwOV8wJmNvdW50cnk9R0ImYnJvd3Nlcj1FQkJST1dTRVImYnJvd3NlcnZlcnNpb249RUJCUk9XU0VSVkVSU0lPTiIsImludGVydmFsIjoyNDB9LHsibmFtZSI6ImFwcHNEYXRhIiwidXJsIjoiaHR0cDovL2NsaWVudHNlcnZpY2UubWFtLmNvbmR1aXQtc2VydmljZXMuY29tL2FwcHNkYXRhP2N0aWQ9Q1QzMjIwNDY4JnN0YW1wPTEwOV8wJmNvdW50cnk9R0ImYnJvd3Nlcj1FQkJST1dTRVImYnJvd3NlcnZlcnNpb249RUJCUk9XU0VSVkVSU0lPTiYmbG9jYWw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MjQwfSx7Im5hbWUiOiJsb2NhbGl6YXRpb24iLCJ1cmwiOiJodHRwOi8vbG9jYWxpemF0aW9uc2VydmljZS5tYW0uY29uZHVpdC5jb20vZ2V0cHJvZHVjdHRyYW5zbGF0aW9uP3A9bWFtJmw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MTQ0MH0seyJuYW1lIjoibG9naW4iLCJ1cmwiOiJodHRwOi8vbWFtLWFsaXZlLW1zZy5jb25kdWl0LWRhdGEuY29tIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoidXNhZ2UiLCJ1cmwiOiJodHRwOi8vbWFtLXVzYWdlLmNvbmR1aXQtZGF0YS5jb20vIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoic2V0dXBBcGkiLCJ1cmwiOiJodHRwOi8vYy5zZXR1cGFwaS50b29sYmFyLmNvbmR1aXQtc2VydmljZXMuY29tL1Byb3BlcnRpZXMvanNvbi9DVDMyMjA0NjgvQ0MvR0IiLCJpbnRlcnZhbCI6MjQwfSx7Im5hbWUiOiJhcHBzQ29uZmlnIiwidXJsIjoiaHR0cDovL2NsaWVudHNlcnZpY2UubWFtLmNvbmR1aXQtc2VydmljZXMuY29tL2FwcHNDb25maWc/Y3RpZD1DVDMyMjA0Njgmc3RhbXA9MTA5XzAmY291bnRyeT1HQiZicm93c2VyPUVCQlJPV1NFUiZicm93c2VydmVyc2lvbj1FQkJST1dTRVJWRVJTSU9OJmxvY2FsPUVCTE9DQUxFIiwiaW50ZXJ2YWwiOjI0MH1dfSwibGFzdFVwZGF0ZVRpbWUiOjEzOTY3MDQxMTgxNjd9"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_settings1.4.3.1.enc" -  "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsdCI6dHJ1ZSwiSGFkUEciOmZhbHNlLCJuZXdBcHBzRXhwZXJpZW5jZSI6ZmFsc2UsInRyYWNraW5nIjp7ImdhIjp0cnVlLCJkYiI6dHJ1ZX0sInNlcnZpY2VzIjpbeyJuYW1lIjoiY29uZmlndXJhdGlvbiIsInVybCI6Imh0dHA6Ly9jbGllbnRzZXJ2aWNlLm1hbS5jb25kdWl0LXNlcnZpY2VzLmNvbS9jb25maWd1cmF0aW9uP2N0aWQ9Q1QzMjIwNDY4JnN0YW1wPTYxXy0xJmNvdW50cnk9R0ImYnJvd3Nlcj1FQkJST1dTRVImYnJvd3NlcnZlcnNpb249RUJCUk9XU0VSVkVSU0lPTiIsImludGVydmFsIjoyNDB9LHsibmFtZSI6ImFwcHNEYXRhIiwidXJsIjoiaHR0cDovL2NsaWVudHNlcnZpY2UubWFtLmNvbmR1aXQtc2VydmljZXMuY29tL2FwcHNkYXRhP2N0aWQ9Q1QzMjIwNDY4JnN0YW1wPTYxXy0xJmNvdW50cnk9R0ImYnJvd3Nlcj1FQkJST1dTRVImYnJvd3NlcnZlcnNpb249RUJCUk9XU0VSVkVSU0lPTiYmbG9jYWw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MjQwfSx7Im5hbWUiOiJsb2NhbGl6YXRpb24iLCJ1cmwiOiJodHRwOi8vbG9jYWxpemF0aW9uc2VydmljZS5tYW0uY29uZHVpdC5jb20vZ2V0cHJvZHVjdHRyYW5zbGF0aW9uP3A9bWFtJmw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MTQ0MH0seyJuYW1lIjoibG9naW4iLCJ1cmwiOiJodHRwOi8vbWFtLWFsaXZlLW1zZy5jb25kdWl0LWRhdGEuY29tIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoidXNhZ2UiLCJ1cmwiOiJodHRwOi8vbWFtLXVzYWdlLmNvbmR1aXQtZGF0YS5jb20vIiwiaW50ZXJ2YWwiOjI0MH1dfSwibGFzdFVwZGF0ZVRpbWUiOjEzNjI1NjM0NTY5MjF9"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_settings1.4.3.2.enc" -  "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsdCI6dHJ1ZSwiSGFkUEciOmZhbHNlLCJuZXdBcHBzRXhwZXJpZW5jZSI6ZmFsc2UsInRyYWNraW5nIjp7ImdhIjp0cnVlLCJkYiI6dHJ1ZX0sInNlcnZpY2VzIjpbeyJuYW1lIjoiY29uZmlndXJhdGlvbiIsInVybCI6Imh0dHA6Ly9jbGllbnRzZXJ2aWNlLm1hbS5jb25kdWl0LXNlcnZpY2VzLmNvbS9jb25maWd1cmF0aW9uP2N0aWQ9Q1QzMjIwNDY4JnN0YW1wPTYxXy0xJmNvdW50cnk9R0ImYnJvd3Nlcj1FQkJST1dTRVImYnJvd3NlcnZlcnNpb249RUJCUk9XU0VSVkVSU0lPTiIsImludGVydmFsIjoyNDB9LHsibmFtZSI6ImFwcHNEYXRhIiwidXJsIjoiaHR0cDovL2NsaWVudHNlcnZpY2UubWFtLmNvbmR1aXQtc2VydmljZXMuY29tL2FwcHNkYXRhP2N0aWQ9Q1QzMjIwNDY4JnN0YW1wPTYxXy0xJmNvdW50cnk9R0ImYnJvd3Nlcj1FQkJST1dTRVImYnJvd3NlcnZlcnNpb249RUJCUk9XU0VSVkVSU0lPTiYmbG9jYWw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MjQwfSx7Im5hbWUiOiJsb2NhbGl6YXRpb24iLCJ1cmwiOiJodHRwOi8vbG9jYWxpemF0aW9uc2VydmljZS5tYW0uY29uZHVpdC5jb20vZ2V0cHJvZHVjdHRyYW5zbGF0aW9uP3A9bWFtJmw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MTQ0MH0seyJuYW1lIjoibG9naW4iLCJ1cmwiOiJodHRwOi8vbWFtLWFsaXZlLW1zZy5jb25kdWl0LWRhdGEuY29tIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoidXNhZ2UiLCJ1cmwiOiJodHRwOi8vbWFtLXVzYWdlLmNvbmR1aXQtZGF0YS5jb20vIiwiaW50ZXJ2YWwiOjI0MH1dfSwibGFzdFVwZGF0ZVRpbWUiOjEzNjI4NjEyODMwNTZ9"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_settings1.4.4.6.enc" -  "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQiOnRydWUsIkhhZFBHIjpmYWxzZSwibmV3QXBwc0V4cGVyaWVuY2UiOmZhbHNlLCJ0cmFja2luZyI6eyJnYSI6dHJ1ZSwiZGIiOnRydWV9LCJzZXJ2aWNlcyI6W3sibmFtZSI6ImNvbmZpZ3VyYXRpb24iLCJ1cmwiOiJodHRwOi8vY2xpZW50c2VydmljZS5tYW0uY29uZHVpdC1zZXJ2aWNlcy5jb20vY29uZmlndXJhdGlvbj9jdGlkPUNUMzIyMDQ2OCZzdGFtcD0yMTVfLTEmY291bnRyeT1HQiZicm93c2VyPUVCQlJPV1NFUiZicm93c2VydmVyc2lvbj1FQkJST1dTRVJWRVJTSU9OIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoiYXBwc0RhdGEiLCJ1cmwiOiJodHRwOi8vY2xpZW50c2VydmljZS5tYW0uY29uZHVpdC1zZXJ2aWNlcy5jb20vYXBwc2RhdGE/Y3RpZD1DVDMyMjA0Njgmc3RhbXA9MjE1Xy0xJmNvdW50cnk9R0ImYnJvd3Nlcj1FQkJST1dTRVImYnJvd3NlcnZlcnNpb249RUJCUk9XU0VSVkVSU0lPTiYmbG9jYWw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MjQwfSx7Im5hbWUiOiJsb2NhbGl6YXRpb24iLCJ1cmwiOiJodHRwOi8vbG9jYWxpemF0aW9uc2VydmljZS5tYW0uY29uZHVpdC5jb20vZ2V0cHJvZHVjdHRyYW5zbGF0aW9uP3A9bWFtJmw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MTQ0MH0seyJuYW1lIjoibG9naW4iLCJ1cmwiOiJodHRwOi8vbWFtLWFsaXZlLW1zZy5jb25kdWl0LWRhdGEuY29tIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoidXNhZ2UiLCJ1cmwiOiJodHRwOi8vbWFtLXVzYWdlLmNvbmR1aXQtZGF0YS5jb20vIiwiaW50ZXJ2YWwiOjI0MH1dfSwibGFzdFVwZGF0ZVRpbWUiOjEzNjc2ODQ2NTAxMzZ9"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_settings1.6.0.1.enc" -  "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQiOnRydWUsIkhhZFBHIjpmYWxzZSwibmV3QXBwc0V4cGVyaWVuY2UiOmZhbHNlLCJ0cmFja2luZyI6eyJnYSI6dHJ1ZSwiZGIiOnRydWV9LCJzZXJ2aWNlcyI6W3sibmFtZSI6ImNvbmZpZ3VyYXRpb24iLCJ1cmwiOiJodHRwOi8vY2xpZW50c2VydmljZS5tYW0uY29uZHVpdC1zZXJ2aWNlcy5jb20vY29uZmlndXJhdGlvbj9jdGlkPUNUMzIyMDQ2OCZzdGFtcD0yMTVfLTEmY291bnRyeT1HQiZicm93c2VyPUVCQlJPV1NFUiZicm93c2VydmVyc2lvbj1FQkJST1dTRVJWRVJTSU9OIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoiYXBwc0RhdGEiLCJ1cmwiOiJodHRwOi8vY2xpZW50c2VydmljZS5tYW0uY29uZHVpdC1zZXJ2aWNlcy5jb20vYXBwc2RhdGE/Y3RpZD1DVDMyMjA0Njgmc3RhbXA9MjE1Xy0xJmNvdW50cnk9R0ImYnJvd3Nlcj1FQkJST1dTRVImYnJvd3NlcnZlcnNpb249RUJCUk9XU0VSVkVSU0lPTiYmbG9jYWw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MjQwfSx7Im5hbWUiOiJsb2NhbGl6YXRpb24iLCJ1cmwiOiJodHRwOi8vbG9jYWxpemF0aW9uc2VydmljZS5tYW0uY29uZHVpdC5jb20vZ2V0cHJvZHVjdHRyYW5zbGF0aW9uP3A9bWFtJmw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MTQ0MH0seyJuYW1lIjoibG9naW4iLCJ1cmwiOiJodHRwOi8vbWFtLWFsaXZlLW1zZy5jb25kdWl0LWRhdGEuY29tIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoidXNhZ2UiLCJ1cmwiOiJodHRwOi8vbWFtLXVzYWdlLmNvbmR1aXQtZGF0YS5jb20vIiwiaW50ZXJ2YWwiOjI0MH1dfSwibGFzdFVwZGF0ZVRpbWUiOjEzNjk2NjAxNjAyNjJ9"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_settings1.8.0.4.enc" -  "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMTUiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg0XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IkdCIiwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQiOnRydWUsIkhhZFBHIjpmYWxzZSwibmV3QXBwc0V4cGVyaWVuY2UiOnRydWUsIk5ld0FwcHNCZ0NvbG9yIjoiRjdGRUY0IiwidHJhY2tpbmciOnsiZ2EiOnRydWUsImRiIjp0cnVlfSwic2VydmljZXMiOlt7Im5hbWUiOiJjb25maWd1cmF0aW9uIiwidXJsIjoiaHR0cDovL2NsaWVudHNlcnZpY2UubWFtLmNvbmR1aXQtc2VydmljZXMuY29tL2NvbmZpZ3VyYXRpb24/Y3RpZD1DVDMyMjA0Njgmc3RhbXA9ODRfMCZjb3VudHJ5PUdCJmJyb3dzZXI9RUJCUk9XU0VSJmJyb3dzZXJ2ZXJzaW9uPUVCQlJPV1NFUlZFUlNJT04iLCJpbnRlcnZhbCI6MjQwfSx7Im5hbWUiOiJhcHBzRGF0YSIsInVybCI6Imh0dHA6Ly9jbGllbnRzZXJ2aWNlLm1hbS5jb25kdWl0LXNlcnZpY2VzLmNvbS9hcHBzZGF0YT9jdGlkPUNUMzIyMDQ2OCZzdGFtcD04NF8wJmNvdW50cnk9R0ImYnJvd3Nlcj1FQkJST1dTRVImYnJvd3NlcnZlcnNpb249RUJCUk9XU0VSVkVSU0lPTiYmbG9jYWw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MjQwfSx7Im5hbWUiOiJsb2NhbGl6YXRpb24iLCJ1cmwiOiJodHRwOi8vbG9jYWxpemF0aW9uc2VydmljZS5tYW0uY29uZHVpdC5jb20vZ2V0cHJvZHVjdHRyYW5zbGF0aW9uP3A9bWFtJmw9RUJMT0NBTEUiLCJpbnRlcnZhbCI6MTQ0MH0seyJuYW1lIjoibG9naW4iLCJ1cmwiOiJodHRwOi8vbWFtLWFsaXZlLW1zZy5jb25kdWl0LWRhdGEuY29tIiwiaW50ZXJ2YWwiOjI0MH0seyJuYW1lIjoidXNhZ2UiLCJ1cmwiOiJodHRwOi8vbWFtLXVzYWdlLmNvbmR1aXQtZGF0YS5jb20vIiwiaW50ZXJ2YWwiOjI0MH1dfSwibGFzdFVwZGF0ZVRpbWUiOjEzODcxMzA3NjE3MDl9"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_showCloseButton.enc" -  "dHJ1ZQ=="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_showWelcomeGadget" -  "%EC%E7%F2%F9%EB"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_showWelcomeGadget.enc" -  "ZmFsc2U="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_stamp" -  "%B7%B6%BF%E5%B6"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_stamp.enc" -  "MTA5XzA="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_userBornDate" -  "%D4%B5%C7"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_userBornDate.enc" -  "Ti9B"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_userId" -  "%BD%BA%EA%BC%E8%BE%EC%BC%B3%BC%B6%BF%B6%B3%BA%B6%E8%B6%B3%BE%E7%EB%E8%B3%B6%EA%B6%BA%BD%BE%E7%B9%B7%BA%EC%EA"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_userId.enc" -  "NzRkNmI4ZjYtNjA5MC00MGIwLThhZWItMGQwNDc4YTMxNGZk"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_user_approval_interacted" -  "%B7"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_user_approval_interacted.enc" -  "MQ=="
[-] Chrome preferences cleaned: "CT3220468.mam_gk_user_apps_selection.enc" -  ""
[-] Chrome preferences cleaned: "CT3220468.mam_gk_welcomeDialogMode" -  "%B7"
[-] Chrome preferences cleaned: "CT3220468.mam_gk_welcomeDialogMode.enc" -  "MQ=="
[-] Chrome preferences cleaned: "CT3220468.migrateAppsAndComponents" -  true
[-] Chrome preferences cleaned: "CT3220468.navigationAliasesJson" -  "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://uTorrentControlv2.OurToolbar.com/\",\"EB_TOOLBAR_ID\":\"CT3220468\",\"EB_TOOLBAR_VERSION\":\"10.29.0.520\",\"EB_ORIGINAL_CTID\":\"CT3220468\",\"EB_DOWNLOAD_PAGE\":\"hxxp://uTorrentControlv2.OurToolbar.com/\",\"EB_TOOLBAR_NAME\":\"uTorrentControl_v2 \"}"
[-] Chrome preferences cleaned: "CT3220468.openThankYouPage" -  "true"
[-] Chrome preferences cleaned: "CT3220468.openUninstallPage" -  "FALSE"
[-] Chrome preferences cleaned: "CT3220468.performedDomainChangesMigration" -  "true"
[-] Chrome preferences cleaned: "CT3220468.price-gong.isManagedApp" -  "true"
[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned: "CT3220468.search.searchAppId" -  "129813684258939747"
[-] Chrome preferences cleaned: "CT3220468.search.searchCount" -  "1"
[-] Chrome preferences cleaned: "CT3220468.searchInNewTabEnabledByUser" -  "true"
[-] Chrome preferences cleaned: "CT3220468.searchInNewTabEnabledInHidden" -  "true"
[-] Chrome preferences cleaned: "CT3220468.searchSuggestEnabledByUser" -  "false"
[-] Chrome preferences cleaned: "CT3220468.selectToSearchBoxEnabled" -  "{\"dataType\":\"string\",\"data\":\"true\"}"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_service_login_isFirstLoginInvoked" -  "{\"dataType\":\"boolean\",\"data\":\"true\"}"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_service_login_loginCount" -  "{\"dataType\":\"number\",\"data\":\"4\"}"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_service_toolbarGrouping_activeCTID" -  "{\"dataType\":\"string\",\"data\":\"CT3220468\"}"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl" -  "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName" -  "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2 \"}"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_service_toolbarGrouping_invoked" -  "{\"dataType\":\"string\",\"data\":\"true\"}"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_service_usage_toolbarUsageCount" -  "{\"dataType\":\"number\",\"data\":\"2\"}"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_Configuration_lastUpdate" -  "1401633345137"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate" -  "1401633342651"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_appsMetadata_lastUpdate" -  "1401633342971"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate" -  "1401633325612"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_location_lastUpdate" -  "1387131163645"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate" -  "1353253359999"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate" -  "1358873656123"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate" -  "1361980030218"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate" -  "1364412921844"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate" -  "1367684760901"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate" -  "1387131163989"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_login_10.22.3.518_lastUpdate" -  "1396704088214"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_login_10.29.0.520_lastUpdate" -  "1401633325890"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate" -  "1401633325415"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_searchAPI_lastUpdate" -  "1401633344583"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_serviceMap_lastUpdate" -  "1401633325316"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_setupAPI_lastUpdate" -  "1364398524671"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate" -  "1401633325540"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_toolbarSettings_lastUpdate" -  "1401633325727"
[-] Chrome preferences cleaned: "CT3220468.serviceLayer_services_translation_lastUpdate" -  "1401633325476"
[-] Chrome preferences cleaned: "CT3220468.settingsINI" -  true
[-] Chrome preferences cleaned: "CT3220468.shouldFirstTimeDialog" -  "false"
[-] Chrome preferences cleaned: "CT3220468.showToolbarPermission" -  "false"
[-] Chrome preferences cleaned: "CT3220468.smartbar.CTID" -  "CT3220468"
[-] Chrome preferences cleaned: "CT3220468.smartbar.Uninstall" -  "0"
[-] Chrome preferences cleaned: "CT3220468.smartbar.toolbarName" -  "uTorrentControl_v2 "
[-] Chrome preferences cleaned: "CT3220468.toolbarBornServerTime" -  "30-9-2012"
[-] Chrome preferences cleaned: "CT3220468.toolbarCurrentServerTime" -  "1-6-2014"
[-] Chrome preferences cleaned: "CT3220468.toolbarDisabled" -  "true"
[-] Chrome preferences cleaned: "CT3220468.toolbarLoginClientTime" -  "Thu Mar 28 2013 14:25:33 GMT+0000 (GMT Standard Time)"
[-] Chrome preferences cleaned: "CT3220468.upgradeFromClearSBVersion" -  true
[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned: "CT3220468_Firefox.csv" -  "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1401633323084,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"
[-] Chrome preferences cleaned: "browser.search.defaultengine" -  "Ask.com"
[-] Chrome preferences cleaned: "extensions.APN_TB.first-previous-keyword-url" -  ""
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._1gMembers_.options.defaultSearch" -  false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._1gMembers_.options.homePageEnabled" -  false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._1gMembers_.options.keywordEnabled" -  false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._1gMembers_.options.tabEnabled" -  false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._1gMembers_.toolbar.ownSearch" -  false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark.hp.enabled" -  false
[-] Chrome preferences cleaned: "extentions.y2layers.installId" -  "0f291f02-340f-4e99-ac47-6da9994a199c"
[-] Chrome preferences cleaned: "extentions.y2layers.lastDnsTest" -  372093
[-] Chrome preferences cleaned:
[-] Chrome preferences cleaned: "plugin.state.npconduitfirefoxplugin" -  2
[-] Chrome preferences cleaned: "smartBar.searchInNewTabOwner" -  "CT3220468"
