Jump to content

Can't remove MySearchDial


Recommended Posts

I recently purchased Malwarebytes Anti-Malware and after running it for the first time, it did find some items. I chose to quarantine all. Since then I have run the scan again and the some of the same files are coming up. All of them are:  PUP.Optional.MySearchDial.A

 

I was going to post them but upon submission, it stated they were too long. I have attached them instead.

FRST.txt

Addition.txt

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

I ran Malwarebytes 2.0 and quarantined items as directed.

Downloaded and ran RogueKiller. I did not find the report on my desktop so I clicked on "report" and that is what I am pasting below:

 

 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JJE [Admin rights]
Mode : Scan -- Date : 06/22/2014  02:14:54

¤¤¤ Bad processes : 2 ¤¤¤
[suspicious.Path] EvernoteClipper.exe -- D:\Users\JJE\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe[7] -> KILLED [TermProc]
[suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\JJE\AppData\Local\Temp\ALSysIO64.sys[x] -> STOPPED

¤¤¤ Registry Entries : 12 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6F960E35-229E-4F11-BE97-40A1A85B02B5} | DhcpNameServer : 10.0.1.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6F960E35-229E-4F11-BE97-40A1A85B02B5} | DhcpNameServer : 10.0.1.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6F960E35-229E-4F11-BE97-40A1A85B02B5} | DhcpNameServer : 10.0.1.1  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4162722641-2444669028-1401190998-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4162722641-2444669028-1401190998-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[suspicious.Path][File] EvernoteClipper.lnk -- C:\Users\JJE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [LNK@] D:\Users\JJE\AppData\Local\Apps\Evernote\Evernote\EVERNO~2.EXE -> FOUND

¤¤¤ HOSTS File : 15 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sea.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sjc0.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][CHROME:Addon] Default : Speed Dial [dgpdioedihjhncjafcpgbbjdpbbkikmi] -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: JohnsRaid +++++
--- User ---
[MBR] 6709a49941390cb5df87914fef893ff7
[bSP] 37b2e3b86d006ac0d156385bbaf4c079 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907631 MB
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive1: SAMSUNG HD103SJ +++++
--- User ---
[MBR] 327270d7b1af85e870533ccdf39cd4d2
[bSP] 44d840294c9e34c7f18eafc614b2e4df : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG HD103SJ +++++
--- User ---
[MBR] 884cf37416ccd27b413e4debabc75565
[bSP] bfc2b048cee0843a02975ee481037c7f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: INTEL SSDSC2MH120A2 +++++
--- User ---
[MBR] 1820a293500fa3dcf44b9d2a18a344c1
[bSP] 47906bf8d093541efb9247b52d995896 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114471 MB
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites

Why are these in your host file:
 

¤¤¤ HOSTS File : 15 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sea.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sjc0.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com

 



MrC

Link to post
Share on other sites

Apologies for my ignorance but I'm only marginally computer competent. I have no idea what those are or what they are doing in my host file. For that matter, I don't know what a host file really is. Sorry.  Some years ago I purchased an adobe program. The one that lets you make pdf files. Anyway, Because the software was so cheap and the instructions were strange, I think that maybe this could have something to do with it. Could this code prevent a compromised legitimate piece of software from actually making contact with the true company? That would be my guess. That software is no longer being used so it can be removed.

Link to post
Share on other sites

The items in your host file are there to by-pass Adobe products activation. (AKA: Piracy)
Before we continue you have to uninstall all those Adobe programs except these:

Adobe Flash Player 13 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader 9

Then.........

Please go to the link below, download and run Fixit:
http://support.microsoft.com/kb/972034 <---reset host file fixit

Now re-scan with FRST and make sure the Addition Box is checked.
Post or attach the 2 logs.

