PDA

View Full Version : Please Help Win32.Downloader.gen



the1dbg
2014-07-25, 00:22
Here are the logs that were specified in the Win32.Downloader.gen FAQ.

HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

BrowseFox: [SBI $A65521ED] Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Win32.Downloader.gen: [SBI $E6AD2227] Program directory (Directory, fixing failed)
C:\Users\tatiana\AppData\Local\Conduit\

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by tatiana (administrator) on TATIANA2650 on 24-07-2014 13:45:12
Running from E:\
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\glindorus\updateglindorus.exe
() C:\Program Files (x86)\glindorus\bin\utilglindorus.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe
() C:\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Tango Inc.) C:\Program Files (x86)\Tango\Tango.exe
(The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
() C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
(Weather Notifications, LLC) C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DellWPF] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Qualcomm Atheros Commnucations)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1757648 2014-02-08] (APN)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36151360 2014-02-23] (ooVoo LLC)
HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [Tango] => C:\Program Files (x86)\Tango\Tango.exe [13489992 2011-11-04] (Tango Inc.)
HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-09-22] (The Weather Channel)
HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\Backg (the data entry has 27 more characters). <===== ATTENTION
HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\MountPoints2: {e9edd155-cd5d-11e2-be6a-806e6f6e6963} - "D:\Autorun.exe"
Startup: C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
Startup: C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=2159&gct=hp
URLSearchHook: HKLM-x32 - Installl Converter A Toolbar - {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
SearchScopes: HKLM - {81221284-1B33-4191-9C57-B3DC68CC8ADF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {81221284-1B33-4191-9C57-B3DC68CC8ADF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - {3000D426-06D5-4132-9989-F3B98E2B8AE9} URL = http://www.search.ask.com/web?tpid=OVO2&o=2159&pf=V5&p2=%5EA2E%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.10.2.4129&apn_uid=43cf89ed-339d-417d-8b02-cefe02dc30b7&apn_ptnrs=%5EA2E&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=Null_64_9.10.9200.16580&doi=2013-06-07&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {43E35495-336C-4BF7-84B3-1473D9CD484C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311834&CUI=UN20610225992684773&UM=2
SearchScopes: HKCU - {81221284-1B33-4191-9C57-B3DC68CC8ADF} URL =
SearchScopes: HKCU - {C3625750-9A67-437E-BD67-B8AE4D139985} URL = http://rts.dsrlte.com/?q={searchTerms}&r=113
BHO: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll (Plus HD)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport_x64.dll (APN LLC.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO-x32: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
BHO-x32: ArcadeParlor Games -> {39AD0726-986D-40F9-972B-E3BFA24B7745} -> C:\Users\tatiana\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: GreatArcadeHits Add-on -> {D0C21091-FF8E-432C-9006-0540E81BA9D7} -> C:\Users\tatiana\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport.dll (APN LLC.)
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: Installl Converter A Toolbar -> {f84db37a-ae6f-423b-9f51-14b5ec10c879} -> C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Installl Converter A Toolbar - {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport_x64.dll (APN LLC.)
Toolbar: HKCU - No Name - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: ArcadeParlor - C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-11-10]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\FIREFOX\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\tatiana\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}
FF Extension: GreatArcadeHits Add-on - C:\Users\tatiana\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} [2013-10-24]

