Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for BubbleHit

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is BubbleHit?

The Malwarebytes research team has determined that BubbleHit is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by BubbleHit?

You may see this entry in your list of installed programs:

warning4.png

and these warnings during install:

main.png

warning1.png

warning2.png

and these screens when the game is about to start:

warning3.png

How did BubbleHit get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove BubbleHit?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of BubbleHit?
  • No, Malwarebytes' Anti-Malware removes BubbleHit completely.
  • The shortcut called Bubble Hit by GamePacks on the desktop can be deleted if it belonged to the rogue.
  • You could be redirected to our Restore Browser page. You can read there how to fix additional browser redirect methods.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the BubbleHit adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late.

protection1.png


Technical details for experts

Possible signs in FRST logs:
 (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
 HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
 FF DefaultSearchEngine: SweetIM search
 FF DefaultSearchUrl: 
 FF SelectedSearchEngine: SweetIM search
 FF Homepage: hxxp://home.sweetim.com/?crg=3.56010003&st=12&barid={barGUID}
 FF Keyword.URL: hxxp://search.sweetim.com/search.asp?src=2&barid={barGUID}&q=
 FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\searchplugins\SweetIM Search.xml [2016-05-11]
 FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\searchplugins\sweetim.xml [2016-05-11]
 FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2016-05-11] <==== ATTENTION
 R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1277744 2013-05-16] ()
 C:\ProgramData\SweetIM
 C:\Program Files (x86)\SweetIM
 C:\Users\Public\Desktop\Bubble Hit by GamePacks.lnk
 C:\Windows\SysWOW64\WNLT
 C:\Windows\SysWOW64\mjcm
 C:\Windows\SysWOW64\jmdp
 C:\Windows\SysWOW64\ARFC
 C:\Windows\system32\tprb
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamePacks
 C:\Program Files (x86)\sweetpacks bundle uninstaller
 C:\Program Files (x86)\SweetPacks
 C:\Windows\system32\dmwu.exe
 (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll
 C:\Users\{username}\AppData\Local\Temp\BrokerMediumIntegrity.exe
 C:\Users\{username}\AppData\Local\Temp\GenericUninstall.exe
 C:\Users\{username}\AppData\Local\Temp\mgsqlite3.dll
 C:\Users\{username}\AppData\Local\Temp\uninstaller.exe
 C:\Users\{username}\AppData\Local\Temp\WhiteLabelSetup.exe
 C:\Users\{username}\AppData\Local\Temp\WSSetup.exe

Bubble Hit Bundle by SweetPacks (HKLM-x32\...\Bubble Hit Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION
Bubble Hit by GamePacks (HKLM-x32\...\Bubble Hit by GamePacks) (Version: 1 - SweetIM Technologies LTD) <==== ATTENTION
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
SweetPacks Updater (x32 Version: 4.0.1.0 - ) Hidden <==== ATTENTION
() C:\Windows\system32\dmwu.exe
FirewallRules: [{C4850434-A1D8-41B2-8280-F7D84D16F659}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{E61685E1-22E1-4F63-9554-5A268CEA6E05}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{FB21A74D-A36D-403A-B957-A4DE53FE3FC9}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{B7E0D1F5-3D00-46F9-B129-B3DC5CEE38E6}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe

Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    In the existing folder C:\Program Files (x86)\Mozilla Firefox
       Adds the file firefox.cfg"="5/11/2016 10:04 AM, 1 bytes, A
    Adds the folder C:\Program Files (x86)\Mozilla Firefox\defaults\preferences
       Adds the file autoconfig.js"="5/11/2016 10:04 AM, 1 bytes, A
    Adds the folder C:\Program Files (x86)\SweetIM\Messenger
       Adds the file ContentPackagesActivationHandler.exe"="10/4/2012 4:34 PM, 143704 bytes, A
       Adds the file default.xml"="10/4/2012 4:39 PM, 462 bytes, RA
       Adds the file mgAdaptersProxy.dll"="10/4/2012 4:34 PM, 26968 bytes, RA
       Adds the file mgArchive.dll"="10/4/2012 4:34 PM, 86360 bytes, RA
       Adds the file mgcommon.dll"="10/4/2012 4:34 PM, 516440 bytes, RA
       Adds the file mgcommunication.dll"="10/4/2012 4:34 PM, 36696 bytes, RA
       Adds the file mgconfig.dll"="10/4/2012 4:34 PM, 65880 bytes, RA
       Adds the file mgFlashPlayer.dll"="10/4/2012 4:34 PM, 151896 bytes, RA
       Adds the file mghooking.dll"="10/4/2012 4:34 PM, 168280 bytes, RA
       Adds the file mgICQAuto.dll"="10/4/2012 4:34 PM, 172376 bytes, A
       Adds the file mgICQMessengerAdapter.dll"="10/4/2012 4:34 PM, 303448 bytes, A
       Adds the file mglogger.dll"="10/4/2012 4:34 PM, 37720 bytes, RA
       Adds the file mgMediaPlayer.dll"="10/4/2012 4:34 PM, 82264 bytes, RA
       Adds the file mgMsnAuto.dll"="10/4/2012 4:35 PM, 44376 bytes, RA
       Adds the file mgMsnMessengerAdapter.dll"="10/4/2012 4:35 PM, 414040 bytes, RA
       Adds the file mgsimcommon.dll"="10/4/2012 4:35 PM, 98648 bytes, RA
       Adds the file mgSweetIM.dll"="10/4/2012 4:35 PM, 643416 bytes, RA
       Adds the file mgUpdateSupport.dll"="10/4/2012 4:35 PM, 299352 bytes, RA
       Adds the file mgxml_wrapper.dll"="10/4/2012 4:35 PM, 74072 bytes, RA
       Adds the file mgYahooAuto.dll"="10/4/2012 4:35 PM, 90456 bytes, RA
       Adds the file mgYahooMessengerAdapter.dll"="10/4/2012 4:35 PM, 188760 bytes, RA
       Adds the file msvcp71.dll"="7/11/2006 6:35 PM, 503808 bytes, A
       Adds the file msvcr71.dll"="7/11/2006 6:35 PM, 348160 bytes, A
       Adds the file SweetIM.exe"="10/4/2012 4:34 PM, 115032 bytes, RA
    Adds the folder C:\Program Files (x86)\SweetIM\Messenger\resources\images
    Adds the folder C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite
       Adds the file mgSqlite3.dll"="10/4/2012 4:39 PM, 393016 bytes, RA
    Adds the folder C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks
       Adds the file Bubble Hit by GamePacks.exe"="8/13/2012 3:29 PM, 186880 bytes, A
       Adds the file bubbles_icon.ico"="12/11/2012 1:06 PM, 34494 bytes, A
       Adds the file settings.ini"="5/11/2016 10:04 AM, 144 bytes, A
       Adds the file sweetpacks.ico"="8/12/2012 4:43 PM, 37406 bytes, A
       Adds the file uninstall.exe"="5/11/2016 10:04 AM, 75103 bytes, A
    Adds the folder C:\Program Files (x86)\sweetpacks bundle uninstaller
       Adds the file uninstaller.exe"="5/11/2016 10:02 AM, 377856 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamePacks\Bubble Hit by GamePacks
       Adds the file Bubble Hit by GamePacks.lnk"="5/11/2016 10:04 AM, 2294 bytes, A
    Adds the folder C:\ProgramData\SweetIM\Messenger\conf
       Adds the file adapter.xml"="10/4/2012 4:39 PM, 225 bytes, RA
       Adds the file autoupdate.xml"="10/4/2012 4:39 PM, 533 bytes, RA
       Adds the file contentpackages.xml"="10/4/2012 4:39 PM, 104 bytes, RA
       Adds the file logger.xml"="10/4/2012 4:39 PM, 8142 bytes, RA
       Adds the file messages.xml"="10/4/2012 4:39 PM, 1802 bytes, RA
       Adds the file sweetim.xml"="10/4/2012 4:39 PM, 1206 bytes, RA
       Adds the file sweetimapp.xml"="10/4/2012 4:39 PM, 214 bytes, RA
    Adds the folder C:\ProgramData\SweetIM\Messenger\conf\users
       Adds the file main_user_config.xml"="10/4/2012 4:39 PM, 594 bytes, A
    Adds the folder C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100
       Adds the file bar.html"="10/4/2012 4:39 PM, 1321 bytes, RA
       Adds the file bar.js"="10/4/2012 4:39 PM, 658 bytes, RA
       Adds the file bar.swf"="10/4/2012 4:39 PM, 53874 bytes, RA
    Adds the folder C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200
       Adds the file bar.html"="10/4/2012 4:39 PM, 1321 bytes, RA
       Adds the file bar.js"="10/4/2012 4:39 PM, 658 bytes, RA
       Adds the file bar.swf"="10/4/2012 4:39 PM, 53874 bytes, RA
    Adds the folder C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400
       Adds the file bar.html"="10/4/2012 4:39 PM, 1321 bytes, RA
       Adds the file bar.js"="10/4/2012 4:39 PM, 658 bytes, RA
       Adds the file bar.swf"="10/4/2012 4:39 PM, 53673 bytes, RA
    Adds the folder C:\ProgramData\SweetIM\Messenger\data\contentdb
       Adds the file cache_indx.dat"="10/4/2012 4:39 PM, 17 bytes, A
    Adds the folder C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog
       Adds the file activationFail.htm"="10/4/2012 4:39 PM, 3316 bytes, RA
       Adds the file close_but.gif"="10/4/2012 4:39 PM, 908 bytes, RA
       Adds the file failure_dialog_BG.jpg"="10/4/2012 4:39 PM, 72670 bytes, RA
    Adds the folder C:\ProgramData\SweetIM\Messenger\logs
    Adds the folder C:\ProgramData\SweetIM\Messenger\update
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\searchplugins
       Adds the file SweetIM Search.xml"="5/11/2016 10:04 AM, 4115 bytes, A
       Adds the file sweetim.xml"="5/11/2016 10:04 AM, 528 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file Bubble Hit by GamePacks.lnk"="5/11/2016 10:04 AM, 2270 bytes, A
    In the existing folder C:\Windows\System32
       Adds the file dmwu.exe"="5/16/2013 2:32 PM, 1277744 bytes, A
       Adds the file ImHttpComm.dll"="5/16/2013 2:31 PM, 35328 bytes, A
       Adds the file msvcp100.dll"="5/16/2013 2:02 PM, 608080 bytes, A
       Adds the file msvcr100.dll"="5/16/2013 2:02 PM, 829264 bytes, A
    Adds the folder C:\Windows\System32\tprb
       Adds the file dnkt.exe"="4/17/2016 1:12 PM, 922064 bytes, A
       Adds the file ImHttpComm.dll"="4/17/2016 1:06 PM, 33792 bytes, A
       Adds the file msvcp100.dll"="4/13/2016 12:47 PM, 608080 bytes, A
       Adds the file msvcr100.dll"="4/13/2016 12:47 PM, 829264 bytes, A
    Adds the folder C:\Windows\System32\tprb\5159
       Adds the file ImHttpComm.dll"="4/17/2016 1:06 PM, 33792 bytes, A
       Adds the file msvcp100.dll"="4/13/2016 12:47 PM, 608080 bytes, A
       Adds the file msvcr100.dll"="4/13/2016 12:47 PM, 829264 bytes, A
       Adds the file nsib.dll"="4/17/2016 1:12 PM, 2003920 bytes, A
    Adds the folder C:\Windows\SysWOW64\ARFC
       Adds the file msvcp100.dll"="5/16/2013 2:02 PM, 421200 bytes, A
       Adds the file msvcr100.dll"="5/16/2013 2:02 PM, 773968 bytes, A
       Adds the file wrtc.exe"="5/16/2013 2:32 PM, 21808 bytes, A
    Adds the folder C:\Windows\SysWOW64\jmdp
       Adds the file SweetNT.crx"="5/16/2013 11:37 AM, 70739 bytes, A
    Adds the folder C:\Windows\SysWOW64\mjcm
       Adds the file dnkt.exe"="4/17/2016 1:12 PM, 781776 bytes, A
       Adds the file ImHttpComm.dll"="4/17/2016 1:02 PM, 27136 bytes, A
       Adds the file msvcp100.dll"="4/13/2016 12:47 PM, 421200 bytes, A
       Adds the file msvcr100.dll"="4/13/2016 12:47 PM, 773968 bytes, A
    Adds the folder C:\Windows\SysWOW64\mjcm\5159
       Adds the file ImHttpComm.dll"="4/17/2016 1:02 PM, 27136 bytes, A
       Adds the file msvcp100.dll"="4/13/2016 12:47 PM, 421200 bytes, A
       Adds the file msvcr100.dll"="4/13/2016 12:47 PM, 773968 bytes, A
       Adds the file nsib.dll"="4/17/2016 1:12 PM, 1597392 bytes, A
    Adds the folder C:\Windows\SysWOW64\WNLT\Installation
       Adds the file NTSetup.exe"="4/17/2016 1:12 PM, 65792 bytes, A
       Adds the file SKSetup.exe"="5/11/2016 10:04 AM, 3432680 bytes, A
       Adds the file uninstaller.exe"="5/11/2016 10:04 AM, 121857 bytes, A
    Adds the folder C:\Windows\SysWOW64\WNLT\InstallationFiles\Injector

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B]
       "AlwaysInstall"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B]
       "AdvertiseFlags"="REG_DWORD", 388
       "Assignment"="REG_DWORD", 1
       "AuthorizedLUAApp"="REG_DWORD", 0
       "Clients"="REG_MULTI_SZ, ": "
       "DeploymentFlags"="REG_DWORD", 3
       "InstanceType"="REG_DWORD", 0
       "Language"="REG_DWORD", 1033
       "PackageCode"="REG_SZ", "82CCEE1E8FD48404899B2A911703C80E"
       "ProductIcon"="REG_SZ", "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\ARPPRODUCTICON.exe"
       "ProductName"="REG_SZ", "SweetIM for Messenger 3.7"
       "Version"="REG_DWORD", 50790407
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B\SourceList]
       "LastUsedSource"="REG_EXPAND_SZ, "n;1;C:\Users\{username}1\AppData\Local\Temp\{44F93D9F-6C52-4DD2-8AE8-45DB1102C75C}\"
       "PackageName"="REG_SZ", "SweetIMSetup.msi"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B\SourceList\Media]
       "1"="REG_SZ", "DISK1;1"
       "DiskPrompt"="REG_SZ", "[1]"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B\SourceList\Net]
       "1"="REG_EXPAND_SZ, "C:\Users\{username}1\AppData\Local\Temp\{44F93D9F-6C52-4DD2-8AE8-45DB1102C75C}\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632]
       "B2FD9C0A5B9838449838816A28001F4B"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaPlayer.GraphicsUtils]
       "(Default)"="REG_SZ", "GraphicsUtils Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaPlayer.GraphicsUtils\CLSID]
       "(Default)"="REG_SZ", "{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaPlayer.GraphicsUtils\CurVer]
       "(Default)"="REG_SZ", "MediaPlayer.GraphicsUtils.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1]
       "(Default)"="REG_SZ", "GraphicsUtils Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1\CLSID]
       "(Default)"="REG_SZ", "{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MgMediaPlayer.GifAnimator]
       "(Default)"="REG_SZ", "GifAnimator Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MgMediaPlayer.GifAnimator\CLSID]
       "(Default)"="REG_SZ", "{82AC53B4-164C-4B07-A016-437A8388B81A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MgMediaPlayer.GifAnimator\CurVer]
       "(Default)"="REG_SZ", "MgMediaPlayer.GifAnimator.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1]
       "(Default)"="REG_SZ", "GifAnimator Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1\CLSID]
       "(Default)"="REG_SZ", "{82AC53B4-164C-4B07-A016-437A8388B81A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sim-packages]
       "(Default)"="REG_SZ", "URL:sim-packages Protocol"
       "URL Protocol"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sim-packages\DefaultIcon]
       "(Default)"="REG_SZ", "ContentPackagesActivationHandler.exe,1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sim-packages\shell\open\command]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}\1.0]
       "(Default)"="REG_SZ", "SweetIM mgMediaPlayer 1.0 Type Library"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\PROGRA~2\SweetIM\MESSEN~1\MGMEDI~1.DLL"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}\1.0\FLAGS]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\SweetIM\Messenger\\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}]
       "(Default)"="REG_SZ", "GifAnimator Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\Control]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll"
       "InprocServer32"="REG_MULTI_SZ, "H*Xb[*Ff$=IzVH^Q0-1c>+DciAqfuq8B^f-OE1I&? "
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\Insertable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\MiscStatus]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\MiscStatus\1]
       "(Default)"="REG_SZ", "131473"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\ProgID]
       "(Default)"="REG_SZ", "MgMediaPlayer.GifAnimator.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\ToolboxBitmap32]
       "(Default)"="REG_SZ", "C:\PROGRA~2\SweetIM\MESSEN~1\MGMEDI~1.DLL, 101"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\TypeLib]
       "(Default)"="REG_SZ", "{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\Version]
       "(Default)"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "MgMediaPlayer.GifAnimator"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}]
       "(Default)"="REG_SZ", "GraphicsUtils Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll"
       "InprocServer32"="REG_MULTI_SZ, "H*Xb[*Ff$=IzVH^Q0-1c>+DciAqfuq8B^f-OE1I&? "
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}\ProgID]
       "(Default)"="REG_SZ", "MediaPlayer.GraphicsUtils.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}\TypeLib]
       "(Default)"="REG_SZ", "{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "MediaPlayer.GraphicsUtils"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}]
       "(Default)"="REG_SZ", "IGifAnimator"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}\TypeLib]
       "(Default)"="REG_SZ", "{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}]
       "(Default)"="REG_SZ", "IGraphicsUtils"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}\ProxyStubClsid]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}\TypeLib]
       "(Default)"="REG_SZ", "{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
       "Path"="REG_SZ", "C:\Program Files (x86)\SweetIM\Messenger\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\WNLT]
       "SVID"="REG_DWORD", 5159
       "URL"="REG_SZ", "SIM"
       "VID"="REG_DWORD", 4010
    [HKEY_LOCAL_MACHINE\SOFTWARE\WNLT\Aos\3]
       "AS"="REG_DWORD", 1
       "NIR"="REG_DWORD", 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\WNLT\UIP]
       "UIS"="REG_DWORD", 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
       "SweetIM"="REG_SZ", "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}]
       "AuthorizedCDFPrefix"="REG_SZ", ""
       "Comments"="REG_SZ", ""
       "Contact"="REG_SZ", "SweetIM Technical Support Department"
       "DisplayName"="REG_SZ", "SweetIM for Messenger 3.7"
       "DisplayVersion"="REG_SZ", "3.7.0007"
       "EstimatedSize"="REG_DWORD", 5252
       "HelpLink"="REG_EXPAND_SZ, "http://www.sweetim.com"
       "HelpTelephone"="REG_SZ", ""
       "InstallDate"="REG_SZ", "20160511"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\SweetIM\Messenger\"
       "InstallSource"="REG_SZ", "C:\Users\{username}1\AppData\Local\Temp\{44F93D9F-6C52-4DD2-8AE8-45DB1102C75C}\"
       "Language"="REG_DWORD", 1033
       "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /X{A0C9DF2B-89B5-4483-8983-18A68200F1B4}"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "SweetIM Technologies Ltd."
       "Readme"="REG_SZ", ""
       "Size"="REG_SZ", ""
       "SystemComponent"="REG_DWORD", 1
       "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /X{A0C9DF2B-89B5-4483-8983-18A68200F1B4}"
       "URLInfoAbout"="REG_SZ", "http://www.sweetim.com"
       "URLUpdateInfo"="REG_SZ", "http://www.sweetim.com"
       "Version"="REG_DWORD", 50790407
       "VersionMajor"="REG_DWORD", 3
       "VersionMinor"="REG_DWORD", 7
       "WindowsInstaller"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Bubble Hit Bundle by SweetPacks]
       "AppsToRemoveList"="REG_SZ", "Bubble Hit by GamePacks, SweetIM for Messenger 3.7, SweetPacks Updater"
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe"
       "DisplayName"="REG_SZ", "Bubble Hit Bundle by SweetPacks"
       "DisplayVersion"="REG_SZ", "1.0.0.0"
       "InstalledApps"="REG_BINARY, (zero length data)
       "Publisher"="REG_SZ", "SweetPacks LTD"
       "SweetProducts"="REG_SZ", "C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks\uninstall.exe "/dir=C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks"  "/product=Bubble Hit by GamePacks"@@@"C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe" /qn@@@MsiExec.exe /X{A0C9DF2B-89B5-4483-8983-18A68200F1B4} /qn@@@"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" "/appName=Bubble Hit Bundle by SweetPacks" "/linkurl=http://lp.sweetim.com/SweetPacksBundleUninstaller" "/sweettext=SweetIM (SweetIM for Messenger, Toolbar, Update Manager)""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Bubble Hit by GamePacks]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks\\Bubble Hit by GamePacks.exe"
       "DisplayName"="REG_SZ", "Bubble Hit by GamePacks"
       "DisplayVersion"="REG_SZ", "1"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "SweetIM Technologies LTD"
       "UninstallString"="REG_SZ", "C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks\uninstall.exe "/dir=C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks"  "/product=Bubble Hit by GamePacks""
       "URLInfoAbout"="REG_SZ", "http://www.sweetpacks.com/"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT]
       "DisplayIcon"="REG_SZ", ""C:\Windows\system32\msiexec.exe""
       "DisplayName"="REG_SZ", "SweetPacks Updater"
       "DisplayVersion"="REG_SZ", "4.0.1.0"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "SystemComponent"="REG_DWORD", 1
       "UninstallString"="REG_SZ", ""C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe""
       "VersionMajor"="REG_DWORD", 1
       "VersionMinor"="REG_DWORD", 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM]
       "simapp_id"="REG_SZ", "{barGUID}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger]
       "DataDir"="REG_SZ", "C:\ProgramData\SweetIM\Messenger\"
       "InstallDir"="REG_SZ", "C:\Program Files (x86)\SweetIM\Messenger\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Adapters]
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Adapters\1]
       "DLL"="REG_SZ", "mgMsnMessengerAdapter.dll"
       "Hash"="REG_SZ", "98b707ba31f88d1d73d451fa78f9a40f"
       "TargetProcess"="REG_SZ", "msnmsgr.exe"
       "Type"="REG_SZ", "Adapter"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Adapters\2]
       "DLL"="REG_SZ", "mgYahooMessengerAdapter.dll"
       "Hash"="REG_SZ", "d4e613326ba2a2c3d1704908f4ae726b"
       "TargetProcess"="REG_SZ", "YahooMessenger.exe"
       "Type"="REG_SZ", "Adapter"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Adapters\3]
       "DLL"="REG_SZ", "mgYahooMessengerAdapter.dll"
       "Hash"="REG_SZ", "8488902188c6b2c9db17214798414723"
       "TargetProcess"="REG_SZ", "YPager.exe"
       "Type"="REG_SZ", "Adapter"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Adapters\4]
       "DLL"="REG_SZ", "mgICQMessengerAdapter.dll"
       "Hash"="REG_SZ", "988b4cfc80d727ad6ec99acb8a4903c7"
       "TargetProcess"="REG_SZ", "icq.exe"
       "Type"="REG_SZ", "Adapter"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization]
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\ICQ\Mod\1]
       "CheckIfRunning"="REG_SZ", "ICQ.exe"
       "KeyName"="REG_SZ", "Software\Microsoft\Windows\CurrentVersion\Run"
       "KeyParent"="REG_SZ", "HKEY_CURRENT_USER"
       "ValueName"="REG_SZ", "ICQ"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\ICQ\Run\1]
       "CheckIfRunning"="REG_SZ", "ICQ.exe"
       "FileName"="REG_SZ", ""
       "KeyName"="REG_SZ", "Software\Microsoft\Windows\CurrentVersion\Run"
       "KeyParent"="REG_SZ", "HKEY_CURRENT_USER"
       "Type"="REG_SZ", "Registry"
       "ValueName"="REG_SZ", "ICQ"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\ICQ\Run\2]
       "CheckIfRunning"="REG_SZ", "ICQ.exe"
       "FileName"="REG_SZ", ""
       "KeyName"="REG_SZ", "Software\Microsoft\Windows\CurrentVersion\App Paths\ICQ.exe"
       "KeyParent"="REG_SZ", "HKEY_LOCAL_MACHINE"
       "Type"="REG_SZ", "Registry"
       "ValueName"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\MSN\Mod\1]
       "CheckIfRunning"="REG_SZ", "msnmsgr.exe"
       "KeyName"="REG_SZ", "Software\Microsoft\Windows\CurrentVersion\Run"
       "KeyParent"="REG_SZ", "HKEY_CURRENT_USER"
       "ValueName"="REG_SZ", "msnmsgr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\MSN\Run\1]
       "CheckIfRunning"="REG_SZ", "msnmsgr.exe"
       "FileName"="REG_SZ", "msnmsgr.exe"
       "KeyName"="REG_SZ", "Software\Microsoft\MSNMessenger"
       "KeyParent"="REG_SZ", "HKEY_LOCAL_MACHINE"
       "Type"="REG_SZ", "Registry"
       "ValueName"="REG_SZ", "InstallationDirectory"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\MSN\Run\2]
       "CheckIfRunning"="REG_SZ", "msnmsgr.exe"
       "FileWithPath"="REG_SZ", "\MSN Messenger\msnmsgr.exe"
       "ShellFolderCode"="REG_SZ", "CSIDL_PROGRAM_FILES"
       "Type"="REG_SZ", "File"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\MSN\Run\3]
       "CheckIfRunning"="REG_SZ", "msnmsgr.exe"
       "FileWithPath"="REG_SZ", "\Windows Live\Messenger\msnmsgr.exe"
       "ShellFolderCode"="REG_SZ", "CSIDL_PROGRAM_FILES"
       "Type"="REG_SZ", "File"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\Yahoo\Mod\1]
       "CheckIfRunning"="REG_SZ", "YahooMessenger.exe,YPager.exe"
       "KeyName"="REG_SZ", "Software\Microsoft\Windows\CurrentVersion\Run"
       "KeyParent"="REG_SZ", "HKEY_CURRENT_USER"
       "ValueName"="REG_SZ", "Yahoo! Pager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\Yahoo\Mod\2]
       "CheckIfRunning"="REG_SZ", "YahooMessenger.exe,YPager.exe"
       "KeyName"="REG_SZ", "Software\Microsoft\Windows\CurrentVersion\Run"
       "KeyParent"="REG_SZ", "HKEY_CURRENT_USER"
       "ValueName"="REG_SZ", "Messenger (Yahoo!)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\Yahoo\Run\1]
       "CheckIfRunning"="REG_SZ", "YahooMessenger.exe,YPager.exe"
       "FileName"="REG_SZ", ""
       "KeyName"="REG_SZ", "Software\Classes\YPager.Messenger\shell\open\command"
       "KeyParent"="REG_SZ", "HKEY_LOCAL_MACHINE"
       "Type"="REG_SZ", "Registry"
       "ValueName"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\Yahoo\Run\2]
       "CheckIfRunning"="REG_SZ", "YahooMessenger.exe,YPager.exe"
       "FileWithPath"="REG_SZ", "\Yahoo!\Messenger\YahooMessenger.exe"
       "ShellFolderCode"="REG_SZ", "CSIDL_PROGRAM_FILES"
       "Type"="REG_SZ", "File"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\Yahoo\Run\3]
       "CheckIfRunning"="REG_SZ", "YahooMessenger.exe,YPager.exe"
       "FileWithPath"="REG_SZ", "\Yahoo!\Messenger\YPager.exe"
       "ShellFolderCode"="REG_SZ", "CSIDL_PROGRAM_FILES"
       "Type"="REG_SZ", "File"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM\Messenger\Initialization\Yahoo\Run\4]
       "CheckIfRunning"="REG_SZ", "YahooMessenger.exe,YPager.exe"
       "FileName"="REG_SZ", ""
       "KeyName"="REG_SZ", "Software\Microsoft\Windows\CurrentVersion\Run"
       "KeyParent"="REG_SZ", "HKEY_CURRENT_USER"
       "Type"="REG_SZ", "Registry"
       "ValueName"="REG_SZ", "Yahoo! Pager"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IBUpdaterService]
       "ErrorControl"="REG_DWORD", 1
       "FailureActions"="REG_BINARY, ..............
       "ImagePath"="REG_EXPAND_SZ, "%SystemRoot%\system32\dmwu.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "ServiceSidType"="REG_DWORD", 1
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
    [HKEY_CURRENT_USER\Software\IM]
       "BE"="REG_DWORD", 7
       "CARGO"="REG_SZ", "crg=3.56010003&st=23"
       "CAT"="REG_DWORD", 12
       "CH"="REG_DWORD", 12
       "COM"="REG_DWORD", 44
       "IWI"="REG_DWORD", 87
       "LL"="REG_DWORD", 98
       "SIMAPPID"="REG_SZ", "{barGUID}"
       "UPN2"="REG_SZ", "92551138012452987"
    [HKEY_CURRENT_USER\Software\IM\26]
       "BA"="REG_DWORD", 72
       "CK"="REG_DWORD", 88
       "FY"="REG_DWORD", 54
       "MEI"="REG_DWORD", 54
       "PLI"="REG_DWORD", 46
       "SOON"="REG_DWORD", 76
    [HKEY_CURRENT_USER\Software\ImInstaller]
       "NTF"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\SweetIM]
       "simapp_id"="REG_SZ", "{barGUID}"
    [HKEY_CURRENT_USER\Software\SweetIM\Install]
       "ff_user_selected_ds"="REG_DWORD", 0
       "ff_user_selected_hp"="REG_DWORD", 0
       "gc_user_selected_ds"="REG_DWORD", 0
       "gc_user_selected_hp"="REG_DWORD", 0
       "ie_user_selected_ds"="REG_DWORD", 0
       "ie_user_selected_hp"="REG_DWORD", 0
       "user_selected_ds"="REG_DWORD", 1
       "user_selected_hp"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\SweetIM\Toolbars\Firefox]
       "IsUpgrade"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT]
       "AN"="REG_DWORD", 96
       "ANT"="REG_DWORD", 48
       "BILL"="REG_DWORD", 84
       "FIFO"="REG_DWORD", 19
       "GOCH"="REG_DWORD", 8
       "LRTS"="REG_DWORD", 1462953884
       "LUP"="REG_BINARY, 92551138012452987.
       "LVID"="REG_DWORD", 4010
       "OUC"="REG_DWORD", 96
       "URL"="REG_SZ", "SIM"
    [HKEY_CURRENT_USER\Software\WNLT\Aos]
       "LUP"="REG_BINARY, 92551138012452987.
       "LVID"="REG_DWORD", 4010
    [HKEY_CURRENT_USER\Software\WNLT\Aos\1]
       "LAS"="REG_DWORD", 0
       "LIS"="REG_DWORD", 0
       "LNIR"="REG_DWORD", 0
       "LVID"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\100]
       "LAS"="REG_DWORD", 0
       "LIS"="REG_DWORD", 0
       "LNIR"="REG_DWORD", 0
       "LVID"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\101]
       "LAS"="REG_DWORD", 3
       "LNIR"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\102]
       "LAS"="REG_DWORD", 3
       "LNIR"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\103]
       "LAS"="REG_DWORD", 0
       "LNIR"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\104]
       "LAS"="REG_DWORD", 0
       "LNIR"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\105]
       "LAS"="REG_DWORD", 0
       "LNIR"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\106]
       "LAS"="REG_DWORD", 3
       "LNIR"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\107]
       "LAS"="REG_DWORD", 1
       "LNIR"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\108]
       "LAS"="REG_DWORD", 1
       "LNIR"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\109]
       "LAS"="REG_DWORD", 0
       "LIS"="REG_DWORD", 0
       "LNIR"="REG_DWORD", 0
       "LVID"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\2]
       "LAS"="REG_DWORD", 0
       "LIS"="REG_DWORD", 0
       "LNIR"="REG_DWORD", 0
       "LVID"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\Aos\3]
       "LAS"="REG_DWORD", 0
       "LIS"="REG_DWORD", 0
       "LNIR"="REG_DWORD", 0
       "LVID"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\WNLT\WRTC\GLII]
       "LIT"="REG_DWORD", 3130343

An excerpt from the Malwarebytes Anti-Malware scan log:
(full log available on request)
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/11/2016
Scan Time: 10:42 AM
Logfile: mbamBubbleHit.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.11.01
Rootkit Database: v2016.05.06.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 310916
Time Elapsed: 9 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe, 1952, Delete-on-Reboot, [217c18bc3564b1855f10470ae81cd030]
Adware.InstallBrain, C:\Windows\System32\dmwu.exe, 2516, Delete-on-Reboot, [7a238153504976c0724ba99632d16898]

Modules: 14
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Delete-on-Reboot, [554809cb4257e84e79f656fb739131cf], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Delete-on-Reboot, [554809cb4257e84e79f656fb739131cf], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Delete-on-Reboot, [554809cb4257e84e79f656fb739131cf], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll, Delete-on-Reboot, [e4b9993be6b31f17da9558f9d82c817f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll, Delete-on-Reboot, [5845a2324257ae88620de170ff05ec14], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll, Delete-on-Reboot, [900d3b99c8d138fe5916252c8e762ad6], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll, Delete-on-Reboot, [9c014e86badfb581aec1f55cf50f3fc1], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll, Delete-on-Reboot, [495434a01e7b84b2125dc38e15ef9e62], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll, Delete-on-Reboot, [910c637174256dc9313e3e131ce827d9], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll, Delete-on-Reboot, [4756e1f34d4ce84e5b148dc4be46cf31], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll, Delete-on-Reboot, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll, Delete-on-Reboot, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll, Delete-on-Reboot, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll, Delete-on-Reboot, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 