[-] Chrome preferences cleaned: "smartbar.machineId" -  "2TICXAQISD0HFBCRFKSXZNPZCJVQHZKEYSAZ0QGT2BKWLGQFQ0JBWFKQSFC/IVCGYFORGAQFBKS/RLOYPFZS1A"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E+x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E - x305.storedInFile", true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E-x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E.:2z527.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E.x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E/x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E06CG5EL8:" -  "6E6C71716D7172737674"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E06CG5EL8:.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E06CG5EL;8I:K" -  "247E2D2F226A74727777737778797C7A242F4B49474F42357D5D5C3D"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E06CG5EL;8I:K.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E0x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E1x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E2x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E31;[email protected];KN%PEH.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E3x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E4x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E5x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E6x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E7x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E8x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E9x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E:x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E;x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E<x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E=x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E>x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7E?x305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./[email protected]" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7EAx305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7EBE3G=;D9N9=D" -  "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7EBE3G=;D9N9=D.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7EBx305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7ECx305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7EDx305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B+7Etx305.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B-0?3G>D" -  "6A6E6D41723E6D6F7A45724647207C7E7E4B25504E50232A522921592C2A2D585A5C5F5F"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B-0?3G>D.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./[email protected]:5;" -  ""
[-] Chrome preferences cleaned: "valueApps.CT3220468./[email protected]:5;.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B-0?3GFA7EF" -  "2B2E2C3D"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B-0?3GFA7EF.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B-3=3ECCJA=F>" -  "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B-3=3ECCJA=F>.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B/>01=9A6K6<IM;[email protected]" -  "6A696B7273747576"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B/>01=9A6K6<IM;[email protected]" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B3=>@44I48?" -  "372C2D32697576334236334148474C213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B3=>@44I48?.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B5BA==9CJAG" -  "393C6F3E706B6F737A6F437A464A75797B7C4E237A"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B5BA==9CJAG.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B6B11G4C56B>F;P;[email protected]" -  "6E6C71716D7172737175757A79"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B6B11G4C56B>F;P;[email protected]" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./[email protected];7B=?OFB>>RHIQS" -  "393F352F3E"
[-] Chrome preferences cleaned: "valueApps.CT3220468./[email protected];7B=?OFB>>RHIQS.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B9643G3/9E" -  "6A"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B9643G3/9E.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B;45>:BI9I7IE" -  "2B2E2C3D"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B;45>:BI9I7IE.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B<:222H64<" -  "393F352F3E"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B<:222H64<.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B<:222H64<L8DAJ" -  "6D70706E76746F7977772A7977727A7975207D"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B<:222H64<L8DAJ.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B=+03EH8H8J?:" -  "4443"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B=+03EH8H8J?:.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B?+E2A52D8" -  "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B?+E2A52D8.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B?B0D:8AJ62<H" -  "6D"
[-] Chrome preferences cleaned: "valueApps.CT3220468./9B?B0D:8AJ62<H.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468./[email protected]<0BI6A7GN:[email protected]?" -  "6C"
[-] Chrome preferences cleaned: "valueApps.CT3220468./[email protected]<0BI6A7GN:[email protected]?.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.PG_ENABLE" -  "74727565"
[-] Chrome preferences cleaned: "valueApps.CT3220468.PG_ENABLE.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.SF_JUST_INSTALLED" -  "46414C5345"
[-] Chrome preferences cleaned: "valueApps.CT3220468.SF_JUST_INSTALLED.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468._key_edilia__uID" -  "31653765643166372D343134342D343062652D623034612D636132333866373165366165"
[-] Chrome preferences cleaned: "valueApps.CT3220468._key_edilia__uID.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.cb_user_id_000" -  "43423932353835393431313236385F313335383332393239353935345F46697265666F78"
[-] Chrome preferences cleaned: "valueApps.CT3220468.cb_user_id_000.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.cbfirsttime" -  "53756E2053657020333020323031322030393A31393A343020474D542B303130302028474D54204461796C696768742054696D6529"
[-] Chrome preferences cleaned: "valueApps.CT3220468.cbfirsttime.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_appStateReportTime" -  "31343031363333333630313433"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_appStateReportTime.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_appState_CouponBuddy" -  "6F6E"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_appState_CouponBuddy.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_appState_PriceGong" -  "6F6E"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_appState_PriceGong.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_appsConfig.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_appsDefaultEnabled" -  "6E756C6C"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_appsDefaultEnabled.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_calledSetupService" -  "31"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_calledSetupService.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_currentBadgeValue" -  "31"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_currentBadgeValue.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_currentVersion" -  "312E31332E302E3137"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_currentVersion.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_eventsCache.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_existingUsersRecoveryDone" -  "31"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_existingUsersRecoveryDone.