Chrome:
=======
CHR HomePage: hxxp://rts.dsrlte.com
CHR StartupUrls: "hxxp://rts.dsrlte.com"
CHR DefaultSearchKeyword: pay-by-ads.com
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-02]
CHR Extension: (Google Drive) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
CHR Extension: (Google Search) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
CHR Extension: (HP Smart Print) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR Extension: (Gmail) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]
CHR HKLM-x32\...\Chrome\Extension: [llmcibonccojooiboenghfafpieoabpl] - C:\Program Files (x86)\glindorus\llmcibonccojooiboenghfafpieoabpl.crx [2014-03-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-08] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 Update glindorus; C:\Program Files (x86)\glindorus\updateglindorus.exe [321824 2014-07-22] ()
R2 Util glindorus; C:\Program Files (x86)\glindorus\bin\utilglindorus.exe [321824 2014-07-22] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-09-20] (Synaptics Incorporated)
R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64.sys [61112 2014-04-24] (StdLib)
R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64.sys [61112 2014-06-09] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 13:44 - 2014-07-24 13:45 - 00000000 ____D () C:\FRST
2014-07-24 13:43 - 2014-07-24 13:43 - 00000207 _____ () C:\windows\tweaking.com-regbackup-TATIANA2650-Microsoft-Windows-8-(64-bit).dat
2014-07-24 13:42 - 2014-07-24 13:42 - 00002241 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-07-24 13:42 - 2014-07-24 13:42 - 00000000 ____D () C:\RegBackup
2014-07-24 13:42 - 2014-07-24 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-24 13:40 - 2014-07-24 13:40 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-24 13:38 - 2014-07-24 13:38 - 00000000 ___RD () C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-24 13:36 - 2014-07-24 13:36 - 00001006 _____ () C:\Users\tatiana\Documents\chris_fix.txt
2014-07-20 19:18 - 2014-07-20 19:18 - 00000112 _____ () C:\windows\wininit.ini
2014-07-20 17:22 - 2014-07-20 17:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-20 17:22 - 2014-07-20 17:22 - 00001264 _____ () C:\Users\tatiana\Desktop\Spybot - Search & Destroy.lnk
2014-07-20 17:22 - 2014-07-20 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-07-20 17:22 - 2014-07-20 17:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-07-20 16:27 - 2014-07-20 16:28 - 00291288 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-17 14:43 - 2014-06-26 15:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-17 14:43 - 2014-06-26 15:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-17 14:38 - 2014-07-17 14:38 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 19:00 - 2014-06-30 17:42 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-11 19:00 - 2014-06-30 17:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-11 18:59 - 2014-06-30 17:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-07-11 18:59 - 2014-06-27 22:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 14:27 - 2014-06-17 18:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 14:27 - 2014-06-17 18:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 14:27 - 2014-06-10 23:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 14:27 - 2014-06-02 17:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-07-09 14:27 - 2014-05-29 18:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-07-09 14:27 - 2014-05-29 18:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-07-09 14:27 - 2014-05-29 18:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 14:27 - 2014-05-29 18:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-07-09 14:27 - 2014-05-03 01:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-09 14:27 - 2014-05-03 01:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-09 14:27 - 2014-05-02 23:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-09 14:27 - 2014-05-01 17:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-07-09 14:27 - 2014-04-29 17:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-07-09 14:27 - 2014-04-29 17:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-07-09 14:27 - 2014-04-23 18:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-07-09 14:27 - 2014-04-23 18:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 14:27 - 2014-04-23 18:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-07-09 14:27 - 2014-04-23 18:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 14:27 - 2014-02-07 23:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-09 14:26 - 2014-06-18 21:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 14:26 - 2014-06-18 21:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 14:26 - 2014-06-18 21:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-07-09 14:26 - 2014-06-18 21:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-07-09 14:26 - 2014-06-18 21:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 14:26 - 2014-06-18 21:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 14:26 - 2014-06-18 21:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 14:26 - 2014-06-18 21:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 14:26 - 2014-06-18 21:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 14:26 - 2014-06-18 21:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 14:26 - 2014-06-18 19:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 14:26 - 2014-06-18 19:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 14:26 - 2014-06-18 19:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 14:26 - 2014-06-18 19:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 14:26 - 2014-06-18 19:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 14:26 - 2014-06-18 19:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 14:26 - 2014-06-18 19:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 14:26 - 2014-06-18 19:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 14:26 - 2014-06-18 19:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 14:26 - 2014-06-18 19:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 14:26 - 2014-06-18 19:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 14:26 - 2014-06-18 17:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-07-09 14:25 - 2014-06-06 09:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 14:25 - 2014-06-06 05:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 14:25 - 2014-05-29 17:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-04 22:40 - 2014-07-24 13:38 - 00003382 _____ () C:\windows\System32\Tasks\BackgroundContainer Startup Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 13:45 - 2014-07-24 13:44 - 00000000 ____D () C:\FRST
2014-07-24 13:45 - 2013-01-14 15:37 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-24 13:43 - 2014-07-24 13:43 - 00000207 _____ () C:\windows\tweaking.com-regbackup-TATIANA2650-Microsoft-Windows-8-(64-bit).dat
2014-07-24 13:42 - 2014-07-24 13:42 - 00002241 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-07-24 13:42 - 2014-07-24 13:42 - 00000000 ____D () C:\RegBackup
2014-07-24 13:42 - 2014-07-24 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-24 13:42 - 2012-07-26 02:21 - 00023922 _____ () C:\windows\setupact.log
2014-07-24 13:41 - 2013-06-03 22:54 - 01636358 _____ () C:\windows\WindowsUpdate.log
2014-07-24 13:40 - 2014-07-24 13:40 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-24 13:39 - 2013-11-10 17:09 - 00000000 ____D () C:\Users\tatiana\AppData\Local\SevereWeatherAlerts
2014-07-24 13:38 - 2014-07-24 13:38 - 00000000 ___RD () C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-24 13:38 - 2014-07-04 22:40 - 00003382 _____ () C:\windows\System32\Tasks\BackgroundContainer Startup Task
2014-07-24 13:38 - 2014-03-02 16:07 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-24 13:38 - 2013-10-24 17:54 - 00001324 _____ () C:\windows\Tasks\Plus-HD-1.6-updater.job
2014-07-24 13:38 - 2013-10-24 17:54 - 00001226 _____ () C:\windows\Tasks\Plus-HD-1.6-codedownloader.job
2014-07-24 13:38 - 2013-10-24 17:54 - 00001126 _____ () C:\windows\Tasks\Plus-HD-1.6-enabler.job
2014-07-24 13:38 - 2012-07-26 00:26 - 00000226 _____ () C:\windows\win.ini
2014-07-24 13:37 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-24 13:37 - 2012-07-26 00:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-07-24 13:36 - 2014-07-24 13:36 - 00001006 _____ () C:\Users\tatiana\Documents\chris_fix.txt
2014-07-24 13:00 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-24 12:55 - 2014-03-02 16:07 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 14:53 - 2013-10-24 17:54 - 00000304 _____ () C:\windows\Tasks\GreatArcadeHits.job
2014-07-22 18:42 - 2013-11-10 17:09 - 00000304 _____ () C:\windows\Tasks\ArcadeParlor.job
2014-07-22 18:00 - 2014-03-02 16:09 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-22 17:31 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2014-07-20 19:20 - 2013-01-14 17:00 - 00180414 _____ () C:\windows\PFRO.log
2014-07-20 19:18 - 2014-07-20 19:18 - 00000112 _____ () C:\windows\wininit.ini
2014-07-20 19:18 - 2013-10-15 17:51 - 00000000 ____D () C:\Users\tatiana\AppData\Local\Conduit
2014-07-20 17:25 - 2014-07-20 17:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-20 17:22 - 2014-07-20 17:22 - 00001264 _____ () C:\Users\tatiana\Desktop\Spybot - Search & Destroy.lnk
2014-07-20 17:22 - 2014-07-20 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-07-20 17:22 - 2014-07-20 17:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-07-20 17:06 - 2013-06-07 10:30 - 00000000 ____D () C:\Users\tatiana\AppData\Local\CrashDumps
2014-07-20 16:28 - 2014-07-20 16:27 - 00291288 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-17 15:02 - 2013-06-08 16:23 - 00000000 ____D () C:\Users\tatiana\AppData\Roaming\PCDr
2014-07-17 14:49 - 2012-07-26 02:28 - 00850046 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-17 14:38 - 2014-07-17 14:38 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-17 14:38 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-17 14:38 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-17 14:38 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\WinStore
2014-07-17 14:38 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 22:31 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-13 22:28 - 2013-07-22 12:15 - 00000000 ____D () C:\windows\system32\MRT
2014-07-13 22:24 - 2013-06-06 21:35 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-12 16:51 - 2013-06-04 00:59 - 00000000 ____D () C:\Users\tatiana\AppData\Local\softthinks
2014-07-11 18:50 - 2013-06-03 22:54 - 00000000 ____D () C:\Users\tatiana
2014-07-09 13:28 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-05 08:58 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
2014-07-04 23:52 - 2013-10-24 17:54 - 00000000 ____D () C:\Users\tatiana\AppData\Local\GreatArcadeHits
2014-06-30 17:42 - 2014-07-11 19:00 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 17:42 - 2014-07-11 19:00 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-06-30 17:42 - 2014-07-11 18:59 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-06-28 15:41 - 2013-11-10 17:09 - 00000000 ____D () C:\Users\tatiana\AppData\Local\ArcadeParlor
2014-06-27 22:35 - 2014-07-11 18:59 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-26 15:53 - 2014-07-17 14:43 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 15:53 - 2014-07-17 14:43 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-22 17:21

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014
Ran by tatiana at 2014-07-24 13:46:56
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.6.4 (HKLM-x32\...\AbiWord2) (Version: 2.6.4 - AbiSource Developers)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcadeParlor (HKCU\...\{B74443DB-5A88-4583-860A-F0D06EF399E3}) (Version: - ArcadeParlor)
Ask Toolbar (HKLM-x32\...\{4F564F32-0076-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4129 - APN, LLC) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 23.4.1.0 - COMODO)
CWA Reminder by We-Care.com v4.1.24.3 (HKLM-x32\...\{0228288D-975E-42F7-9993-E91A82E6BBD9}) (Version: 4.1.24.3 - We-Care.com)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.17 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
glindorus 1.0.0 (HKLM\...\glindorus) (Version: 1.0.0 - glindorus) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
HP Officejet 4630 series Basic Device Software (HKLM\...\{29B1CB33-32C3-4762-85DA-8CEADDC36EA7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Installl Converter A Toolbar for IE (HKLM-x32\...\IECT3311834) (Version: 6.17.0.33 - Installl Converter A)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.3001 - ooVoo LLC.)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plus-HD-1.6 (HKLM-x32\...\Plus-HD-1.6) (Version: 1.28.153.5 - Plus HD) <==== ATTENTION
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{B1D45D48-A4D4-495F-A693-681EA9846754}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6741 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Severe Weather Alerts (HKCU\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Tango (HKCU\...\Tango) (Version: 1.6.14117 - TangoMe, Inc.)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID entries: ==========================

(Only entries are listed that could be exploited by malware. If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

09-07-2014 19:56:30 Windows Update
14-07-2014 00:38:32 Windows Update
23-07-2014 21:10:47 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0778355F-9224-45C5-B95A-3A3EDA245481} - System32\Tasks\Titanium Installation => D:\setup.exe
Task: {1288ACED-7A87-4780-AD1E-33647E440B35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2A707B02-5540-4B65-86AF-2D97EE306365} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {40F12069-EF86-4ECD-9A2D-F4DA1E87F109} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {41D3641C-CAE3-42A8-9039-383D46CF1C15} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-07-13] (Microsoft Corporation)
Task: {57239CD5-F958-43F5-8456-E21283DAD8FF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5EB39D17-5ECE-4FC3-B01D-013CB3BB8334} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {7508AA55-4F66-4824-B6CE-095E43DEA487} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {7717C6A6-3907-4204-B79C-3C82B5AB26FE} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-10-24] (Plus HD)
Task: {821DBF9A-447C-4121-85D2-F9A05570E0A8} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {920D4D8F-3914-4922-8AFE-490BBB8BDEB2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {92F68220-481A-4738-AF13-02963B36FFBA} - System32\Tasks\ArcadeParlor => C:\Users\tatiana\AppData\Local\ArcadeParlor\versioncheck.exe [2014-06-28] ()
Task: {9FE7090D-8A12-4010-9372-1F57DAE6798D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {A6408AD5-1E9E-43F5-BAFA-A3C0C9FB45B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B4259671-5ACB-4D33-954D-803B9E950CB2} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-10-24] (Plus HD)
Task: {B862537C-CAF0-42B2-853F-5F7B9AD9A22E} - System32\Tasks\GreatArcadeHits => C:\Users\tatiana\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2014-07-04] () <==== ATTENTION
Task: {C1FAE1CD-AF1C-4831-987D-8D820818E441} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-10-24] (Plus HD)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FA3E0F37-DB40-4397-A64D-4FA84CC18A69} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {FB26536C-046B-49F2-BD80-2DFCC3590329} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Task: C:\windows\Tasks\ArcadeParlor.job => C:\Users\tatiana\AppData\Local\ArcadeParlor\versioncheck.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GreatArcadeHits.job => C:\Users\tatiana\AppData\Local\GreatArcadeHits\GAHUpdate.exe
Task: C:\windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
Task: C:\windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
Task: C:\windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe

==================== Loaded Modules (whitelisted) =============

2012-12-24 06:30 - 2012-12-24 06:30 - 01868432 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2013-01-14 15:32 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-10-04 20:02 - 2014-07-22 18:33 - 00321824 _____ () C:\Program Files (x86)\glindorus\updateglindorus.exe
2013-10-26 14:24 - 2014-07-22 18:32 - 00321824 _____ () C:\Program Files (x86)\glindorus\bin\utilglindorus.exe
2014-05-01 18:36 - 2014-07-03 16:11 - 00287008 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe
2014-05-01 18:37 - 2014-07-22 18:53 - 00096544 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe
2013-06-07 12:04 - 2013-06-07 12:06 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-08 15:11 - 2012-08-08 15:11 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2013-01-14 16:23 - 2012-08-27 02:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-09 00:02 - 2013-07-09 00:02 - 00348384 _____ () C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
2013-07-09 00:02 - 2013-07-09 00:02 - 00076000 _____ () C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-14 03:43 - 2011-04-14 03:43 - 08448512 _____ () C:\Program Files (x86)\Tango\QtGui4.dll
2011-04-14 03:35 - 2011-04-14 03:35 - 02346496 _____ () C:\Program Files (x86)\Tango\QtCore4.dll
2011-04-14 03:50 - 2011-04-14 03:50 - 00113152 _____ () C:\Program Files (x86)\Tango\QtMultimedia4.dll
2011-04-14 03:36 - 2011-04-14 03:36 - 00859648 _____ () C:\Program Files (x86)\Tango\QtNetwork4.dll
2011-04-14 04:58 - 2011-04-14 04:58 - 11159040 _____ () C:\Program Files (x86)\Tango\QtWebKit4.dll
2011-08-09 05:31 - 2011-08-09 05:31 - 00054784 _____ () C:\Program Files (x86)\Tango\CrashRpt.dll
2011-04-14 03:49 - 2011-04-14 03:49 - 00270336 _____ () C:\Program Files (x86)\Tango\phonon4.dll
2013-01-14 15:30 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-02-27 22:51 - 2014-02-27 22:51 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b1c5b85477b09ceb4fa27fdf6e37e617\PSIClient.ni.dll
2013-01-14 15:37 - 2012-09-12 22:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-01-14 15:37 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-01-14 15:37 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2013-01-14 15:22 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 01:21:36 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (07/24/2014 01:21:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (07/24/2014 01:04:51 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4797

Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4797

Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3516

Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3516

Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2014 11:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2406


System errors:
=============
Error: (07/24/2014 01:40:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/22/2014 06:34:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/22/2014 06:30:43 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/22/2014 06:30:43 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/22/2014 06:30:39 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/22/2014 06:30:39 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/22/2014 06:30:39 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/22/2014 06:30:39 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/22/2014 05:07:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/22/2014 05:05:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:46:13 PM on ‎7/‎22/‎2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (07/24/2014 01:21:36 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2

Error: (07/24/2014 01:21:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8

Error: (07/24/2014 01:04:51 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4797

Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4797

Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3516

Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3516

Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2014 11:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2406


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3965.27 MB
Available physical RAM: 2426.34 MB
Total Pagefile: 4861.27 MB
Available Pagefile: 3175.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.98 GB) (Free:397.74 GB) NTFS
Drive e: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.21 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:12.64 GB) (Free:0.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 5A14010D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================


aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-24 13:55:09
-----------------------------
13:55:09.001 OS Version: Windows x64 6.2.9200
13:55:09.002 Number of processors: 2 586 0x3A09
13:55:09.004 ComputerName: TATIANA2650 UserName: tatiana
13:55:11.231 Initialize success
13:55:11.314 VM: initialized successfully
13:55:11.339 VM: Intel CPU supported
13:55:20.158 VM: disk I/O iaStorA.sys
13:58:24.345 AVAST engine defs: 14072400
13:59:50.698 The log file has been saved successfully to "E:\aswMBR.txt"


aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-24 13:55:09
-----------------------------
13:55:09.001 OS Version: Windows x64 6.2.9200
13:55:09.002 Number of processors: 2 586 0x3A09
13:55:09.004 ComputerName: TATIANA2650 UserName: tatiana
13:55:11.231 Initialize success
13:55:11.314 VM: initialized successfully
13:55:11.339 VM: Intel CPU supported
13:55:20.158 VM: disk I/O iaStorA.sys
13:58:24.345 AVAST engine defs: 14072400
13:59:50.698 The log file has been saved successfully to "E:\aswMBR.txt"
14:00:33.190 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
14:00:33.196 Disk 0 Vendor: ST500LT012-9WS142 0001SDM1 Size: 476940MB BusType: 11
14:00:33.315 Disk 0 MBR read successfully
14:00:33.323 Disk 0 MBR scan
14:00:33.340 Disk 0 unknown MBR code
14:00:33.349 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:00:33.468 Disk 0 scanning C:\windows\system32\drivers
14:01:00.192 Service scanning
14:01:56.986 Modules scanning
14:01:57.342 Disk 0 trace - called modules:
14:01:57.364 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
14:01:57.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006084060]
14:01:57.388 3 CLASSPNP.SYS[fffff88000b08e0a] -> nt!IofCallDriver -> \Device\00000032[0xfffffa8004d69060]
14:01:58.905 AVAST engine scan C:\windows
14:02:02.388 AVAST engine scan C:\windows\system32
14:08:24.351 AVAST engine scan C:\windows\system32\drivers
14:08:55.956 AVAST engine scan C:\Users\tatiana
14:45:07.340 AVAST engine scan C:\ProgramData
14:49:01.452 Scan finished successfully
14:50:20.215 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
14:50:20.263 The log file has been saved successfully to "E:\aswMBR.txt"

Juliet
2014-07-25, 04:11
Hi and welcome

Before we can start we will have to move FRST to desktop.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by tatiana (administrator) on TATIANA2650 on 24-07-2014 13:45:12
Running from E:\

Please go to E drive, right click on FRST and select CUT
Go to an open spot on your desktop, right click and select Paste.
This should move FRST out of E drive to desktop.

If you are unable to move FRST to desktop, please right click on the version you have now and delete and download it again. Make sure to download to desktop.


Or, Simply download and copy fixlist.txt and FRST.exe to a folder of your choice and then start FRST and click on the Fix button and then attach the fixlog.txt to your next reply.

The below script will reboot your computer, please don't be alarmed.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\Backg (the data entry has 27 more characters). <===== ATTENTION
SearchScopes: HKCU - {3000D426-06D5-4132-9989-F3B98E2B8AE9} URL = http://www.search.ask.com/web?tpid=OVO2&o=2159&pf=V5&p2=%5EA2E%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.10.2.4129&apn_uid=43cf89ed-339d-417d-8b02-cefe02dc30b7&apn_ptnrs=%5EA2E&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=Null_64_9.10.9200.16580&doi=2013-06-07&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {43E35495-336C-4BF7-84B3-1473D9CD484C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311834&CUI=UN20610225992684773&UM=2
SearchScopes: HKCU - {81221284-1B33-4191-9C57-B3DC68CC8ADF} URL =
SearchScopes: HKCU - {C3625750-9A67-437E-BD67-B8AE4D139985} URL = http://rts.dsrlte.com/?q={searchTerms}&r=113
BHO: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll (Plus HD)
BHO-x32: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: Installl Converter A Toolbar -> {f84db37a-ae6f-423b-9f51-14b5ec10c879} -> C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} - No File
CHR HomePage: hxxp://rts.dsrlte.com
CHR StartupUrls: "hxxp://rts.dsrlte.com"
CHR HKLM-x32\...\Chrome\Extension: [llmcibonccojooiboenghfafpieoabpl] - C:\Program Files (x86)\glindorus\llmcibonccojooiboenghfafpieoabpl.crx [2014-03-02]
CHR DefaultSearchKeyword: pay-by-ads.com
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-08] (APN LLC.)
R2 Update glindorus; C:\Program Files (x86)\glindorus\updateglindorus.exe [321824 2014-07-22] ()
R2 Util glindorus; C:\Program Files (x86)\glindorus\bin\utilglindorus.exe [321824 2014-07-22] ()
R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64.sys [61112 2014-04-24] (StdLib)
R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64.sys [61112 2014-06-09] (StdLib)
C:\windows\Tasks\Plus-HD-1.6-updater.job
C:\windows\Tasks\Plus-HD-1.6-codedownloader.job
C:\windows\Tasks\Plus-HD-1.6-enabler.job
C:\Users\tatiana\AppData\Local\Conduit
Ask Toolbar (HKLM-x32\...\{4F564F32-0076-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4129 - APN, LLC) <==== ATTENTION
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
glindorus 1.0.0 (HKLM\...\glindorus) (Version: 1.0.0 - glindorus) <==== ATTENTION
GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
Plus-HD-1.6 (HKLM-x32\...\Plus-HD-1.6) (Version: 1.28.153.5 - Plus HD) <==== ATTENTION
Severe Weather Alerts (HKCU\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC) <==== ATTENTION
Task: {FB26536C-046B-49F2-BD80-2DFCC3590329} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Task: C:\windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
Task: C:\windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
Task: C:\windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe
C:\Program Files (x86)\glindorus\updateglindorus.exe
2013-10-26 14:24 - 2014-07-22 18:32 - 00321824 _____ () C:\Program Files (x86)\glindorus\bin\utilglindorus.exe
2014-05-01 18:36 - 2014-07-03 16:11 - 00287008 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe
2014-05-01 18:37 - 2014-07-22 18:53 - 00096544 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe
Reboot:
end


Open FRST/FRST64 and press the Fix button just once and wait.
http://i739.photobucket.com/albums/xx33/emeraldnzl/FRSTconsole-2.jpg (http://s739.photobucket.com/user/emeraldnzl/media/FRSTconsole-2.jpg.html)

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


NEXT**

AdwCleaner by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open windows and browsers.



Right click the AdwCleaner icon http://i1059.photobucket.com/albums/t432/cinjo23/RightClickonAdwCleanerIcon.jpg on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

*****
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF


Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Then click on Clean
Confirm each time with Ok
Click the Report button to get the log
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.


NEXT**

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : [B]Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


***************************************

Please post:
Fixlog.txt
C:\AdwCleaner\AdwCleaner.txt
Malwarebytes log

the1dbg
2014-07-25, 20:21
Juliet

Hello and thank you for the quick response. Here are the requested logs.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by tatiana at 2014-07-25 11:03:21 Run:1
Running from C:\Users\tatiana\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\Backg (the data entry has 27 more characters). <===== ATTENTION
SearchScopes: HKCU - {3000D426-06D5-4132-9989-F3B98E2B8AE9} URL = http://www.search.ask.com/web?tpid=OVO2&o=2159&pf=V5&p2=%5EA2E%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.10.2.4129&apn_uid=43cf89ed-339d-417d-8b02-cefe02dc30b7&apn_ptnrs=%5EA2E&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=Null_64_9.10.9200.16580&doi=2013-06-07&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {43E35495-336C-4BF7-84B3-1473D9CD484C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311834&CUI=UN20610225992684773&UM=2
SearchScopes: HKCU - {81221284-1B33-4191-9C57-B3DC68CC8ADF} URL =
SearchScopes: HKCU - {C3625750-9A67-437E-BD67-B8AE4D139985} URL = http://rts.dsrlte.com/?q={searchTerms}&r=113
BHO: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll (Plus HD)
BHO-x32: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: Installl Converter A Toolbar -> {f84db37a-ae6f-423b-9f51-14b5ec10c879} -> C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} - No File
CHR HomePage: hxxp://rts.dsrlte.com
CHR StartupUrls: "hxxp://rts.dsrlte.com"
CHR HKLM-x32\...\Chrome\Extension: [llmcibonccojooiboenghfafpieoabpl] - C:\Program Files (x86)\glindorus\llmcibonccojooiboenghfafpieoabpl.crx [2014-03-02]
CHR DefaultSearchKeyword: pay-by-ads.com
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-08] (APN LLC.)
R2 Update glindorus; C:\Program Files (x86)\glindorus\updateglindorus.exe [321824 2014-07-22] ()
R2 Util glindorus; C:\Program Files (x86)\glindorus\bin\utilglindorus.exe [321824 2014-07-22] ()
R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64.sys [61112 2014-04-24] (StdLib)
R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64.sys [61112 2014-06-09] (StdLib)
C:\windows\Tasks\Plus-HD-1.6-updater.job
C:\windows\Tasks\Plus-HD-1.6-codedownloader.job
C:\windows\Tasks\Plus-HD-1.6-enabler.job
C:\Users\tatiana\AppData\Local\Conduit
Ask Toolbar (HKLM-x32\...\{4F564F32-0076-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4129 - APN, LLC) <==== ATTENTION
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
glindorus 1.0.0 (HKLM\...\glindorus) (Version: 1.0.0 - glindorus) <==== ATTENTION
GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
Plus-HD-1.6 (HKLM-x32\...\Plus-HD-1.6) (Version: 1.28.153.5 - Plus HD) <==== ATTENTION
Severe Weather Alerts (HKCU\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC) <==== ATTENTION
Task: {FB26536C-046B-49F2-BD80-2DFCC3590329} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Task: C:\windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
Task: C:\windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
Task: C:\windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe
C:\Program Files (x86)\glindorus\updateglindorus.exe
2013-10-26 14:24 - 2014-07-22 18:32 - 00321824 _____ () C:\Program Files (x86)\glindorus\bin\utilglindorus.exe
2014-05-01 18:36 - 2014-07-03 16:11 - 00287008 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe
2014-05-01 18:37 - 2014-07-22 18:53 - 00096544 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe
Reboot:
end
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3000D426-06D5-4132-9989-F3B98E2B8AE9}" => Key deleted successfully.
"HKCR\CLSID\{3000D426-06D5-4132-9989-F3B98E2B8AE9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43E35495-336C-4BF7-84B3-1473D9CD484C}" => Key deleted successfully.
"HKCR\CLSID\{43E35495-336C-4BF7-84B3-1473D9CD484C}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{81221284-1B33-4191-9C57-B3DC68CC8ADF}" => Key deleted successfully.
"HKCR\CLSID\{81221284-1B33-4191-9C57-B3DC68CC8ADF}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C3625750-9A67-437E-BD67-B8AE4D139985}" => Key deleted successfully.
"HKCR\CLSID\{C3625750-9A67-437E-BD67-B8AE4D139985}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110311201102}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311201102}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f84db37a-ae6f-423b-9f51-14b5ec10c879}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{f84db37a-ae6f-423b-9f51-14b5ec10c879}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F84DB37A-AE6F-423B-9F51-14B5EC10C879} => value deleted successfully.
"HKCR\CLSID\{F84DB37A-AE6F-423B-9F51-14B5EC10C879}" => Key not found.
CHR HomePage: hxxp://rts.dsrlte.com ==> The Chrome "Settings" can be used to fix the entry.
CHR StartupUrls: "hxxp://rts.dsrlte.com" ==> The Chrome "Settings" can be used to fix the entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\llmcibonccojooiboenghfafpieoabpl" => Key deleted successfully.
"C:\Program Files (x86)\glindorus\llmcibonccojooiboenghfafpieoabpl.crx" => File/Directory not found.
CHR DefaultSearchKeyword: pay-by-ads.com ==> The Chrome "Settings" can be used to fix the entry.
APNMCP => Unable to stop service
APNMCP => Service deleted successfully.
Update glindorus => Unable to stop service
Update glindorus => Service deleted successfully.
Util glindorus => Unable to stop service
Util glindorus => Service deleted successfully.
{26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64 => Unable to stop service
{26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64 => Service deleted successfully.
{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64 => Unable to stop service
{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64 => Service deleted successfully.
C:\windows\Tasks\Plus-HD-1.6-updater.job => Moved successfully.
C:\windows\Tasks\Plus-HD-1.6-codedownloader.job => Moved successfully.
C:\windows\Tasks\Plus-HD-1.6-enabler.job => Moved successfully.
C:\Users\tatiana\AppData\Local\Conduit => Moved successfully.
Ask Toolbar (HKLM-x32\...\{4F564F32-0076-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4129 - APN, LLC) <==== ATTENTION => Error: No automatic fix found for this entry.
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION => Error: No automatic fix found for this entry.
glindorus 1.0.0 (HKLM\...\glindorus) (Version: 1.0.0 - glindorus) <==== ATTENTION => Error: No automatic fix found for this entry.
GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION => Error: No automatic fix found for this entry.
Plus-HD-1.6 (HKLM-x32\...\Plus-HD-1.6) (Version: 1.28.153.5 - Plus HD) <==== ATTENTION => Error: No automatic fix found for this entry.
Severe Weather Alerts (HKCU\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB26536C-046B-49F2-BD80-2DFCC3590329}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB26536C-046B-49F2-BD80-2DFCC3590329}" => Key deleted successfully.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
C:\windows\Tasks\Plus-HD-1.6-codedownloader.job not found.
C:\windows\Tasks\Plus-HD-1.6-enabler.job not found.
C:\windows\Tasks\Plus-HD-1.6-updater.job not found.
C:\Program Files (x86)\glindorus\updateglindorus.exe => Moved successfully.
C:\Program Files (x86)\glindorus\bin\utilglindorus.exe => Moved successfully.
C:\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe => Moved successfully.
C:\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====


# AdwCleaner v3.216 - Report created 25/07/2014 at 11:39:08
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : tatiana - TATIANA2650
# Running from : C:\Users\tatiana\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\glindorus
Folder Deleted : C:\Program Files (x86)\Plus-HD-1.6
Folder Deleted : C:\Program Files (x86)\Installl_Converter_A
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\tatiana\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\tatiana\AppData\Local\GreatArcadeHits
Folder Deleted : C:\Users\tatiana\AppData\Local\Temp\apn
Folder Deleted : C:\Users\tatiana\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\tatiana\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\tatiana\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\tatiana\AppData\LocalLow\Installl_Converter_A
Folder Deleted : C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
File Deleted : C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\Plus-HD-1.6-codedownloader
File Deleted : C:\windows\System32\Tasks\Plus-HD-1.6-enabler
File Deleted : C:\windows\System32\Tasks\Plus-HD-1.6-updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateglindorus_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateglindorus_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilglindorus_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilglindorus_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3311834
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311834
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42DAACA-52CC-40DB-834D-784AA791C537}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F84DB37A-AE6F-423B-9F51-14B5EC10C879}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F84DB37A-AE6F-423B-9F51-14B5EC10C879}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F42DAACA-52CC-40DB-834D-784AA791C537}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11a50cbd-0239-45b9-a7de-15b923409bc3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8ffa420b-7445-4020-bc96-578482f2d49e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c4e4f357-e931-4d09-8cc9-542954ba9e54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d5ecce38-198b-4ae7-ab77-4f009ff534fa}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea288a59-147f-4dbc-a22f-9f5b6b5009b2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D82B706C-B381-4D47-A124-F2B0899F9B83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3C627C1-46CC-45EB-AF3C-D2E511C4FA14}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F84DB37A-AE6F-423B-9F51-14B5EC10C879}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F84DB37A-AE6F-423B-9F51-14B5EC10C879}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11a50cbd-0239-45b9-a7de-15b923409bc3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8ffa420b-7445-4020-bc96-578482f2d49e}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c4e4f357-e931-4d09-8cc9-542954ba9e54}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d5ecce38-198b-4ae7-ab77-4f009ff534fa}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea288a59-147f-4dbc-a22f-9f5b6b5009b2}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\glindorus
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Installl_Converter_A
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\glindorus
Key Deleted : HKLM\Software\Plus-HD-1.6
Key Deleted : HKLM\Software\Installl_Converter_A
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.6
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\glindorus

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17028

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [16167 octets] - [25/07/2014 11:36:29]
AdwCleaner[S0].txt - [14233 octets] - [25/07/2014 11:39:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14294 octets] ##########


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/25/2014
Scan Time: 11:47:43 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.25.05
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: tatiana

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283797
Time Elapsed: 12 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.SevereWeatherAlerts.A, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe, 3996, Delete-on-Reboot, [22972a796a111521450a79e67c85c63a]
PUP.Optional.SevereWeatherAlerts.A, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe, 2312, Delete-on-Reboot, [f4c58b18b0cb1b1b54fca2bd2fd2a65a]

Modules: 0
(No malicious items detected)

Registry Keys: 29
PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{632D51D4-67C3-40CA-8A7E-D1E93E80B005}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1F29738C-11D6-4AE5-A1B1-86D4D5F3A69C}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{96B4DEA0-F89C-475C-8124-B247260B7CB5}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1F29738C-11D6-4AE5-A1B1-86D4D5F3A69C}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B60591CD-AA25-4261-B05A-77826471C0A3}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
PUP.Optional.WeCare, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
PUP.Optional.WeCare, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
PUP.Optional.SevereWeatherAlerts, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Severe Weather Alerts, Quarantined, [5465a8fbd2a968cec3b9170cc33d0bf5],
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0228288D-975E-42F7-9993-E91A82E6BBD9}, Quarantined, [5168525154277abc7bbcb117d929758b],
PUP.Optional.WeCare, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [12a72e7529527eb892b8ac1c42c06d93],
PUP.Optional.SevereWeatherAlerts.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SevereWeatherAlerts.exe, Quarantined, [b009049f0f6ca88e0da139e723e11ee2],
PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B74443DB-5A88-4583-860A-F0D06EF399E3}, Quarantined, [97227b28f8831323011fccdda06227d9],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 21
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts, Delete-on-Reboot, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0129202349, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0316122505, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0321225405, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0717143001, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1116224855, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1119141943, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1218174621, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts, Quarantined, [e1d822811d5e55e1d1d3bd50b05404fc],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\Weather_Notifications,_LL, Quarantined, [fdbc287b4d2e94a2c27bc3e550b2bb45],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hzsyl3czwxh0geuem5hdmeiaavma45z2, Quarantined, [fdbc287b4d2e94a2c27bc3e550b2bb45],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hzsyl3czwxh0geuem5hdmeiaavma45z2\1.21.0.0, Quarantined, [fdbc287b4d2e94a2c27bc3e550b2bb45],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor, Quarantined, [97227b28f8831323011fccdda06227d9],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}, Quarantined, [635672315625c571c5b75a63f11153ad],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome, Quarantined, [635672315625c571c5b75a63f11153ad],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content, Quarantined, [635672315625c571c5b75a63f11153ad],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin, Quarantined, [635672315625c571c5b75a63f11153ad],
PUP.Optional.Extutil.A, C:\Users\tatiana\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [9920861d374469cd64b0e2de3cc64ab6],
PUP.Optional.Managera.A, C:\Users\tatiana\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [7643079c1f5c48eec64f368a7b878a76],

Files: 133
PUP.Optional.SevereWeatherAlerts.A, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe, Delete-on-Reboot, [22972a796a111521450a79e67c85c63a],
PUP.Optional.SevereWeatherAlerts.A, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe, Delete-on-Reboot, [f4c58b18b0cb1b1b54fca2bd2fd2a65a],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor\Arcadeparlor.dll, Quarantined, [49705b48e69594a20cd4890e887aa45c],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\uninstall.exe, Quarantined, [5465a8fbd2a968cec3b9170cc33d0bf5],
PUP.Optional.WeCare.A, C:\Windows\Installer\a8c37.msi, Quarantined, [e4d5584b4b30cd69aa474bd30af61ae6],
PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64.sys, Quarantined, [7f3a03a0186322144b3e9830659d23dd],
PUP.Optional.Boost.A, C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Quarantined, [06b3445f7ffc191d6c470bbf729010f0],
PUP.Optional.Boost.A, C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Quarantined, [baffabf8c6b542f4b0034d7d15edcc34],
PUP.Optional.GreatArcadeHits.A, C:\Windows\System32\Tasks\GreatArcadeHits, Quarantined, [ac0df2b1b9c2f44211834689e0223ec2],
PUP.Optional.ArcadeParlor.A, C:\Windows\System32\Tasks\ArcadeParlor, Quarantined, [9a1fe5be7dfeba7c990bdbf4ef13da26],
PUP.Optional.GreatArcadeHits.A, C:\Windows\Tasks\GreatArcadeHits.job, Quarantined, [e7d2d6cd7308d75fbc3e3db734ce6e92],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe.config, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp0.dat, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\ICSharpCode.SharpZipLib.dll, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\mod.SevereWeatherAlertsApp0.dat, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll, Delete-on-Reboot, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsBrowser.exe, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsK.dat, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsU.dat, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SWAUpdater.exe, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.0.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.1.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.10.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.11.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.12.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.13.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.14.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.15.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.16.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.17.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.18.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.19.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.2.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.20.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.21.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.22.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.23.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.24.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.25.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.27.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.28.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.29.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.3.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.30.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.31.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.32.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.33.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.34.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.35.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.36.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.37.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.38.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.39.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.4.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.40.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.41.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.42.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.43.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.26.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.44.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.45.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.46.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.47.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.48.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.49.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.5.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.50.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.51.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.52.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.53.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.54.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.55.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.56.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.57.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.58.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.59.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.6.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.60.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.61.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.62.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.63.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.64.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.65.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.66.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.67.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.68.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.69.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.7.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.70.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.71.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.8.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.9.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0316122505\3696.3696.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0316122505\mergetree, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0321225405\3702.3702.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0321225405\mergetree, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.0.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.1.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.10.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.11.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.12.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.13.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.2.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.3.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.4.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.5.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.6.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.7.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.8.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.9.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\mergetree, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0717143001\3817.3817.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1116224855\3573.3573.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1116224855\mergetree, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1218174621\3605.3605.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1218174621\mergetree, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts\Severe Weather Alerts.lnk, Quarantined, [e1d822811d5e55e1d1d3bd50b05404fc],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk, Quarantined, [9c1d8b18dba05dd99e0714f9d133c040],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk, Quarantined, [6752b8ebc5b644f2ddc8a66756aef808],
PUP.Optional.ArcadeParlor.A, C:\Windows\Tasks\ArcadeParlor.job, Quarantined, [18a1f0b3f3883204475bd74630d423dd],
PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64.sys, Quarantined, [5c5d1f84daa175c1087c8d9b07fdc33d],
PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hzsyl3czwxh0geuem5hdmeiaavma45z2\1.21.0.0\user.config, Quarantined, [fdbc287b4d2e94a2c27bc3e550b2bb45],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor\ap.config, Quarantined, [97227b28f8831323011fccdda06227d9],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor\broker.exe, Quarantined, [97227b28f8831323011fccdda06227d9],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor\removal.exe, Quarantined, [97227b28f8831323011fccdda06227d9],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor\versioncheck.exe, Quarantined, [97227b28f8831323011fccdda06227d9],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome.manifest, Quarantined, [635672315625c571c5b75a63f11153ad],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\icon.png, Quarantined, [635672315625c571c5b75a63f11153ad],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\install.rdf, Quarantined, [635672315625c571c5b75a63f11153ad],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content\arcadeparlor.js, Quarantined, [635672315625c571c5b75a63f11153ad],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content\browser.xul, Quarantined, [635672315625c571c5b75a63f11153ad],
PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin\style.css, Quarantined, [635672315625c571c5b75a63f11153ad],
PUP.Optional.Dsrlte.A, C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage": "http://rts.dsrlte.com",), Replaced,[3386990a2f4c3303008ea2400400df21]

Physical Sectors: 0
(No malicious items detected)


(end)

Juliet
2014-07-25, 21:22
wowssa
we found a ton of nasty on your computer.

Might want to consider at least a free anitivirus program to help secure it in the future.


uninstall/remove from your programs list if they are still there.
Ask Toolbar
glindorus 1.0.0
Plus-HD-1.6
Severe Weather Alerts


Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)

Opera
How to Perform a (really) clean Reinstall of Opera (http://my.opera.com/spadija/blog/2011/10/17/how-to-perform-a-really-clean-reinstall-of-opera)

*************************

How is your computer now?

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


*********************

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

the1dbg
2014-07-26, 02:38
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\glindorusUn.exe.vir probably a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\glindorusUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\glindorusBAApp.dll.vir a variant of Win32/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}.dll.vir a variant of Win32/BrowseFox.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.Bromon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.BroStats.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.BrowserAdapterS.dll.vir probably a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.CompatibilityChecker.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.FFUpdate.dll.vir a variant of MSIL/BrowseFox.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.IEUpdate.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.OfSvc.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.PurBrowse.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.PurBrowseG.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.Repmon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\hk64tbInst.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\hktbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\Installl_Converter_AToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\ldrtbInst.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\prxtbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\tbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bg.exe.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.dll.vir probably a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.dll.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe.vir a variant of Win32/Toolbar.CrossRider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-helper.exe.vir probably a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe.vir a variant of Win32/Toolbar.CrossRider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hk64tbIns0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hk64tbIns2.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hk64tbInst.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hktbIns0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hktbIns2.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hktbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\ldrtbIns0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\ldrtbIns2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\ldrtbInst.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\tbIns0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\tbIns1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\tbIns2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\tbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\glindorus\updateglindorus.exe.xBAD a variant of Win32/BrowseFox.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe.xBAD a variant of Win32/BrowseFox.I potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe.xBAD a variant of Win64/BrowseFox.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\glindorus\bin\utilglindorus.exe.xBAD a variant of Win32/BrowseFox.H potentially unwanted application
C:\FRST\Quarantine\C\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\FRST\Quarantine\C\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows\Installer\80174.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

Juliet
2014-07-26, 03:19
As expected we have everything located in quarantine folders.

How is your computer now?

Juliet
2014-07-31, 14:50
Still with me?

Juliet
2014-08-05, 21:17
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.
-----------------------------------------------------------
Admin Edit
Thank you Juliet. :)