MrC

Link to post
Share on other sites

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    -------------------------

    Please uninstall: CCleaner Packages
    http://www.herdprotect.com/uninstaller.exe-9f82bb5dc8d4ec6b8b2bb47cb6c329b8af1c14ce.aspx
    http://www.shouldiremoveit.com/CCleaner-Packages-94804-program.aspx

    ------------------------

    Download the attached fixlist.txt to the same folder as FRST.exe.
    Run FRST.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ----------------------------

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........


    If you're using Malwarebytes 2.0, please run a Threat Scan
    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine All that's found

    Let me know what problems remain and in which browser, MrC
Link to post
Share on other sites

 

Potential problem here and I want to make sure I do this right. I went to control panel and used the add/remove programs to try and uninstall CCleaner Packages. I highlighted it and clicked on "Run Uninstaller" from the windows options on the right side. Upon doing this, a window popped up titled Uninstall Manager. At the bottom of this window there was a small box that could be checked and text to the right of it stating, "Remove this manager from Add/Remove programs. The only other option was a button on the right bottom corner called "Close".  My concern is that there was no option when this window popped up to uninstall the program. The window which looked to be part of CCleaner Packages had the checkbox option to Remove this manager from the Add/Remove programs, which I take to mean that by checking this box, it will then hide the program from the Add/Remove programs in Windows but still remain on the computer.

 

I'm not exactly sure what to do at this point. I will research in google but if you happen to know, please assist. thanks.

Link to post
Share on other sites

Edit post above. I originally tried to uninstall the program from the Windows pane but after highlighting and clicking "Uninstall/Change" from the top of Windows, a Windows warning came up asking if I wanted to allow uninstaller.exe from an unknown publisher to execute. I selected no and then the window called uninstall manager popped up.

 

I then tried using the actual CCleaner program to uninstall the CCleaner Pakages but that did not work either.

 

Im just not sure whether to allow unistaller.exe to execute. Is this a Windows program? It said unknown publisher so I was hesitant. Please advise.

Link to post
Share on other sites

Lets do it this way:

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :FolderfindCCleaner Packages
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff
Log created at 10:45 on 23/06/2014 by JJE
Administrator - Elevation successful

========== Folderfind ==========

Searching for "CCleaner Packages"
C:\Users\JJE\AppData\Roaming\0S1F1O2Z0S2Y1H1T\CCleaner Packages    d------    [03:22 22/03/2014]
C:\Users\JJE\Application Data\0S1F1O2Z0S2Y1H1T\CCleaner Packages    d------    [03:22 22/03/2014]

-= EOF =-

Link to post
Share on other sites

Okay, so could these two entries be the same entry? I did go into folders and clicked to show hidden folders. then I went to the AppData folder and found the 0S1F1O2Z0S2Y1H1T. Inside it was another folder called CCleaner Packages. I tried to delete this folder but it denied me and said it was in use. I then used FileAssassin to delete the file uninstaller.exe inside the CCleaner Packages folder. After I deleted uninstaller.exe, I tried to delete the CCleaner Packages folder but even though it was empty it is still reporting that the folder or a file in it is open in another program. Not sure how that can be when the folder is empty. Still working on this. As far as the other entry, I cannot find a folder called Application Data.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by JJE at 2014-06-23 12:26:26 Run:1
Running from C:\Users\JJE\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\JJE\AppData\Roaming\0S1F1O2Z0S2Y1H1T
C:\Users\JJE\Application Data\0S1F1O2Z0S2Y1H1T
*****************

C:\Users\JJE\AppData\Roaming\0S1F1O2Z0S2Y1H1T => Moved successfully.
"C:\Users\JJE\Application Data\0S1F1O2Z0S2Y1H1T" => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

Results of AdwCleaner:

 

# AdwCleaner v3.213 - Report created 23/06/2014 at 12:53:00
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : JJE - JJE-FRACTAL-PC
# Running from : C:\Users\JJE\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : SCBackService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Users\JJE\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\JJE\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\Users\JJE\AppData\Roaming\Mozilla\Firefox\Profiles\atkpjxrh.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKLM\Software\Freeze.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v7.0.1 (en-US)

[ File : C:\Users\JJE\AppData\Roaming\Mozilla\Firefox\Profiles\atkpjxrh.default\prefs.js ]

Line Deleted : user_pref("extensions.irmysearch.aflt", "suma_14_12_ff");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtByDtBtB0E0BtCzytB0AtCtBtC0DtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0DtAyEtDtA0EtGtBtDyBtCt[...]
Line Deleted : user_pref("extensions.irmysearch.cr", "1457772844");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_a");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "suma_14_12_ff");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByDtBtB0E0BtCzytB0AtCtBtC0DtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0DtAyEtDtA0EtGtBtDyBt[...]
Line Deleted : user_pref("extensions.mysearchdial.cr", "1457772844");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_12_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0E0BtCzytB0AtCtBtC0DtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyE[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "002522EB192A121D");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16150");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_a");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=suma_14_12_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0E0BtCzytB0AtCtBtC0DtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutC[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=suma_14_12_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0E0BtCzytB0AtCtBtC0DtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.020:22:58");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : dgpdioedihjhncjafcpgbbjdpbbkikmi
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [10243 octets] - [23/06/2014 12:48:18]
AdwCleaner[s0].txt - [10227 octets] - [23/06/2014 12:53:00]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10288 octets] ##########

 

 

Results of JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by JJE on Mon 06/23/2014 at 13:01:17.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [service] wcuservice_stc_ie
Successfully deleted: [service] wcuservice_stc_ie



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/23/2014 at 13:05:04.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Will now be starting Malwarebytes Threat scan
 

Link to post
Share on other sites

The good news......

 

The original issue has been resolved. MySearchDial is gone.

 

The bad news.....

 

There are a bunch of new entries from Chrome. I don't use Chrome and so I'm not sure if it's an issue or not. Maybe you can take a look and let me know what you think. Thanks.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/23/2014
Scan Time: 1:14:27 PM
Logfile: malbyteslog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.23.12
Rootkit Database: v2014.06.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JJE

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281585
Time Elapsed: 3 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 28
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ca, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\cn, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\de, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\en, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\es, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\fr, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\it, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ja, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\jp, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\uk, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\us, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\zh, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\de, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\en, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\en_GB, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\es, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\fr, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\it, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\ja, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\zh, , [5296f88391ea7abce663ffa86999e917],

Files: 72
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\background.html, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\expander.html, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\linktemplate.html, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\manifest.json, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\pushdown.html, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\background.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\browserSpecific.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\injectBookmarkletWrapper.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\install.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\localeTools.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\settingsHandler.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\stringProcessor.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\strings.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\inject_bookmarklet.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\isProduct.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\pushdownContent.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\pushDownRun.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\runIsProduct.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\tests.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\action.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\close.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\demo.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\glow.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\icon128.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\icon16.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\icon32.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\icon48.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\icon64.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\shims_pushdown.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\settings.css, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\settings.html, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\settings.js, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ca\amazon.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ca\footer.gif, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\cn\amazon.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\cn\footer.gif, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\de\amazon.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\de\footer.gif, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\de\save.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\de\wishlist.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\en\save.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\en\wishlist.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\es\amazon.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\es\footer.gif, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\es\save.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\es\wishlist.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\fr\amazon.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\fr\footer.gif, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\fr\save.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\fr\wishlist.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\it\amazon.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\it\footer.gif, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\it\save.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\it\wishlist.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ja\save.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ja\wishlist.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\jp\amazon.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\jp\footer.gif, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\uk\amazon.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\uk\footer.gif, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\us\amazon.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\us\footer.gif, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\zh\save.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\zh\wishlist.png, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\de\messages.json, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\en\messages.json, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\en_GB\messages.json, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\es\messages.json, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\fr\messages.json, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\it\messages.json, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\ja\messages.json, , [5296f88391ea7abce663ffa86999e917],
PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\zh\messages.json, , [5296f88391ea7abce663ffa86999e917],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.