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_first_time" -  "31"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_first_time.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_lastLoginTime" -  "31343031363333333630343530"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_lastLoginTime.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_localization.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_mamEnabled" -  "66616C7365"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_mamEnabled.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_migrated_from_ls" -  "31"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_migrated_from_ls.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_newApps" -  "5B5D"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_newApps.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_settings1.13.0.17.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_showWelcomeGadget" -  "66616C7365"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_showWelcomeGadget.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_stamp" -  "3130395F30"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_stamp.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_userBornDate" -  "4E2F41"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_userBornDate.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_userId" -  "37346436623866362D363039302D343062302D386165622D306430343738613331346664"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_userId.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_user_approval_interacted" -  "31"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_user_approval_interacted.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_welcomeDialogMode" -  "31"
[-] Chrome preferences cleaned: "valueApps.CT3220468.mam_gk_welcomeDialogMode.storedInFile" -  false
[-] Chrome preferences cleaned: "valueApps.CT3220468.url_history0001.storedInFile" -  true
[-] Chrome preferences cleaned: "valueApps.storage.mam_gk_userId" -  "37346436623866362D363039302D343062302D386165622D306430343738613331346664"
[-] [C:\Users\Deana\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: aaaaojmikegpiepcfdkkjaplodkpfmlo
[-] [C:\Users\Deana\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: TCP/IP settings cleared
:: IPSec settings cleared
:: IE policies deleted
:: Chrome policies deleted
:: Chrome preferences reset: C:\Users\Deana\AppData\Local\Google\Chrome\User Data\Default

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [62844 Bytes] - [09/10/2016 01:19:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [64603 Bytes] - [09/10/2016 00:43:06]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [62992 Bytes] ##########
 


  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi cr00901124

Ok. Please run the following tools. :)

Step1 - Junkware Removal Tool

Download Junkware Removal Tool by Malwarebytes and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.


Step2 - Run Malwarebytes again


Launch Malwarebytes Anti-Malware
[The MBAM dashboard may appear with an alert to update - click the button Fix Now;

    Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.

MBAM_settings_zps3dey1yqg.jpg

Return to the Dashboard click on Scan Now;

MBAM_scan_zpsoqfjupkt.jpg

If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
Copy and Paste the contents of the log in your next reply.


Step3 - ESET online scan

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Step4 - Fresh FRST logs
  • Please run Farbars Recovery Scan Tool again.  Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.

    If it's easier you can post each log in a separate post. :)

    Things for your next post:
  • JRT.txt
  • MBAM log
  • ESET log
  • FRST and Addition logs
  • Any change to how the computer is running?

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP