Results 1 to 8 of 8

Thread: Please Help Win32.Downloader.gen

  1. #1
    Member the1dbg's Avatar
    Join Date
    Jul 2008
    Posts
    45

    Exclamation Please Help Win32.Downloader.gen

    Here are the logs that were specified in the Win32.Downloader.gen FAQ.

    HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

    BrowseFox: [SBI $A65521ED] Settings (Registry key, fixed)
    HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

    Win32.Downloader.gen: [SBI $E6AD2227] Program directory (Directory, fixing failed)
    C:\Users\tatiana\AppData\Local\Conduit\

    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
    Ran by tatiana (administrator) on TATIANA2650 on 24-07-2014 13:45:12
    Running from E:\
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    () C:\Program Files (x86)\glindorus\updateglindorus.exe
    () C:\Program Files (x86)\glindorus\bin\utilglindorus.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    () C:\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe
    () C:\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
    (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
    (Tango Inc.) C:\Program Files (x86)\Tango\Tango.exe
    (The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
    () C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
    (Weather Notifications, LLC) C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
    (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DellWPF] => [X]
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-24] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-27] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
    HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros)
    HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Qualcomm Atheros Commnucations)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
    HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1757648 2014-02-08] (APN)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36151360 2014-02-23] (ooVoo LLC)
    HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [Tango] => C:\Program Files (x86)\Tango\Tango.exe [13489992 2011-11-04] (Tango Inc.)
    HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-09-22] (The Weather Channel)
    HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\Backg (the data entry has 27 more characters). <===== ATTENTION
    HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
    HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\MountPoints2: {e9edd155-cd5d-11e2-be6a-806e6f6e6963} - "D:\Autorun.exe"
    Startup: C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
    ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
    Startup: C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
    ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=2159&gct=hp
    URLSearchHook: HKLM-x32 - Installl Converter A Toolbar - {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
    SearchScopes: HKLM - {81221284-1B33-4191-9C57-B3DC68CC8ADF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKLM-x32 - {81221284-1B33-4191-9C57-B3DC68CC8ADF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKCU - {3000D426-06D5-4132-9989-F3B98E2B8AE9} URL = http://www.search.ask.com/web?tpid=OVO2&o=2159&pf=V5&p2=%5EA2E%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.10.2.4129&apn_uid=43cf89ed-339d-417d-8b02-cefe02dc30b7&apn_ptnrs=%5EA2E&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=Null_64_9.10.9200.16580&doi=2013-06-07&trgb=IE&q={searchTerms}&psv=
    SearchScopes: HKCU - {43E35495-336C-4BF7-84B3-1473D9CD484C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311834&CUI=UN20610225992684773&UM=2
    SearchScopes: HKCU - {81221284-1B33-4191-9C57-B3DC68CC8ADF} URL =
    SearchScopes: HKCU - {C3625750-9A67-437E-BD67-B8AE4D139985} URL = http://rts.dsrlte.com/?q={searchTerms}&r=113
    BHO: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll (Plus HD)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport_x64.dll (APN LLC.)
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
    BHO-x32: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
    BHO-x32: ArcadeParlor Games -> {39AD0726-986D-40F9-972B-E3BFA24B7745} -> C:\Users\tatiana\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: GreatArcadeHits Add-on -> {D0C21091-FF8E-432C-9006-0540E81BA9D7} -> C:\Users\tatiana\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
    BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport.dll (APN LLC.)
    BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    BHO-x32: Installl Converter A Toolbar -> {f84db37a-ae6f-423b-9f51-14b5ec10c879} -> C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
    Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport_x64.dll (APN LLC.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport.dll (APN LLC.)
    Toolbar: HKLM-x32 - Installl Converter A Toolbar - {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport_x64.dll (APN LLC.)
    Toolbar: HKCU - No Name - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} - No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Extension: ArcadeParlor - C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-11-10]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF HKCU\...\FIREFOX\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\tatiana\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}
    FF Extension: GreatArcadeHits Add-on - C:\Users\tatiana\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} [2013-10-24]

    Chrome:
    =======
    CHR HomePage: hxxp://rts.dsrlte.com
    CHR StartupUrls: "hxxp://rts.dsrlte.com"
    CHR DefaultSearchKeyword: pay-by-ads.com
    CHR DefaultNewTabURL:
    CHR Extension: (Google Docs) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-02]
    CHR Extension: (Google Drive) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
    CHR Extension: (YouTube) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
    CHR Extension: (Google Search) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
    CHR Extension: (HP Smart Print) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2014-03-02]
    CHR Extension: (Google Wallet) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
    CHR Extension: (Gmail) - C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]
    CHR HKLM-x32\...\Chrome\Extension: [llmcibonccojooiboenghfafpieoabpl] - C:\Program Files (x86)\glindorus\llmcibonccojooiboenghfafpieoabpl.crx [2014-03-02]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-08] (APN LLC.)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations)
    S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
    R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
    R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
    R2 Update glindorus; C:\Program Files (x86)\glindorus\updateglindorus.exe [321824 2014-07-22] ()
    R2 Util glindorus; C:\Program Files (x86)\glindorus\bin\utilglindorus.exe [321824 2014-07-22] ()
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-08] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-20] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-09-20] (Synaptics Incorporated)
    R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64.sys [61112 2014-04-24] (StdLib)
    R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64.sys [61112 2014-06-09] (StdLib)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-07-24 13:44 - 2014-07-24 13:45 - 00000000 ____D () C:\FRST
    2014-07-24 13:43 - 2014-07-24 13:43 - 00000207 _____ () C:\windows\tweaking.com-regbackup-TATIANA2650-Microsoft-Windows-8-(64-bit).dat
    2014-07-24 13:42 - 2014-07-24 13:42 - 00002241 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-07-24 13:42 - 2014-07-24 13:42 - 00000000 ____D () C:\RegBackup
    2014-07-24 13:42 - 2014-07-24 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-07-24 13:40 - 2014-07-24 13:40 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-07-24 13:38 - 2014-07-24 13:38 - 00000000 ___RD () C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-07-24 13:36 - 2014-07-24 13:36 - 00001006 _____ () C:\Users\tatiana\Documents\chris_fix.txt
    2014-07-20 19:18 - 2014-07-20 19:18 - 00000112 _____ () C:\windows\wininit.ini
    2014-07-20 17:22 - 2014-07-20 17:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-07-20 17:22 - 2014-07-20 17:22 - 00001264 _____ () C:\Users\tatiana\Desktop\Spybot - Search & Destroy.lnk
    2014-07-20 17:22 - 2014-07-20 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    2014-07-20 17:22 - 2014-07-20 17:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2014-07-20 16:27 - 2014-07-20 16:28 - 00291288 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-07-17 14:43 - 2014-06-26 15:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-07-17 14:43 - 2014-06-26 15:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-17 14:38 - 2014-07-17 14:38 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-07-11 19:00 - 2014-06-30 17:42 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-07-11 19:00 - 2014-06-30 17:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-07-11 18:59 - 2014-06-30 17:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-07-11 18:59 - 2014-06-27 22:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-07-09 14:27 - 2014-06-17 18:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
    2014-07-09 14:27 - 2014-06-17 18:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
    2014-07-09 14:27 - 2014-06-10 23:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-07-09 14:27 - 2014-06-02 17:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
    2014-07-09 14:27 - 2014-05-29 18:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
    2014-07-09 14:27 - 2014-05-29 18:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
    2014-07-09 14:27 - 2014-05-29 18:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-07-09 14:27 - 2014-05-29 18:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
    2014-07-09 14:27 - 2014-05-03 01:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-07-09 14:27 - 2014-05-03 01:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2014-07-09 14:27 - 2014-05-02 23:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2014-07-09 14:27 - 2014-05-01 17:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2014-07-09 14:27 - 2014-04-29 17:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
    2014-07-09 14:27 - 2014-04-29 17:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
    2014-07-09 14:27 - 2014-04-23 18:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
    2014-07-09 14:27 - 2014-04-23 18:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-07-09 14:27 - 2014-04-23 18:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
    2014-07-09 14:27 - 2014-04-23 18:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-07-09 14:27 - 2014-02-07 23:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
    2014-07-09 14:26 - 2014-06-18 21:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-07-09 14:26 - 2014-06-18 21:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-07-09 14:26 - 2014-06-18 21:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
    2014-07-09 14:26 - 2014-06-18 21:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
    2014-07-09 14:26 - 2014-06-18 21:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-07-09 14:26 - 2014-06-18 21:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-07-09 14:26 - 2014-06-18 21:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-07-09 14:26 - 2014-06-18 21:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-07-09 14:26 - 2014-06-18 21:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-07-09 14:26 - 2014-06-18 21:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-07-09 14:26 - 2014-06-18 19:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-07-09 14:26 - 2014-06-18 19:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-07-09 14:26 - 2014-06-18 19:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-07-09 14:26 - 2014-06-18 19:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-07-09 14:26 - 2014-06-18 19:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-07-09 14:26 - 2014-06-18 19:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-07-09 14:26 - 2014-06-18 19:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-07-09 14:26 - 2014-06-18 19:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-07-09 14:26 - 2014-06-18 19:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-07-09 14:26 - 2014-06-18 19:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-07-09 14:26 - 2014-06-18 19:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-07-09 14:26 - 2014-06-18 17:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
    2014-07-09 14:25 - 2014-06-06 09:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
    2014-07-09 14:25 - 2014-06-06 05:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
    2014-07-09 14:25 - 2014-05-29 17:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
    2014-07-04 22:40 - 2014-07-24 13:38 - 00003382 _____ () C:\windows\System32\Tasks\BackgroundContainer Startup Task