Registry Keys: 29
PUP.Optional.Perion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WNLT, Quarantined, [7825f5df5b3e0f271399534c3dc542be], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\SweetIM, Quarantined, [c5d8bf15fa9fff3782617f0b13f09b65], 
Adware.InstallBrain, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService, Quarantined, [7a238153504976c0724ba99632d16898], 
PUP.Optional.SweetIM, HKCU\SOFTWARE\SweetIM, Quarantined, [84190dc72277c4727a65f39703008878], 
PUP.Optional.InstallBrain, HKCU\SOFTWARE\WNLT, Quarantined, [2c71bb1944554aec383d0971c63d926e], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\TYPELIB\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A439801C-961D-452C-AB42-7848E9CBD289}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A439801C-961D-452C-AB42-7848E9CBD289}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\MgMediaPlayer.GifAnimator.1, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\MgMediaPlayer.GifAnimator, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MgMediaPlayer.GifAnimator, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MgMediaPlayer.GifAnimator, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MgMediaPlayer.GifAnimator.1, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MgMediaPlayer.GifAnimator.1, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\MediaPlayer.GraphicsUtils.1, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\MediaPlayer.GraphicsUtils, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MediaPlayer.GraphicsUtils, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MediaPlayer.GraphicsUtils, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MediaPlayer.GraphicsUtils.1, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MediaPlayer.GraphicsUtils.1, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetIM, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Bubble Hit Bundle by SweetPacks, Quarantined, [85186f65ff9a14227bf2b1e355ad35cb], 

Registry Values: 6
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SweetIM, C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe, Quarantined, [217c18bc3564b1855f10470ae81cd030]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{C4850434-A1D8-41B2-8280-F7D84D16F659}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\System32\dmwu.exe|Name=dmwu|, Quarantined, [0499686c0c8d4aecce16b40c33d055ab]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{E61685E1-22E1-4F63-9554-5A268CEA6E05}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\System32\dmwu.exe|Name=dmwu|, Quarantined, [5b42993b73267cba568e10b0c43f12ee]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{FB21A74D-A36D-403A-B957-A4DE53FE3FC9}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\SysWOW64\ARFC\wrtc.exe|Name=wrtc|, Quarantined, [afeeffd5e4b5dd5922c1c6fa62a1837d]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{B7E0D1F5-3D00-46F9-B129-B3DC5CEE38E6}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\SysWOW64\ARFC\wrtc.exe|Name=wrtc|, Quarantined, [adf0fdd7d8c17db9bf240eb2778ca65a]
PUP.Optional.InstallBrain, HKCU\SOFTWARE\WNLT|URL, SIM, Quarantined, [2c71bb1944554aec383d0971c63d926e]

Registry Data: 0
(No malicious items detected)

Folders: 29
PUP.Optional.Perion, C:\Windows\SysWOW64\ARFC, Quarantined, [ccd1f7dd2b6e2c0a9911376813efa65a], 
PUP.Optional.Perion, C:\Windows\SysWOW64\WNLT, Quarantined, [7825f5df5b3e0f271399534c3dc542be], 
PUP.Optional.SweetIM, C:\Windows\SysWOW64\jmdp, Quarantined, [14893d97891065d133a92d5d0003e31d], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM, Delete-on-Reboot, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetPacks, C:\Program Files (x86)\SweetPacks, Quarantined, [55488153fe9b3bfb1954573d778b7987], 
PUP.Optional.SweetPacks, C:\Program Files (x86)\sweetpacks bundle uninstaller, Quarantined, [85186f65ff9a14227bf2b1e355ad35cb], 
PUP.Optional.SweetIM, C:\ProgramData\SweetIM, Quarantined, [f6a7bf158712a49201bb9604ea18669a], 
PUP.Optional.SweetIM, C:\ProgramData\SweetIM\Messenger, Quarantined, [f6a7bf158712a49201bb9604ea18669a], 

Files: 78
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll, Delete-on-Reboot, [554809cb4257e84e79f656fb739131cf], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe, Delete-on-Reboot, [217c18bc3564b1855f10470ae81cd030], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll, Delete-on-Reboot, [e4b9993be6b31f17da9558f9d82c817f], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll, Delete-on-Reboot, [5845a2324257ae88620de170ff05ec14], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll, Delete-on-Reboot, [900d3b99c8d138fe5916252c8e762ad6], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll, Delete-on-Reboot, [9c014e86badfb581aec1f55cf50f3fc1], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll, Delete-on-Reboot, [495434a01e7b84b2125dc38e15ef9e62], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll, Delete-on-Reboot, [910c637174256dc9313e3e131ce827d9], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll, Delete-on-Reboot, [4756e1f34d4ce84e5b148dc4be46cf31], 
PUP.Optional.SweetIM, C:\Users\{username}\Desktop\bubblehit.exe, Quarantined, [97069242eaaf36006f0090c1877df50b], 
PUP.Optional.SweetIM, C:\Users\{username}\AppData\Local\Temp\mgsqlite3.7z, Quarantined, [b6e723b13465ef47b3bcf25f93713cc4], 
PUP.Optional.SweetIM, C:\Users\{username}\AppData\Local\Temp\mgsqlite3.dll, Quarantined, [bae3864ebadf1d19125d153cc73dc739], 
PUP.Optional.SweetPacks, C:\Users\{username}\AppData\Local\Temp\SweetIESetup.exe.7z, Quarantined, [1e7f0bc98316e94d9ab1d30855ae946c], 
PUP.Optional.Perion, C:\Users\{username}\AppData\Local\Temp\WSSetup.exe, Quarantined, [d7c672623c5d61d5e4660356b74a48b8], 
PUP.Optional.SweetIM, C:\Windows\Installer\129d84.msi, Quarantined, [5746696b8316af871c53a1b04eb6ee12], 
PUP.Optional.Perion, C:\Windows\SysWOW64\ARFC\wrtc.exe, Quarantined, [ccd1f7dd2b6e2c0a9911376813efa65a], 
PUP.Optional.Perion, C:\Windows\SysWOW64\ARFC\msvcp100.dll, Quarantined, [ccd1f7dd2b6e2c0a9911376813efa65a], 
PUP.Optional.Perion, C:\Windows\SysWOW64\ARFC\msvcr100.dll, Quarantined, [ccd1f7dd2b6e2c0a9911376813efa65a], 
PUP.Optional.Perion, C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe, Quarantined, [7825f5df5b3e0f271399534c3dc542be], 
PUP.Optional.Perion, C:\Windows\SysWOW64\WNLT\Installation\NTSetup.exe, Quarantined, [7825f5df5b3e0f271399534c3dc542be], 
PUP.Optional.Perion, C:\Windows\SysWOW64\WNLT\Installation\SKSetup.exe, Quarantined, [7825f5df5b3e0f271399534c3dc542be], 
PUP.Optional.SweetIM, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\searchplugins\SweetIM Search.xml, Quarantined, [a0fd9f354b4e54e29741eb9f2cd75ba5], 
PUP.Optional.SweetIM, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\searchplugins\sweetim.xml, Quarantined, [d0cdebe9f9a079bdbc1c4e3cfc070ef2], 
PUP.Optional.SweetIM, C:\Windows\SysWOW64\jmdp\SweetNT.crx, Quarantined, [14893d97891065d133a92d5d0003e31d], 
Adware.InstallBrain, C:\Windows\System32\dmwu.exe, Delete-on-Reboot, [7a238153504976c0724ba99632d16898], 
PUP.Optional.SweetIM, C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll, Quarantined, [504daa2a6b2e88ae7ee1e1b3ce34bd43], 
PUP.Optional.SweetPacks, C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks\Bubble Hit by GamePacks.exe, Quarantined, [55488153fe9b3bfb1954573d778b7987], 
PUP.Optional.SweetPacks, C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks\bubbles_icon.ico, Quarantined, [55488153fe9b3bfb1954573d778b7987], 
PUP.Optional.SweetPacks, C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks\settings.ini, Quarantined, [55488153fe9b3bfb1954573d778b7987], 
PUP.Optional.SweetPacks, C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks\sweetpacks.ico, Quarantined, [55488153fe9b3bfb1954573d778b7987], 
PUP.Optional.SweetPacks, C:\Program Files (x86)\SweetPacks\Bubble Hit by GamePacks\uninstall.exe, Quarantined, [55488153fe9b3bfb1954573d778b7987], 
PUP.Optional.SweetPacks, C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe, Quarantined, [85186f65ff9a14227bf2b1e355ad35cb], 
PUP.Optional.SweetIM, C:\ProgramData\SweetIM\Messenger\conf\adapter.xml, Quarantined, [f6a7bf158712a49201bb9604ea18669a], 
PUP.Optional.SweetIM, C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100\bar.html, Quarantined, [f6a7bf158712a49201bb9604ea18669a], 
PUP.Optional.SweetIM, C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm, Quarantined, [f6a7bf158712a49201bb9604ea18669a], 
PUP.Optional.SweetIM, C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog\close_but.gif, Quarantined, [f6a7bf158712a49201bb9604ea18669a], 
PUP.Optional.SweetIM, C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg, Quarantined, [f6a7bf158712a49201bb9604ea18669a], 
PUP.Optional.SweetIM, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.sweetim.com/search.asp?src=2&barid={barGUID}&q=");), Replaced,[1d80973dd1c8ed492843cb932cd831cf]
PUP.Optional.SweetIM, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "http://home.sweetim.com), Replaced,[287562720e8be94d0a53e57fac5818e8]

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.