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-07-24 13:45 - 2014-07-24 13:44 - 00000000 ____D () C:\FRST
    2014-07-24 13:45 - 2013-01-14 15:37 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2014-07-24 13:43 - 2014-07-24 13:43 - 00000207 _____ () C:\windows\tweaking.com-regbackup-TATIANA2650-Microsoft-Windows-8-(64-bit).dat
    2014-07-24 13:42 - 2014-07-24 13:42 - 00002241 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-07-24 13:42 - 2014-07-24 13:42 - 00000000 ____D () C:\RegBackup
    2014-07-24 13:42 - 2014-07-24 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-07-24 13:42 - 2012-07-26 02:21 - 00023922 _____ () C:\windows\setupact.log
    2014-07-24 13:41 - 2013-06-03 22:54 - 01636358 _____ () C:\windows\WindowsUpdate.log
    2014-07-24 13:40 - 2014-07-24 13:40 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-07-24 13:39 - 2013-11-10 17:09 - 00000000 ____D () C:\Users\tatiana\AppData\Local\SevereWeatherAlerts
    2014-07-24 13:38 - 2014-07-24 13:38 - 00000000 ___RD () C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-07-24 13:38 - 2014-07-04 22:40 - 00003382 _____ () C:\windows\System32\Tasks\BackgroundContainer Startup Task
    2014-07-24 13:38 - 2014-03-02 16:07 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-24 13:38 - 2013-10-24 17:54 - 00001324 _____ () C:\windows\Tasks\Plus-HD-1.6-updater.job
    2014-07-24 13:38 - 2013-10-24 17:54 - 00001226 _____ () C:\windows\Tasks\Plus-HD-1.6-codedownloader.job
    2014-07-24 13:38 - 2013-10-24 17:54 - 00001126 _____ () C:\windows\Tasks\Plus-HD-1.6-enabler.job
    2014-07-24 13:38 - 2012-07-26 00:26 - 00000226 _____ () C:\windows\win.ini
    2014-07-24 13:37 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-07-24 13:37 - 2012-07-26 00:26 - 00524288 ___SH () C:\windows\system32\config\BBI
    2014-07-24 13:36 - 2014-07-24 13:36 - 00001006 _____ () C:\Users\tatiana\Documents\chris_fix.txt
    2014-07-24 13:00 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
    2014-07-24 12:55 - 2014-03-02 16:07 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-23 14:53 - 2013-10-24 17:54 - 00000304 _____ () C:\windows\Tasks\GreatArcadeHits.job
    2014-07-22 18:42 - 2013-11-10 17:09 - 00000304 _____ () C:\windows\Tasks\ArcadeParlor.job
    2014-07-22 18:00 - 2014-03-02 16:09 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-07-22 17:31 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
    2014-07-20 19:20 - 2013-01-14 17:00 - 00180414 _____ () C:\windows\PFRO.log
    2014-07-20 19:18 - 2014-07-20 19:18 - 00000112 _____ () C:\windows\wininit.ini
    2014-07-20 19:18 - 2013-10-15 17:51 - 00000000 ____D () C:\Users\tatiana\AppData\Local\Conduit
    2014-07-20 17:25 - 2014-07-20 17:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-07-20 17:22 - 2014-07-20 17:22 - 00001264 _____ () C:\Users\tatiana\Desktop\Spybot - Search & Destroy.lnk
    2014-07-20 17:22 - 2014-07-20 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    2014-07-20 17:22 - 2014-07-20 17:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2014-07-20 17:06 - 2013-06-07 10:30 - 00000000 ____D () C:\Users\tatiana\AppData\Local\CrashDumps
    2014-07-20 16:28 - 2014-07-20 16:27 - 00291288 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-07-17 15:02 - 2013-06-08 16:23 - 00000000 ____D () C:\Users\tatiana\AppData\Roaming\PCDr
    2014-07-17 14:49 - 2012-07-26 02:28 - 00850046 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-07-17 14:38 - 2014-07-17 14:38 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-07-17 14:38 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-07-17 14:38 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-07-17 14:38 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\WinStore
    2014-07-17 14:38 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-13 22:31 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
    2014-07-13 22:28 - 2013-07-22 12:15 - 00000000 ____D () C:\windows\system32\MRT
    2014-07-13 22:24 - 2013-06-06 21:35 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-07-12 16:51 - 2013-06-04 00:59 - 00000000 ____D () C:\Users\tatiana\AppData\Local\softthinks
    2014-07-11 18:50 - 2013-06-03 22:54 - 00000000 ____D () C:\Users\tatiana
    2014-07-09 13:28 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
    2014-07-05 08:58 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
    2014-07-04 23:52 - 2013-10-24 17:54 - 00000000 ____D () C:\Users\tatiana\AppData\Local\GreatArcadeHits
    2014-06-30 17:42 - 2014-07-11 19:00 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-06-30 17:42 - 2014-07-11 19:00 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-06-30 17:42 - 2014-07-11 18:59 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-06-28 15:41 - 2013-11-10 17:09 - 00000000 ____D () C:\Users\tatiana\AppData\Local\ArcadeParlor
    2014-06-27 22:35 - 2014-07-11 18:59 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-06-26 15:53 - 2014-07-17 14:43 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-06-26 15:53 - 2014-07-17 14:43 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-22 17:21

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014
    Ran by tatiana at 2014-07-24 13:46:56
    Running from E:\
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AbiWord 2.6.4 (HKLM-x32\...\AbiWord2) (Version: 2.6.4 - AbiSource Developers)
    Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
    Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcadeParlor (HKCU\...\{B74443DB-5A88-4583-860A-F0D06EF399E3}) (Version: - ArcadeParlor)
    Ask Toolbar (HKLM-x32\...\{4F564F32-0076-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4129 - APN, LLC) <==== ATTENTION
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
    Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 23.4.1.0 - COMODO)
    CWA Reminder by We-Care.com v4.1.24.3 (HKLM-x32\...\{0228288D-975E-42F7-9993-E91A82E6BBD9}) (Version: 4.1.24.3 - We-Care.com)
    CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
    CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
    Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.17 - Synaptics Incorporated)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    glindorus 1.0.0 (HKLM\...\glindorus) (Version: 1.0.0 - glindorus) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
    HP Officejet 4630 series Basic Device Software (HKLM\...\{29B1CB33-32C3-4762-85DA-8CEADDC36EA7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
    HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Installl Converter A Toolbar for IE (HKLM-x32\...\IECT3311834) (Version: 6.17.0.33 - Installl Converter A)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
    Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.3001 - ooVoo LLC.)
    Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Plus-HD-1.6 (HKLM-x32\...\Plus-HD-1.6) (Version: 1.28.153.5 - Plus HD) <==== ATTENTION
    Product Improvement Study for HP Officejet 4630 series (HKLM\...\{B1D45D48-A4D4-495F-A693-681EA9846754}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6741 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    Severe Weather Alerts (HKCU\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC) <==== ATTENTION
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Tango (HKCU\...\Tango) (Version: 1.6.14117 - TangoMe, Inc.)
    The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
    Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID entries: ==========================

    (Only entries are listed that could be exploited by malware. If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    09-07-2014 19:56:30 Windows Update
    14-07-2014 00:38:32 Windows Update
    23-07-2014 21:10:47 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0778355F-9224-45C5-B95A-3A3EDA245481} - System32\Tasks\Titanium Installation => D:\setup.exe
    Task: {1288ACED-7A87-4780-AD1E-33647E440B35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {2A707B02-5540-4B65-86AF-2D97EE306365} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: {40F12069-EF86-4ECD-9A2D-F4DA1E87F109} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
    Task: {41D3641C-CAE3-42A8-9039-383D46CF1C15} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-07-13] (Microsoft Corporation)
    Task: {57239CD5-F958-43F5-8456-E21283DAD8FF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {5EB39D17-5ECE-4FC3-B01D-013CB3BB8334} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
    Task: {7508AA55-4F66-4824-B6CE-095E43DEA487} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
    Task: {7717C6A6-3907-4204-B79C-3C82B5AB26FE} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-10-24] (Plus HD)
    Task: {821DBF9A-447C-4121-85D2-F9A05570E0A8} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
    Task: {920D4D8F-3914-4922-8AFE-490BBB8BDEB2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
    Task: {92F68220-481A-4738-AF13-02963B36FFBA} - System32\Tasks\ArcadeParlor => C:\Users\tatiana\AppData\Local\ArcadeParlor\versioncheck.exe [2014-06-28] ()
    Task: {9FE7090D-8A12-4010-9372-1F57DAE6798D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
    Task: {A6408AD5-1E9E-43F5-BAFA-A3C0C9FB45B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {B4259671-5ACB-4D33-954D-803B9E950CB2} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-10-24] (Plus HD)
    Task: {B862537C-CAF0-42B2-853F-5F7B9AD9A22E} - System32\Tasks\GreatArcadeHits => C:\Users\tatiana\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2014-07-04] () <==== ATTENTION
    Task: {C1FAE1CD-AF1C-4831-987D-8D820818E441} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-10-24] (Plus HD)
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {FA3E0F37-DB40-4397-A64D-4FA84CC18A69} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
    Task: {FB26536C-046B-49F2-BD80-2DFCC3590329} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    Task: C:\windows\Tasks\ArcadeParlor.job => C:\Users\tatiana\AppData\Local\ArcadeParlor\versioncheck.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GreatArcadeHits.job => C:\Users\tatiana\AppData\Local\GreatArcadeHits\GAHUpdate.exe
    Task: C:\windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
    Task: C:\windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
    Task: C:\windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-12-24 06:30 - 2012-12-24 06:30 - 01868432 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    2013-01-14 15:32 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2013-10-04 20:02 - 2014-07-22 18:33 - 00321824 _____ () C:\Program Files (x86)\glindorus\updateglindorus.exe
    2013-10-26 14:24 - 2014-07-22 18:32 - 00321824 _____ () C:\Program Files (x86)\glindorus\bin\utilglindorus.exe
    2014-05-01 18:36 - 2014-07-03 16:11 - 00287008 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe
    2014-05-01 18:37 - 2014-07-22 18:53 - 00096544 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe
    2013-06-07 12:04 - 2013-06-07 12:06 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
    2012-08-08 15:11 - 2012-08-08 15:11 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
    2013-01-14 16:23 - 2012-08-27 02:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-07-09 00:02 - 2013-07-09 00:02 - 00348384 _____ () C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
    2013-07-09 00:02 - 2013-07-09 00:02 - 00076000 _____ () C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll
    2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-04-14 03:43 - 2011-04-14 03:43 - 08448512 _____ () C:\Program Files (x86)\Tango\QtGui4.dll
    2011-04-14 03:35 - 2011-04-14 03:35 - 02346496 _____ () C:\Program Files (x86)\Tango\QtCore4.dll
    2011-04-14 03:50 - 2011-04-14 03:50 - 00113152 _____ () C:\Program Files (x86)\Tango\QtMultimedia4.dll
    2011-04-14 03:36 - 2011-04-14 03:36 - 00859648 _____ () C:\Program Files (x86)\Tango\QtNetwork4.dll
    2011-04-14 04:58 - 2011-04-14 04:58 - 11159040 _____ () C:\Program Files (x86)\Tango\QtWebKit4.dll
    2011-08-09 05:31 - 2011-08-09 05:31 - 00054784 _____ () C:\Program Files (x86)\Tango\CrashRpt.dll
    2011-04-14 03:49 - 2011-04-14 03:49 - 00270336 _____ () C:\Program Files (x86)\Tango\phonon4.dll
    2013-01-14 15:30 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2014-02-27 22:51 - 2014-02-27 22:51 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b1c5b85477b09ceb4fa27fdf6e37e617\PSIClient.ni.dll
    2013-01-14 15:37 - 2012-09-12 22:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2013-01-14 15:37 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2013-01-14 15:37 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
    2013-01-14 15:22 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/24/2014 01:21:36 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
    The manifest file root element must be assembly.

    Error: (07/24/2014 01:21:04 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Error: (07/24/2014 01:04:51 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4797

    Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4797

    Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3516

    Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3516

    Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/23/2014 11:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2406


    System errors:
    =============
    Error: (07/24/2014 01:40:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (07/22/2014 06:34:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (07/22/2014 06:30:43 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (07/22/2014 06:30:43 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (07/22/2014 06:30:39 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (07/22/2014 06:30:39 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (07/22/2014 06:30:39 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (07/22/2014 06:30:39 PM) (Source: DCOM) (EventID: 10010) (User: TATIANA2650)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (07/22/2014 05:07:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (07/22/2014 05:05:24 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:46:13 PM on ‎7/‎22/‎2014 was unexpected.


    Microsoft Office Sessions:
    =========================
    Error: (07/24/2014 01:21:36 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2

    Error: (07/24/2014 01:21:04 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8

    Error: (07/24/2014 01:04:51 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4797

    Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4797

    Error: (07/23/2014 11:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3516

    Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3516

    Error: (07/23/2014 11:34:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/23/2014 11:34:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2406


    ==================== Memory info ===========================

    Percentage of memory in use: 38%
    Total physical RAM: 3965.27 MB
    Available physical RAM: 2426.34 MB
    Total Pagefile: 4861.27 MB
    Available Pagefile: 3175.7 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.78 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:451.98 GB) (Free:397.74 GB) NTFS
    Drive e: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.21 GB) FAT32
    Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
    Drive y: (PBR Image) (Fixed) (Total:12.64 GB) (Free:0.27 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 5A14010D)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=15 GB) - (Type=0C)

    ==================== End Of Log ============================


    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-07-24 13:55:09
    -----------------------------
    13:55:09.001 OS Version: Windows x64 6.2.9200
    13:55:09.002 Number of processors: 2 586 0x3A09
    13:55:09.004 ComputerName: TATIANA2650 UserName: tatiana
    13:55:11.231 Initialize success
    13:55:11.314 VM: initialized successfully
    13:55:11.339 VM: Intel CPU supported
    13:55:20.158 VM: disk I/O iaStorA.sys
    13:58:24.345 AVAST engine defs: 14072400
    13:59:50.698 The log file has been saved successfully to "E:\aswMBR.txt"


    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-07-24 13:55:09
    -----------------------------
    13:55:09.001 OS Version: Windows x64 6.2.9200
    13:55:09.002 Number of processors: 2 586 0x3A09
    13:55:09.004 ComputerName: TATIANA2650 UserName: tatiana
    13:55:11.231 Initialize success
    13:55:11.314 VM: initialized successfully
    13:55:11.339 VM: Intel CPU supported
    13:55:20.158 VM: disk I/O iaStorA.sys
    13:58:24.345 AVAST engine defs: 14072400
    13:59:50.698 The log file has been saved successfully to "E:\aswMBR.txt"
    14:00:33.190 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
    14:00:33.196 Disk 0 Vendor: ST500LT012-9WS142 0001SDM1 Size: 476940MB BusType: 11
    14:00:33.315 Disk 0 MBR read successfully
    14:00:33.323 Disk 0 MBR scan
    14:00:33.340 Disk 0 unknown MBR code
    14:00:33.349 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    14:00:33.468 Disk 0 scanning C:\windows\system32\drivers
    14:01:00.192 Service scanning
    14:01:56.986 Modules scanning
    14:01:57.342 Disk 0 trace - called modules:
    14:01:57.364 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
    14:01:57.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006084060]
    14:01:57.388 3 CLASSPNP.SYS[fffff88000b08e0a] -> nt!IofCallDriver -> \Device\00000032[0xfffffa8004d69060]
    14:01:58.905 AVAST engine scan C:\windows
    14:02:02.388 AVAST engine scan C:\windows\system32
    14:08:24.351 AVAST engine scan C:\windows\system32\drivers
    14:08:55.956 AVAST engine scan C:\Users\tatiana
    14:45:07.340 AVAST engine scan C:\ProgramData
    14:49:01.452 Scan finished successfully
    14:50:20.215 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
    14:50:20.263 The log file has been saved successfully to "E:\aswMBR.txt"

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Hi and welcome

    Before we can start we will have to move FRST to desktop.
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
    Ran by tatiana (administrator) on TATIANA2650 on 24-07-2014 13:45:12
    Running from E:\

    Please go to E drive, right click on FRST and select CUT
    Go to an open spot on your desktop, right click and select Paste.
    This should move FRST out of E drive to desktop.

    If you are unable to move FRST to desktop, please right click on the version you have now and delete and download it again. Make sure to download to desktop.


    Or, Simply download and copy fixlist.txt and FRST.exe to a folder of your choice and then start FRST and click on the Fix button and then attach the fixlog.txt to your next reply.

    The below script will reboot your computer, please don't be alarmed.

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\Backg (the data entry has 27 more characters). <===== ATTENTION
    SearchScopes: HKCU - {3000D426-06D5-4132-9989-F3B98E2B8AE9} URL = http://www.search.ask.com/web?tpid=OVO2&o=2159&pf=V5&p2=%5EA2E%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.10.2.4129&apn_uid=43cf89ed-339d-417d-8b02-cefe02dc30b7&apn_ptnrs=%5EA2E&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=Null_64_9.10.9200.16580&doi=2013-06-07&trgb=IE&q={searchTerms}&psv=
    SearchScopes: HKCU - {43E35495-336C-4BF7-84B3-1473D9CD484C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311834&CUI=UN20610225992684773&UM=2
    SearchScopes: HKCU - {81221284-1B33-4191-9C57-B3DC68CC8ADF} URL =
    SearchScopes: HKCU - {C3625750-9A67-437E-BD67-B8AE4D139985} URL = http://rts.dsrlte.com/?q={searchTerms}&r=113
    BHO: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll (Plus HD)
    BHO-x32: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
    BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    BHO-x32: Installl Converter A Toolbar -> {f84db37a-ae6f-423b-9f51-14b5ec10c879} -> C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
    Toolbar: HKCU - No Name - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} - No File
    CHR HomePage: hxxp://rts.dsrlte.com
    CHR StartupUrls: "hxxp://rts.dsrlte.com"
    CHR HKLM-x32\...\Chrome\Extension: [llmcibonccojooiboenghfafpieoabpl] - C:\Program Files (x86)\glindorus\llmcibonccojooiboenghfafpieoabpl.crx [2014-03-02]
    CHR DefaultSearchKeyword: pay-by-ads.com
    R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-08] (APN LLC.)
    R2 Update glindorus; C:\Program Files (x86)\glindorus\updateglindorus.exe [321824 2014-07-22] ()
    R2 Util glindorus; C:\Program Files (x86)\glindorus\bin\utilglindorus.exe [321824 2014-07-22] ()
    R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64.sys [61112 2014-04-24] (StdLib)
    R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64.sys [61112 2014-06-09] (StdLib)
    C:\windows\Tasks\Plus-HD-1.6-updater.job
    C:\windows\Tasks\Plus-HD-1.6-codedownloader.job
    C:\windows\Tasks\Plus-HD-1.6-enabler.job
    C:\Users\tatiana\AppData\Local\Conduit
    Ask Toolbar (HKLM-x32\...\{4F564F32-0076-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4129 - APN, LLC) <==== ATTENTION
    Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
    glindorus 1.0.0 (HKLM\...\glindorus) (Version: 1.0.0 - glindorus) <==== ATTENTION
    GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
    Plus-HD-1.6 (HKLM-x32\...\Plus-HD-1.6) (Version: 1.28.153.5 - Plus HD) <==== ATTENTION
    Severe Weather Alerts (HKCU\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC) <==== ATTENTION
    Task: {FB26536C-046B-49F2-BD80-2DFCC3590329} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    Task: C:\windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
    Task: C:\windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
    Task: C:\windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe
    C:\Program Files (x86)\glindorus\updateglindorus.exe
    2013-10-26 14:24 - 2014-07-22 18:32 - 00321824 _____ () C:\Program Files (x86)\glindorus\bin\utilglindorus.exe
    2014-05-01 18:36 - 2014-07-03 16:11 - 00287008 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe
    2014-05-01 18:37 - 2014-07-22 18:53 - 00096544 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe
    Reboot:
    end
    Open FRST/FRST64 and press the Fix button just once and wait.

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    NEXT**

    AdwCleaner by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.


    Close all open windows and browsers.


    • Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

      *****


    • Click the Scan button and wait for the scan to finish.

    • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Then click on Clean
    • Confirm each time with Ok
    • Click the Report button to get the log
    • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
    • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
    • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.



    NEXT**

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes


    ***************************************

    Please post:
    Fixlog.txt
    C:\AdwCleaner\AdwCleaner.txt
    Malwarebytes log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member the1dbg's Avatar
    Join Date
    Jul 2008
    Posts
    45

    Default Logs

    Juliet

    Hello and thank you for the quick response. Here are the requested logs.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
    Ran by tatiana at 2014-07-25 11:03:21 Run:1
    Running from C:\Users\tatiana\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\Backg (the data entry has 27 more characters). <===== ATTENTION
    SearchScopes: HKCU - {3000D426-06D5-4132-9989-F3B98E2B8AE9} URL = http://www.search.ask.com/web?tpid=OVO2&o=2159&pf=V5&p2=%5EA2E%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.10.2.4129&apn_uid=43cf89ed-339d-417d-8b02-cefe02dc30b7&apn_ptnrs=%5EA2E&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=Null_64_9.10.9200.16580&doi=2013-06-07&trgb=IE&q={searchTerms}&psv=
    SearchScopes: HKCU - {43E35495-336C-4BF7-84B3-1473D9CD484C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311834&CUI=UN20610225992684773&UM=2
    SearchScopes: HKCU - {81221284-1B33-4191-9C57-B3DC68CC8ADF} URL =
    SearchScopes: HKCU - {C3625750-9A67-437E-BD67-B8AE4D139985} URL = http://rts.dsrlte.com/?q={searchTerms}&r=113
    BHO: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll (Plus HD)
    BHO-x32: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
    BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    BHO-x32: Installl Converter A Toolbar -> {f84db37a-ae6f-423b-9f51-14b5ec10c879} -> C:\Program Files (x86)\Installl_Converter_A\prxtbInst.dll (Conduit Ltd.)
    Toolbar: HKCU - No Name - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} - No File
    CHR HomePage: hxxp://rts.dsrlte.com
    CHR StartupUrls: "hxxp://rts.dsrlte.com"
    CHR HKLM-x32\...\Chrome\Extension: [llmcibonccojooiboenghfafpieoabpl] - C:\Program Files (x86)\glindorus\llmcibonccojooiboenghfafpieoabpl.crx [2014-03-02]
    CHR DefaultSearchKeyword: pay-by-ads.com
    R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-08] (APN LLC.)
    R2 Update glindorus; C:\Program Files (x86)\glindorus\updateglindorus.exe [321824 2014-07-22] ()
    R2 Util glindorus; C:\Program Files (x86)\glindorus\bin\utilglindorus.exe [321824 2014-07-22] ()
    R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64.sys [61112 2014-04-24] (StdLib)
    R1 {26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64; C:\Windows\System32\drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64.sys [61112 2014-06-09] (StdLib)
    C:\windows\Tasks\Plus-HD-1.6-updater.job
    C:\windows\Tasks\Plus-HD-1.6-codedownloader.job
    C:\windows\Tasks\Plus-HD-1.6-enabler.job
    C:\Users\tatiana\AppData\Local\Conduit
    Ask Toolbar (HKLM-x32\...\{4F564F32-0076-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4129 - APN, LLC) <==== ATTENTION
    Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
    glindorus 1.0.0 (HKLM\...\glindorus) (Version: 1.0.0 - glindorus) <==== ATTENTION
    GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION
    Plus-HD-1.6 (HKLM-x32\...\Plus-HD-1.6) (Version: 1.28.153.5 - Plus HD) <==== ATTENTION
    Severe Weather Alerts (HKCU\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC) <==== ATTENTION
    Task: {FB26536C-046B-49F2-BD80-2DFCC3590329} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    Task: C:\windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
    Task: C:\windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
    Task: C:\windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe
    C:\Program Files (x86)\glindorus\updateglindorus.exe
    2013-10-26 14:24 - 2014-07-22 18:32 - 00321824 _____ () C:\Program Files (x86)\glindorus\bin\utilglindorus.exe
    2014-05-01 18:36 - 2014-07-03 16:11 - 00287008 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe
    2014-05-01 18:37 - 2014-07-22 18:53 - 00096544 _____ () C:\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe
    Reboot:
    end
    *****************

    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
    HKU\S-1-5-21-3233409102-1572755282-2613258542-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => value deleted successfully.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3000D426-06D5-4132-9989-F3B98E2B8AE9}" => Key deleted successfully.
    "HKCR\CLSID\{3000D426-06D5-4132-9989-F3B98E2B8AE9}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43E35495-336C-4BF7-84B3-1473D9CD484C}" => Key deleted successfully.
    "HKCR\CLSID\{43E35495-336C-4BF7-84B3-1473D9CD484C}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{81221284-1B33-4191-9C57-B3DC68CC8ADF}" => Key deleted successfully.
    "HKCR\CLSID\{81221284-1B33-4191-9C57-B3DC68CC8ADF}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C3625750-9A67-437E-BD67-B8AE4D139985}" => Key deleted successfully.
    "HKCR\CLSID\{C3625750-9A67-437E-BD67-B8AE4D139985}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}" => Key deleted successfully.
    "HKCR\CLSID\{11111111-1111-1111-1111-110311201102}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311201102}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f84db37a-ae6f-423b-9f51-14b5ec10c879}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{f84db37a-ae6f-423b-9f51-14b5ec10c879}" => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F84DB37A-AE6F-423B-9F51-14B5EC10C879} => value deleted successfully.
    "HKCR\CLSID\{F84DB37A-AE6F-423B-9F51-14B5EC10C879}" => Key not found.
    CHR HomePage: hxxp://rts.dsrlte.com ==> The Chrome "Settings" can be used to fix the entry.
    CHR StartupUrls: "hxxp://rts.dsrlte.com" ==> The Chrome "Settings" can be used to fix the entry.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\llmcibonccojooiboenghfafpieoabpl" => Key deleted successfully.
    "C:\Program Files (x86)\glindorus\llmcibonccojooiboenghfafpieoabpl.crx" => File/Directory not found.
    CHR DefaultSearchKeyword: pay-by-ads.com ==> The Chrome "Settings" can be used to fix the entry.
    APNMCP => Unable to stop service
    APNMCP => Service deleted successfully.
    Update glindorus => Unable to stop service
    Update glindorus => Service deleted successfully.
    Util glindorus => Unable to stop service
    Util glindorus => Service deleted successfully.
    {26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64 => Unable to stop service
    {26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64 => Service deleted successfully.
    {26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64 => Unable to stop service
    {26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64 => Service deleted successfully.
    C:\windows\Tasks\Plus-HD-1.6-updater.job => Moved successfully.
    C:\windows\Tasks\Plus-HD-1.6-codedownloader.job => Moved successfully.
    C:\windows\Tasks\Plus-HD-1.6-enabler.job => Moved successfully.
    C:\Users\tatiana\AppData\Local\Conduit => Moved successfully.
    Ask Toolbar (HKLM-x32\...\{4F564F32-0076-A76A-76A7-A758B70C0A02}) (Version: 12.10.2.4129 - APN, LLC) <==== ATTENTION => Error: No automatic fix found for this entry.
    Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION => Error: No automatic fix found for this entry.
    glindorus 1.0.0 (HKLM\...\glindorus) (Version: 1.0.0 - glindorus) <==== ATTENTION => Error: No automatic fix found for this entry.
    GreatArcadeHits (HKCU\...\{856AD396-519D-4C7A-BED6-6785F64924BC}) (Version: 1.0 - GreatArcadeHits) <==== ATTENTION => Error: No automatic fix found for this entry.
    Plus-HD-1.6 (HKLM-x32\...\Plus-HD-1.6) (Version: 1.28.153.5 - Plus HD) <==== ATTENTION => Error: No automatic fix found for this entry.
    Severe Weather Alerts (HKCU\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC) <==== ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB26536C-046B-49F2-BD80-2DFCC3590329}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB26536C-046B-49F2-BD80-2DFCC3590329}" => Key deleted successfully.
    C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
    C:\windows\Tasks\Plus-HD-1.6-codedownloader.job not found.
    C:\windows\Tasks\Plus-HD-1.6-enabler.job not found.
    C:\windows\Tasks\Plus-HD-1.6-updater.job not found.
    C:\Program Files (x86)\glindorus\updateglindorus.exe => Moved successfully.
    C:\Program Files (x86)\glindorus\bin\utilglindorus.exe => Moved successfully.
    C:\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe => Moved successfully.
    C:\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe => Moved successfully.


    The system needed a reboot.

    ==== End of Fixlog ====


    # AdwCleaner v3.216 - Report created 25/07/2014 at 11:39:08
    # Updated 17/07/2014 by Xplode
    # Operating System : Windows 8 (64 bits)
    # Username : tatiana - TATIANA2650
    # Running from : C:\Users\tatiana\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\AskPartnerNetwork
    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\glindorus
    Folder Deleted : C:\Program Files (x86)\Plus-HD-1.6
    Folder Deleted : C:\Program Files (x86)\Installl_Converter_A
    Folder Deleted : C:\windows\SysWOW64\SearchProtect
    Folder Deleted : C:\Users\tatiana\AppData\Local\AskPartnerNetwork
    Folder Deleted : C:\Users\tatiana\AppData\Local\GreatArcadeHits
    Folder Deleted : C:\Users\tatiana\AppData\Local\Temp\apn
    Folder Deleted : C:\Users\tatiana\AppData\Local\Temp\AskSearch
    Folder Deleted : C:\Users\tatiana\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\tatiana\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\tatiana\AppData\LocalLow\Installl_Converter_A
    Folder Deleted : C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
    File Deleted : C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\windows\System32\Tasks\Plus-HD-1.6-codedownloader
    File Deleted : C:\windows\System32\Tasks\Plus-HD-1.6-enabler
    File Deleted : C:\windows\System32\Tasks\Plus-HD-1.6-updater

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateglindorus_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateglindorus_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilglindorus_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilglindorus_RASMANCS
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3311834
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311834
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42DAACA-52CC-40DB-834D-784AA791C537}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F84DB37A-AE6F-423B-9F51-14B5EC10C879}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F84DB37A-AE6F-423B-9F51-14B5EC10C879}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F42DAACA-52CC-40DB-834D-784AA791C537}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11a50cbd-0239-45b9-a7de-15b923409bc3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8ffa420b-7445-4020-bc96-578482f2d49e}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c4e4f357-e931-4d09-8cc9-542954ba9e54}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d5ecce38-198b-4ae7-ab77-4f009ff534fa}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea288a59-147f-4dbc-a22f-9f5b6b5009b2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D82B706C-B381-4D47-A124-F2B0899F9B83}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3C627C1-46CC-45EB-AF3C-D2E511C4FA14}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F84DB37A-AE6F-423B-9F51-14B5EC10C879}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F84DB37A-AE6F-423B-9F51-14B5EC10C879}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11a50cbd-0239-45b9-a7de-15b923409bc3}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8ffa420b-7445-4020-bc96-578482f2d49e}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c4e4f357-e931-4d09-8cc9-542954ba9e54}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d5ecce38-198b-4ae7-ab77-4f009ff534fa}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea288a59-147f-4dbc-a22f-9f5b6b5009b2}
    Key Deleted : HKCU\Software\AskPartnerNetwork
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\glindorus
    Key Deleted : HKCU\Software\installedbrowserextensions
    Key Deleted : HKCU\Software\SocialBit
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Installl_Converter_A
    Key Deleted : HKLM\Software\AskPartnerNetwork
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\glindorus
    Key Deleted : HKLM\Software\Plus-HD-1.6
    Key Deleted : HKLM\Software\Installl_Converter_A
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.6
    Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\glindorus

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.17028

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Google Chrome v36.0.1985.125

    [ File : C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

    *************************

    AdwCleaner[R0].txt - [16167 octets] - [25/07/2014 11:36:29]
    AdwCleaner[S0].txt - [14233 octets] - [25/07/2014 11:39:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14294 octets] ##########


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 7/25/2014
    Scan Time: 11:47:43 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.25.05
    Rootkit Database: v2014.07.17.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: tatiana

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 283797
    Time Elapsed: 12 min, 7 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 2
    PUP.Optional.SevereWeatherAlerts.A, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe, 3996, Delete-on-Reboot, [22972a796a111521450a79e67c85c63a]
    PUP.Optional.SevereWeatherAlerts.A, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe, 2312, Delete-on-Reboot, [f4c58b18b0cb1b1b54fca2bd2fd2a65a]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 29
    PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
    PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{632D51D4-67C3-40CA-8A7E-D1E93E80B005}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
    PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1F29738C-11D6-4AE5-A1B1-86D4D5F3A69C}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
    PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{96B4DEA0-F89C-475C-8124-B247260B7CB5}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
    PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1F29738C-11D6-4AE5-A1B1-86D4D5F3A69C}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
    PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
    PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
    PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [49705b48e69594a20cd4890e887aa45c],
    PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
    PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
    PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B60591CD-AA25-4261-B05A-77826471C0A3}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
    PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
    PUP.Optional.WeCare, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
    PUP.Optional.WeCare, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [2396841f4a31c86e2e84a9b1f50d05fb],
    PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
    PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
    PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
    PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
    PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
    PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
    PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
    PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
    PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
    PUP.Optional.GreatArcadeHits.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D0C21091-FF8E-432C-9006-0540E81BA9D7}, Quarantined, [1d9c465d1f5c270f41438ad70101eb15],
    PUP.Optional.SevereWeatherAlerts, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Severe Weather Alerts, Quarantined, [5465a8fbd2a968cec3b9170cc33d0bf5],
    PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0228288D-975E-42F7-9993-E91A82E6BBD9}, Quarantined, [5168525154277abc7bbcb117d929758b],
    PUP.Optional.WeCare, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [12a72e7529527eb892b8ac1c42c06d93],
    PUP.Optional.SevereWeatherAlerts.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SevereWeatherAlerts.exe, Quarantined, [b009049f0f6ca88e0da139e723e11ee2],
    PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3233409102-1572755282-2613258542-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B74443DB-5A88-4583-860A-F0D06EF399E3}, Quarantined, [97227b28f8831323011fccdda06227d9],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 21
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts, Delete-on-Reboot, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0129202349, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0316122505, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0321225405, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0717143001, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1116224855, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1119141943, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1218174621, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts, Quarantined, [e1d822811d5e55e1d1d3bd50b05404fc],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\Weather_Notifications,_LL, Quarantined, [fdbc287b4d2e94a2c27bc3e550b2bb45],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hzsyl3czwxh0geuem5hdmeiaavma45z2, Quarantined, [fdbc287b4d2e94a2c27bc3e550b2bb45],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hzsyl3czwxh0geuem5hdmeiaavma45z2\1.21.0.0, Quarantined, [fdbc287b4d2e94a2c27bc3e550b2bb45],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor, Quarantined, [97227b28f8831323011fccdda06227d9],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}, Quarantined, [635672315625c571c5b75a63f11153ad],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome, Quarantined, [635672315625c571c5b75a63f11153ad],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content, Quarantined, [635672315625c571c5b75a63f11153ad],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin, Quarantined, [635672315625c571c5b75a63f11153ad],
    PUP.Optional.Extutil.A, C:\Users\tatiana\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [9920861d374469cd64b0e2de3cc64ab6],
    PUP.Optional.Managera.A, C:\Users\tatiana\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [7643079c1f5c48eec64f368a7b878a76],

    Files: 133
    PUP.Optional.SevereWeatherAlerts.A, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe, Delete-on-Reboot, [22972a796a111521450a79e67c85c63a],
    PUP.Optional.SevereWeatherAlerts.A, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe, Delete-on-Reboot, [f4c58b18b0cb1b1b54fca2bd2fd2a65a],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor\Arcadeparlor.dll, Quarantined, [49705b48e69594a20cd4890e887aa45c],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\uninstall.exe, Quarantined, [5465a8fbd2a968cec3b9170cc33d0bf5],
    PUP.Optional.WeCare.A, C:\Windows\Installer\a8c37.msi, Quarantined, [e4d5584b4b30cd69aa474bd30af61ae6],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}Gw64.sys, Quarantined, [7f3a03a0186322144b3e9830659d23dd],
    PUP.Optional.Boost.A, C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Quarantined, [06b3445f7ffc191d6c470bbf729010f0],
    PUP.Optional.Boost.A, C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Quarantined, [baffabf8c6b542f4b0034d7d15edcc34],
    PUP.Optional.GreatArcadeHits.A, C:\Windows\System32\Tasks\GreatArcadeHits, Quarantined, [ac0df2b1b9c2f44211834689e0223ec2],
    PUP.Optional.ArcadeParlor.A, C:\Windows\System32\Tasks\ArcadeParlor, Quarantined, [9a1fe5be7dfeba7c990bdbf4ef13da26],
    PUP.Optional.GreatArcadeHits.A, C:\Windows\Tasks\GreatArcadeHits.job, Quarantined, [e7d2d6cd7308d75fbc3e3db734ce6e92],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe.config, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp0.dat, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\ICSharpCode.SharpZipLib.dll, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\mod.SevereWeatherAlertsApp0.dat, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll, Delete-on-Reboot, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsBrowser.exe, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsK.dat, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsU.dat, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\SWAUpdater.exe, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.0.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.1.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.10.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.11.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.12.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.13.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.14.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.15.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.16.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.17.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.18.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.19.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.2.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.20.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.21.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.22.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.23.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.24.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.25.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.27.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.28.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.29.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.3.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.30.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.31.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.32.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.33.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.34.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.35.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.36.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.37.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.38.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.39.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.4.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.40.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.41.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.42.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.43.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.26.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.44.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.45.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.46.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.47.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.48.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.49.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.5.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.50.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.51.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.52.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.53.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.54.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.55.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.56.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.57.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.58.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.59.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.6.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.60.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.61.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.62.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.63.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.64.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.65.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.66.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.67.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.68.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.69.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.7.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.70.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.71.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.8.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0120113349\3643.9.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0316122505\3696.3696.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0316122505\mergetree, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0321225405\3702.3702.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0321225405\mergetree, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.0.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.1.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.10.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.11.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.12.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.13.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.2.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.3.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.4.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.5.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.6.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.7.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.8.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\3756.9.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0514183830\mergetree, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\0717143001\3817.3817.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1116224855\3573.3573.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1116224855\mergetree, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1218174621\3605.3605.tmp, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\SevereWeatherAlerts\1218174621\mergetree, Quarantined, [befb366dbdbe82b42a79a8652fd5b749],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts\Severe Weather Alerts.lnk, Quarantined, [e1d822811d5e55e1d1d3bd50b05404fc],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk, Quarantined, [9c1d8b18dba05dd99e0714f9d133c040],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk, Quarantined, [6752b8ebc5b644f2ddc8a66756aef808],
    PUP.Optional.ArcadeParlor.A, C:\Windows\Tasks\ArcadeParlor.job, Quarantined, [18a1f0b3f3883204475bd74630d423dd],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}w64.sys, Quarantined, [5c5d1f84daa175c1087c8d9b07fdc33d],
    PUP.Optional.SevereWeatherAlerts, C:\Users\tatiana\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hzsyl3czwxh0geuem5hdmeiaavma45z2\1.21.0.0\user.config, Quarantined, [fdbc287b4d2e94a2c27bc3e550b2bb45],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor\ap.config, Quarantined, [97227b28f8831323011fccdda06227d9],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor\broker.exe, Quarantined, [97227b28f8831323011fccdda06227d9],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor\removal.exe, Quarantined, [97227b28f8831323011fccdda06227d9],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Local\ArcadeParlor\versioncheck.exe, Quarantined, [97227b28f8831323011fccdda06227d9],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome.manifest, Quarantined, [635672315625c571c5b75a63f11153ad],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\icon.png, Quarantined, [635672315625c571c5b75a63f11153ad],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\install.rdf, Quarantined, [635672315625c571c5b75a63f11153ad],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content\arcadeparlor.js, Quarantined, [635672315625c571c5b75a63f11153ad],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content\browser.xul, Quarantined, [635672315625c571c5b75a63f11153ad],
    PUP.Optional.ArcadeParlor.A, C:\Users\tatiana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin\style.css, Quarantined, [635672315625c571c5b75a63f11153ad],
    PUP.Optional.Dsrlte.A, C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage": "http://rts.dsrlte.com",), Replaced,[3386990a2f4c3303008ea2400400df21]

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    wowssa
    we found a ton of nasty on your computer.

    Might want to consider at least a free anitivirus program to help secure it in the future.


    uninstall/remove from your programs list if they are still there.
    Ask Toolbar
    glindorus 1.0.0
    Plus-HD-1.6
    Severe Weather Alerts


    Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
    If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

    Internet Explorer
    How to reset Internet Explorer settings

    Firefox
    Click on Help / Troubleshooting Information then click on the Reset Firefox button.

    Chrome
    Chrome - Reset browser settings

    Opera
    How to Perform a (really) clean Reinstall of Opera

    *************************

    How is your computer now?

    Please Run TFC by OldTimer to clear temporary files:

    Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
    and save it to your desktop.

    Close any open programs and Internet browsers.
    Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
    Please be patient as clearing out temp files may take a while.
    Once it completes you may be prompted to restart your computer, please do so.
    Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


    *********************

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member the1dbg's Avatar
    Join Date
    Jul 2008
    Posts
    45

    Default Eset Log

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir Win32/Bundled.Toolbar.Ask.E potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2\Source\program files\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\glindorusUn.exe.vir probably a variant of MSIL/BrowseFox.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\glindorusUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.I potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\glindorusBAApp.dll.vir a variant of Win32/BrowseFox.I potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\{26d264d2-014c-4f07-bf2c-ebf9aed40cef}.dll.vir a variant of Win32/BrowseFox.K potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.Bromon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.BroStats.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.BrowserAdapterS.dll.vir probably a variant of MSIL/BrowseFox.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.CompatibilityChecker.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.FFUpdate.dll.vir a variant of MSIL/BrowseFox.E potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.IEUpdate.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.OfSvc.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.PurBrowse.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.PurBrowseG.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\glindorus\bin\plugins\glindorus.Repmon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\hk64tbInst.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\hktbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\Installl_Converter_AToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\ldrtbInst.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\prxtbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Installl_Converter_A\tbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bg.exe.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.dll.vir probably a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.dll.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe.vir a variant of Win32/Toolbar.CrossRider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-helper.exe.vir probably a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe.vir a variant of Win32/Toolbar.CrossRider.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hk64tbIns0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hk64tbIns2.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hk64tbInst.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hktbIns0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hktbIns2.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\hktbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\ldrtbIns0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\ldrtbIns2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\ldrtbInst.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\tbIns0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\tbIns1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\tbIns2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\tbInst.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\tatiana\AppData\LocalLow\Installl_Converter_A\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
    C:\FRST\Quarantine\C\Program Files (x86)\glindorus\updateglindorus.exe.xBAD a variant of Win32/BrowseFox.H potentially unwanted application
    C:\FRST\Quarantine\C\Program Files (x86)\glindorus\bin\glindorus.BrowserAdapter.exe.xBAD a variant of Win32/BrowseFox.I potentially unwanted application
    C:\FRST\Quarantine\C\Program Files (x86)\glindorus\bin\glindorus.PurBrowse64.exe.xBAD a variant of Win64/BrowseFox.A potentially unwanted application
    C:\FRST\Quarantine\C\Program Files (x86)\glindorus\bin\utilglindorus.exe.xBAD a variant of Win32/BrowseFox.H potentially unwanted application
    C:\FRST\Quarantine\C\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll Win32/Toolbar.Conduit.Y potentially unwanted application
    C:\FRST\Quarantine\C\Users\tatiana\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll Win32/Toolbar.Conduit.Y potentially unwanted application
    C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
    C:\Windows\Installer\80174.msi a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    As expected we have everything located in quarantine folders.

    How is your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Still with me?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Glad we could help.

    Since this issue appears resolved ... this Topic is closed.
    -----------------------------------------------------------
    Admin Edit
    Thank you Juliet.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •