Sponsored By

Catherine

Members
  • Content Count

    11
  • Joined

  • Last visited

About Catherine

  • Rank
    Member
  1. No the 2 things were not on the uninstall/install list. Computer is running great!! No pop ups or anything!
  2. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5239903F-EA48-456A-A1F8-0E737E1E7093}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5239903F-EA48-456A-A1F8-0E737E1E7093}\ not found. Registry key HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully. C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions folder moved successfully. C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\extensions folder moved successfully. C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX\components folder moved successfully. C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX\Chrome folder moved successfully. C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX folder moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job moved successfully. C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job moved successfully. ADS C:\ProgramData\Temp:4EE95FE7 deleted successfully. ADS C:\ProgramData\Temp:30C74695 deleted successfully. ADS C:\ProgramData\Temp:A2A602F0 deleted successfully. ADS C:\ProgramData\Temp:94BD36A2 deleted successfully. ADS C:\ProgramData\Temp:D346F792 deleted successfully. ADS C:\ProgramData\Temp:9F38BF31 deleted successfully. ADS C:\ProgramData\Temp:E8B61305 deleted successfully. ADS C:\ProgramData\Temp:C72A744C deleted successfully. ADS C:\ProgramData\Temp:C7A094AF deleted successfully. ADS C:\ProgramData\Temp:63ABD638 deleted successfully. ADS C:\ProgramData\Temp:25FF8A61 deleted successfully. ADS C:\ProgramData\Temp:D4E0D1F1 deleted successfully. ADS C:\ProgramData\Temp:EFBD4447 deleted successfully. ADS C:\ProgramData\Temp:DA84DA4A deleted successfully. ADS C:\ProgramData\Temp:943FEF5D deleted successfully. ADS C:\ProgramData\Temp:EC2C753C deleted successfully. ADS C:\ProgramData\Temp:62D72D41 deleted successfully. ADS C:\ProgramData\Temp:E4E83517 deleted successfully. ADS C:\ProgramData\Temp:373E1720 deleted successfully. ADS C:\ProgramData\Temp:A7DA2BCD deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Catherine ->Java cache emptied: 51034 bytes User: Default User: Default User User: Guest User: Public User: Tom ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Catherine ->Flash cache emptied: 3611 bytes User: Default User: Default User User: Guest ->Flash cache emptied: 798 bytes User: Public User: Tom ->Flash cache emptied: 891 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Catherine ->Temp folder emptied: 183433656 bytes ->Temporary Internet Files folder emptied: 93147528 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 270685980 bytes ->Google Chrome cache emptied: 372175295 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 25812201 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Tom ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 6115831 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 22353787 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 79232847 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 666871829 bytes Total Files Cleaned = 1,640.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04282015_110547 Files\Folders moved on Reboot... C:\Users\Catherine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  3. Results of screen317's Security Check version 1.00 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Computer Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 17.0.0.169 Google Chrome 36.0.1985.125 Google Chrome out of date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Charter Security Suite apps ComputerSecurity Anti-Virus\FSGK32.EXE Charter Security Suite apps ComputerSecurity Anti-Virus\fssm32.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  4. OTL Extras logfile created on: 4/27/2015 9:20:49 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Catherine\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17728) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.80% Memory free 7.49 Gb Paging File | 5.06 Gb Available in Paging File | 67.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282.82 Gb Total Space | 206.71 Gb Free Space | 73.09% Space Free | Partition Type: NTFS Drive D: | 14.98 Gb Total Space | 1.87 Gb Free Space | 12.51% Space Free | Partition Type: NTFS Drive E: | 3.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: CATHERINE-HP | User Name: Catherine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{212F01E6-CD8D-497C-B3A0-CB5B9DABC2F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{26227169-1D10-4AE2-9F7C-451BDFF48511}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{373A58E8-C1BB-47D7-8986-91CF37972AD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3BF99E4F-015B-4EE2-8146-92B3730F28BF}" = rport=445 | protocol=6 | dir=out | app=system | "{4495A9D7-E86C-4723-9CBE-7F294450CCA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5709672E-1CC6-4FAD-9768-51D4B8EEF4F2}" = rport=138 | protocol=17 | dir=out | app=system | "{5D0F8DE0-5465-4E98-9E24-C6D50D992A2B}" = lport=138 | protocol=17 | dir=in | app=system | "{5FE85E43-A246-482E-846C-A9B67A6BCDE7}" = lport=139 | protocol=6 | dir=in | app=system | "{6D9EBBDB-CCD1-4F55-976F-A98A7E231428}" = lport=445 | protocol=6 | dir=in | app=system | "{761F8376-220A-42F6-B8FD-3CF0D5F444EB}" = rport=139 | protocol=6 | dir=out | app=system | "{8B863AA4-1253-4BDA-8042-EDAAF4ED9EA6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8D068EBF-2C5F-49BD-A53E-EFA6800A9CC1}" = lport=137 | protocol=17 | dir=in | app=system | "{ACFF1D29-6DF8-465B-8112-6AB2786C761B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{B1129A83-15F0-43CF-8877-A02D26B432C0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{CE52B5B1-276D-4A90-A54E-228A789E0E9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D17FCD55-D283-493A-B664-E5C74197E343}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0023F4AC-9C35-44E3-8A60-4C3EFE56E6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0B097130-8F73-48BC-A08F-4CCE3280C6E2}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe | "{0BBFE853-993F-4DC0-B0DB-0D70ED32D6BE}" = protocol=58 | dir=out | [email protected],-28546 | "{1C08DEF9-9602-4609-8984-602EA93BEA40}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe | "{1DD0D249-EFDF-47B2-AE22-8A0B9E307A38}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{2ADD8651-C2AC-4541-9AC0-2236417C04C9}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe | "{36A89647-696F-4B72-8F38-BB690BA04CB4}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | "{3729B70A-544C-47B9-9076-28BE8FDB045D}" = protocol=58 | dir=in | [email protected],-28545 | "{44AE4932-A859-4F9F-9742-345C8DD2767E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{53CA439B-33E0-474B-8D29-031E9039FFA4}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe | "{7A281551-6A8D-499E-8E56-6A65B9B7CA89}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | "{7C60CEBE-44AE-442A-B883-EE68F6EFED10}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{87148635-2069-4492-8C92-8FE862FE1D31}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe | "{929D2BB5-9BDD-4560-A6DF-8D5DA298E00C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{A432C1F1-CA65-409E-8007-A090F53C8F06}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | "{ABA3E82F-1B24-4B86-B03F-BEA5311F8EB9}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | "{D0F9D0B6-50A4-4B9C-BD68-DD57205A6D76}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | "{D3E0E7C4-49D4-4C0B-9DA9-F17BD5E8BB8C}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | "{E40D21BF-A931-45B6-B48E-131F5A396E29}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe | "{E606A195-08AB-458C-9496-1A554FA277D0}" = protocol=1 | dir=in | [email protected],-28543 | "{F49CE8AC-82C8-42E8-AD45-F4F7ED211C1D}" = protocol=1 | dir=out | [email protected],-28544 | "TCP Query User{3D9742ED-FA38-44C5-A4AB-3A3A7F6B89F3}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | "UDP Query User{27B362CA-AB8B-4796-AE5B-ADBA9D05DF39}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{53BA6504-F1CE-4604-970A-082021D39784}" = F-Secure CCF Scanning 1.51.112.309 (release) "{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 14.121.102.0 (release) "{6C7CA47E-11FC-4309-B602-12571A9BDD5B}" = Charter Security Suite "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B50345AE-60D0-48D7-AFD2-F0B1A07F2294}" = F-Secure SafeSearch 1.03.159.0 (release) "{D6D865A5-2703-4B26-A0AA-30B29C0696BC}" = Online Safety 2.115.2786.1676 "{EFE33E35-9B0B-4CF9-AF8C-CBE93BB8E6FF}" = F-Secure Network CCF 1.03.102 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI "F-Secure ServiceEnabler 42626" = Charter Security Suite "Google Chrome" = Google Chrome "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.6.1022 "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/27/2015 9:08:59 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure DeepGuard | ID = 103 Description = 21 2015-04-27 19:08:58-06:00 CATHERINE-HP SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\program files\reimage\reimage protector\reiguard.exe File hash: d58870535ebc629fcbd1122d929d851cf1804e7f Error - 4/27/2015 9:29:31 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 1 2015-04-27 19:29:31-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume2\Windows\Tasks\GoogleUpdateTaskMachineCore.job Error - 4/27/2015 9:56:59 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 1 2015-04-27 19:56:59-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Bundler Object: C:\Users\Catherine\Downloads\Java(2).exe Error - 4/27/2015 9:57:19 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 2 2015-04-27 19:57:19-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Bundler Object: C:\Users\Catherine\Downloads\Flash_Setup.exe Error - 4/27/2015 9:57:43 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 3 2015-04-27 19:57:43-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26263\ytdi_bf4fca0ff8_setup.exe. Infection: Trojan.GenericKD.2079214 Action: The file was quarantined. Error - 4/27/2015 9:57:44 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 4 2015-04-27 19:57:44-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26312\ytdi_bf4fca0ff8_setup.exe. Infection: Trojan.GenericKD.2079214 Action: The file was quarantined. Error - 4/27/2015 9:57:44 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 5 2015-04-27 19:57:44-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26364\ytdi_bf4fca0ff8_setup.exe. Infection: Trojan.GenericKD.2079214 Action: The file was quarantined. Error - 4/27/2015 9:57:45 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 6 2015-04-27 19:57:45-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26413\ytdi_bf4fca0ff8_setup.exe. Infection: Trojan.GenericKD.2079214 Action: The file was quarantined. Error - 4/27/2015 10:24:52 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 7 2015-04-27 20:24:52-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Bundler Object: C:\Users\Catherine\Downloads\Flash_Setup.exe Error - 4/27/2015 10:25:16 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 8 2015-04-27 20:25:16-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Bundler Object: C:\Users\Catherine\Downloads\Flash_Setup.exe [ Hewlett-Packard Events ] Error - 1/21/2012 7:01:01 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011221040051.xml File not created by asset agent Error - 4/27/2012 5:44:19 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0 Description = Error - 7/20/2012 4:44:08 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071220024400.xml File not created by asset agent Error - 9/15/2012 9:24:19 AM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091215072411.xml File not created by asset agent Error - 3/29/2013 12:07:01 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031329100653.xml File not created by asset agent Error - 4/26/2013 8:23:56 PM | Computer Name = Catherine-HP | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Message: Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3834 Ram Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties() [ HP Software Framework Events ] Error - 11/14/2013 6:26:33 PM | Computer Name = Catherine-HP | Source = hpqWmiEx | ID = 5 Description = 2013/11/14 15:26:33.801|000015E0|Error |ChpqWmiExModule::Start|The hpqwmiex service failed to start (1063). A system restart may correct this problem. [ HP Wireless Assistant Events ] Error - 8/7/2013 12:33:46 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 5/24/2014 6:41:33 AM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 7/9/2014 7:12:54 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 7/19/2014 5:53:43 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 8/23/2014 5:15:19 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 9/6/2014 5:15:35 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 9/17/2014 6:08:46 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 2/12/2015 5:57:25 PM | Computer Name = Catherine-HP | Source = HP WA Application | ID = 0 Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args) Error - 2/12/2015 5:57:28 PM | Computer Name = Catherine-HP | Source = HP WA Application | ID = 0 Description = MainWindow.ShowImpl; not initialized, closing application... Error - 4/7/2015 11:03:31 AM | Computer Name = Catherine-HP | Source = HP WA Application | ID = 0 Description = System.Exception HardwareAccess hasn't been instantiated properly. at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme) [ System Events ] Error - 4/27/2015 9:29:32 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7031 Description = The F-Secure Dll Hoster service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error - 4/27/2015 9:29:33 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7034 Description = The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s). Error - 4/27/2015 9:29:34 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7034 Description = The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s). Error - 4/27/2015 9:29:57 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 4/27/2015 9:29:58 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7034 Description = The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s). Error - 4/27/2015 9:29:59 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7031 Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 4/27/2015 9:30:27 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: %%1056 Error - 4/27/2015 9:36:35 PM | Computer Name = Catherine-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll Error - 4/27/2015 9:36:38 PM | Computer Name = Catherine-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll Error - 4/27/2015 9:36:38 PM | Computer Name = Catherine-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll < End of report >
  5. OTL logfile created on: 4/27/2015 9:20:49 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Catherine\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17728) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.80% Memory free 7.49 Gb Paging File | 5.06 Gb Available in Paging File | 67.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282.82 Gb Total Space | 206.71 Gb Free Space | 73.09% Space Free | Partition Type: NTFS Drive D: | 14.98 Gb Total Space | 1.87 Gb Free Space | 12.51% Space Free | Partition Type: NTFS Drive E: | 3.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: CATHERINE-HP | User Name: Catherine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015/04/27 21:17:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Downloads\OTL.scr PRC - [2015/04/14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2015/04/14 09:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2015/04/14 09:36:20 | 006,212,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2015/04/14 08:36:32 | 001,263,144 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe PRC - [2015/04/14 08:36:29 | 000,690,216 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe PRC - [2015/03/09 08:31:56 | 000,060,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe PRC - [2014/10/06 16:07:08 | 000,187,432 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe PRC - [2014/09/18 04:29:04 | 000,310,312 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE PRC - [2014/09/18 04:29:04 | 000,216,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE PRC - [2014/07/15 03:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2012/03/22 15:18:30 | 000,219,056 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe PRC - [2011/12/12 16:53:22 | 000,052,952 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe PRC - [2010/12/11 01:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe ========== Modules (No Company Name) ========== MOD - [2015/02/04 11:12:58 | 000,592,936 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll MOD - [2014/09/18 04:28:54 | 000,056,360 | ---- | M] () -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\FSGUI\fsavures.eng MOD - [2014/07/15 03:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll MOD - [2014/07/15 03:24:46 | 014,664,008 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll MOD - [2014/07/15 03:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll MOD - [2014/07/15 03:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll MOD - [2014/07/15 03:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll MOD - [2014/07/15 03:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll MOD - [2012/03/22 15:18:36 | 001,049,320 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll MOD - [2012/03/22 15:18:36 | 000,727,784 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll MOD - [2012/03/22 15:18:36 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin MOD - [2012/03/22 15:18:36 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin MOD - [2012/03/22 15:18:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin MOD - [2012/03/22 15:18:36 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin MOD - [2012/03/22 15:18:36 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin MOD - [2012/03/22 15:18:34 | 000,892,136 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\UIToolkit.dll MOD - [2012/03/22 15:18:34 | 000,629,480 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Toolkit.dll MOD - [2012/03/22 15:18:34 | 000,399,080 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\WebClient.dll MOD - [2012/03/22 15:18:34 | 000,123,112 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\System.dll MOD - [2012/03/22 15:18:32 | 000,148,712 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\pcre3.dll MOD - [2012/03/22 15:18:32 | 000,061,160 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DriveDetector.dll MOD - [2012/03/22 15:18:32 | 000,051,432 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Preferences.dll MOD - [2012/03/22 15:18:30 | 000,376,040 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Device.dll MOD - [2012/03/22 15:18:30 | 000,249,064 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DB.dll MOD - [2012/03/22 15:18:30 | 000,219,056 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe MOD - [2012/03/22 15:18:30 | 000,132,840 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Discovery.dll MOD - [2012/03/22 15:18:30 | 000,099,560 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ComCore.dll MOD - [2011/12/12 16:53:22 | 000,052,952 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe MOD - [2010/11/22 16:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010/11/22 16:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010/11/22 16:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ========== Services (SafeList) ========== SRV - [2015/04/21 11:01:24 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015/04/14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015/04/14 09:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2015/04/08 15:24:27 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2015/03/09 08:31:56 | 000,060,456 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient) SRV - [2014/10/06 16:07:08 | 000,187,432 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe -- (fshoster) SRV - [2014/09/18 04:29:04 | 000,216,104 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA) SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2013/03/25 09:20:50 | 000,520,360 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted) SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012/03/22 15:18:30 | 000,055,728 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe) SRV - [2011/06/24 11:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc) SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service) ========== Driver Services (SafeList) ========== DRV - [2015/04/16 09:21:25 | 000,090,152 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys -- (fsni) DRV - [2015/04/14 08:36:32 | 000,071,080 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2015/02/24 15:42:35 | 000,208,424 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2014/09/18 04:29:02 | 000,013,352 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U150&ocid=U150DHP IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 01 37 90 CE 66 CE 01 [binary data] IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\{5239903F-EA48-456A-A1F8-0E737E1E7093}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131148,20028,0,71,0 IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\Yahoo: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iwin IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT3239904.browser.search.defaultthis.engineName: true FF - prefs.js..CT3286042.browser.search.defaultthis.engineName: "true" FF - prefs.js..CT3289663.browser.search.defaultthis.engineName: "true" FF - prefs.js..CT3289847.browser.search.defaultthis.engineName: "true" FF - prefs.js..CT3298570.browser.search.defaultthis.engineName: "true" FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.order.1: "Ask Search" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: pluswinks%40PlusWinks:3.0.0.0 FF - prefs.js..extensions.enabledAddons: msntoolbar%40msn.com:6.0 FF - prefs.js..extensions.enabledAddons: 0c822a17-a68f-4066-9257-d229458d21ca%409c178d17-dc61-4aaf-b2da-1425ac7300ac.com:0.95.145 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0 FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={3740200A-D7A6-4D90-A4DF-EBE0BB8308AF}&Version=3.6.5&Vintage=20120416&Defaultbrowserid=28&Productid=157&Vendorid=4880&Offerid=6894&searchterm=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/05 09:02:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/05 09:02:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/31 09:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/31 09:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{66f888e9-4011-4d6d-8e71-876089e7c956}: C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2015/02/04 11:21:46 | 000,000,000 | ---D | M] [2013/06/04 16:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions [2015/04/27 19:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\extensions [2013/06/03 07:25:35 | 000,001,793 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\searchplugins\Bing.xml [2011/03/05 09:02:23 | 000,000,000 | ---D | M] (Bing Bar) -- C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX File not found (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3DKT76NV.DEFAULT\EXTENSIONS\[email protected]5AC7300AC.COM File not found (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3DKT76NV.DEFAULT\EXTENSIONS\[email protected] [2013/03/31 09:26:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll ========== Chrome ========== CHR - plugin: Error reading preferences file CHR - Extension: Google Docs = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: Google Drive = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\ CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: YouTube = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\ CHR - Extension: Google Search = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\ CHR - Extension: RealDownloader = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Google Wallet = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\ CHR - Extension: Gmail = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2014/07/26 09:26:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Browsing Protection) - {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe () O4 - HKLM..\Run: [F-Secure Hoster (42626)] C:\Program Files (x86)\Charter Security Suite\fshoster32.exe (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation) O4 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: ecollege.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: kaplan.edu ([]* in Trusted sites) O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: kucourses.com ([]* in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED4A0A7E-FDE4-40D9-8D6E-CC71C8D5EC16}: DhcpNameServer = 69.144.127.53 71.10.216.1 71.10.216.2 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015/04/27 19:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2015/04/27 19:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2015/04/27 19:28:00 | 000,000,000 | ---D | C] -- C:\RegBackup [2015/04/16 13:46:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2015/04/16 13:46:30 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2015/04/16 13:46:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2015/04/16 13:46:30 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2015/04/16 13:46:29 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2015/04/16 13:46:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2015/04/16 13:45:50 | 003,920,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2015/04/16 13:45:49 | 003,976,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2015/04/16 13:45:47 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe [2015/04/16 13:45:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2015/04/16 13:45:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2015/04/16 13:45:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2015/04/16 13:45:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2015/04/16 13:45:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2015/04/16 13:45:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2015/04/16 13:45:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2015/04/16 13:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2015/04/16 13:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2015/04/16 13:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2015/04/16 13:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2015/04/16 13:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2015/04/16 13:45:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2015/04/16 13:45:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2015/04/16 13:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2015/04/16 13:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2015/04/16 13:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2015/04/16 13:45:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2015/04/16 13:45:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2015/04/16 13:45:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2015/04/16 13:45:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2015/04/16 13:45:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2015/04/16 13:45:42 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll [2015/04/16 13:45:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2015/04/16 13:45:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2015/04/16 13:45:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2015/04/16 13:45:40 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll [2015/04/16 13:45:39 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll [2015/04/16 13:45:06 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015/04/16 13:45:06 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2015/04/16 13:45:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2015/04/16 13:45:05 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015/04/16 13:45:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2015/04/16 13:44:59 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2015/04/16 13:44:59 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2015/04/16 13:44:58 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015/04/16 13:44:57 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2015/04/16 13:44:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2015/04/16 13:44:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2015/04/16 13:44:52 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2015/04/16 13:44:51 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2015/04/16 13:44:51 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2015/04/16 13:44:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll [2015/04/05 19:26:31 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX ========== Files - Modified Within 30 Days ========== [2015/04/27 21:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015/04/27 21:01:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2015/04/27 20:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015/04/27 20:50:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015/04/27 20:27:24 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus Startup.job [2015/04/27 20:27:24 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3 Startup Task.job [2015/04/27 20:27:20 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015/04/27 20:26:36 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2015/04/27 19:41:40 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015/04/27 19:28:07 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-CATHERINE-HP-Windows-7-Home-Premium-(64-bit).dat [2015/04/27 19:19:25 | 000,000,653 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_409E1657-ED37-11E4-B47E-64315086D795.job [2015/04/27 14:06:12 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCATHERINE-HP$.job [2015/04/22 11:01:03 | 000,033,799 | ---- | M] () -- C:\Users\Catherine\Desktop\John Conquer Root.rtf [2015/04/22 09:32:35 | 000,001,191 | ---- | M] () -- C:\Users\Catherine\Desktop\DOB15B81 Handouts - Shortcut.lnk [2015/04/22 09:32:04 | 000,001,273 | ---- | M] () -- C:\Users\Catherine\Desktop\Commonly Abused Drugs - Shortcut.lnk [2015/04/22 09:31:51 | 000,001,354 | ---- | M] () -- C:\Users\Catherine\Desktop\Drugs in the Detention Setting - Shortcut.lnk [2015/04/22 09:31:15 | 000,001,192 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions - Shortcut.lnk [2015/04/22 09:31:09 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions (3) - Shortcut.lnk [2015/04/22 09:31:03 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions (2) - Shortcut.lnk [2015/04/22 09:30:56 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions (1) - Shortcut.lnk [2015/04/22 09:29:21 | 000,001,489 | ---- | M] () -- C:\Users\Catherine\Desktop\Occupational Exposure to Bloodborne Pathogens - Shortcut.lnk [2015/04/22 09:29:13 | 000,001,255 | ---- | M] () -- C:\Users\Catherine\Desktop\LEApplicationPacket - Shortcut.lnk [2015/04/22 09:29:01 | 000,001,399 | ---- | M] () -- C:\Users\Catherine\Desktop\PHYSICAL TRAINING VERIFICATION FORM - Shortcut.lnk [2015/04/22 09:28:53 | 000,001,273 | ---- | M] () -- C:\Users\Catherine\Desktop\PRACTICAL ORIENTATION - Shortcut.lnk [2015/04/22 09:27:33 | 000,001,291 | ---- | M] () -- C:\Users\Catherine\Desktop\Wyo Criminal Procedures - Shortcut.lnk [2015/04/22 09:27:08 | 000,001,284 | ---- | M] () -- C:\Users\Catherine\Desktop\StudentCorr - Shortcut.lnk [2015/04/22 09:26:20 | 000,001,156 | ---- | M] () -- C:\Users\Catherine\Desktop\Overview - Shortcut.lnk [2015/04/22 09:25:31 | 000,001,273 | ---- | M] () -- C:\Users\Catherine\Desktop\Report Writing IL 4-b - Shortcut.lnk [2015/04/22 09:25:17 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\PHYSICAL FITNESS - Shortcut.lnk [2015/04/22 09:18:36 | 000,060,188 | ---- | M] () -- C:\Users\Catherine\Desktop\Completion Dates for Students (P).pdf [2015/04/22 09:17:41 | 000,563,379 | ---- | M] () -- C:\Users\Catherine\Desktop\DOB Instructional Objectives (P).pdf [2015/04/22 09:17:08 | 000,282,966 | ---- | M] () -- C:\Users\Catherine\Desktop\Information Guide.pdf [2015/04/21 11:01:23 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2015/04/21 11:01:23 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2015/04/20 09:47:10 | 000,793,542 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2015/04/13 07:40:50 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCatherine.job [2015/04/11 20:57:31 | 065,955,922 | ---- | M] () -- C:\Users\Catherine\Desktop\4-cycle-fat-loss-solution.zip ========== Files Created - No Company Name ========== [2015/04/27 19:41:40 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015/04/27 19:28:07 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CATHERINE-HP-Windows-7-Home-Premium-(64-bit).dat [2015/04/27 17:43:54 | 000,000,606 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus Startup.job [2015/04/27 17:43:50 | 000,000,653 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_409E1657-ED37-11E4-B47E-64315086D795.job [2015/04/22 10:57:58 | 000,033,799 | ---- | C] () -- C:\Users\Catherine\Desktop\John Conquer Root.rtf [2015/04/22 09:32:35 | 000,001,191 | ---- | C] () -- C:\Users\Catherine\Desktop\DOB15B81 Handouts - Shortcut.lnk [2015/04/22 09:32:04 | 000,001,273 | ---- | C] () -- C:\Users\Catherine\Desktop\Commonly Abused Drugs - Shortcut.lnk [2015/04/22 09:31:51 | 000,001,354 | ---- | C] () -- C:\Users\Catherine\Desktop\Drugs in the Detention Setting - Shortcut.lnk [2015/04/22 09:31:15 | 000,001,192 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions - Shortcut.lnk [2015/04/22 09:31:09 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions (3) - Shortcut.lnk [2015/04/22 09:31:03 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions (2) - Shortcut.lnk [2015/04/22 09:30:56 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions (1) - Shortcut.lnk [2015/04/22 09:29:21 | 000,001,489 | ---- | C] () -- C:\Users\Catherine\Desktop\Occupational Exposure to Bloodborne Pathogens - Shortcut.lnk [2015/04/22 09:29:13 | 000,001,255 | ---- | C] () -- C:\Users\Catherine\Desktop\LEApplicationPacket - Shortcut.lnk [2015/04/22 09:29:01 | 000,001,399 | ---- | C] () -- C:\Users\Catherine\Desktop\PHYSICAL TRAINING VERIFICATION FORM - Shortcut.lnk [2015/04/22 09:28:53 | 000,001,273 | ---- | C] () -- C:\Users\Catherine\Desktop\PRACTICAL ORIENTATION - Shortcut.lnk [2015/04/22 09:27:33 | 000,001,291 | ---- | C] () -- C:\Users\Catherine\Desktop\Wyo Criminal Procedures - Shortcut.lnk [2015/04/22 09:27:08 | 000,001,284 | ---- | C] () -- C:\Users\Catherine\Desktop\StudentCorr - Shortcut.lnk [2015/04/22 09:26:20 | 000,001,156 | ---- | C] () -- C:\Users\Catherine\Desktop\Overview - Shortcut.lnk [2015/04/22 09:25:31 | 000,001,273 | ---- | C] () -- C:\Users\Catherine\Desktop\Report Writing IL 4-b - Shortcut.lnk [2015/04/22 09:25:17 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\PHYSICAL FITNESS - Shortcut.lnk [2015/04/22 09:18:36 | 000,060,188 | ---- | C] () -- C:\Users\Catherine\Desktop\Completion Dates for Students (P).pdf [2015/04/22 09:17:40 | 000,563,379 | ---- | C] () -- C:\Users\Catherine\Desktop\DOB Instructional Objectives (P).pdf [2015/04/22 09:17:08 | 000,282,966 | ---- | C] () -- C:\Users\Catherine\Desktop\Information Guide.pdf [2015/04/16 13:45:06 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2015/04/11 20:56:52 | 065,955,922 | ---- | C] () -- C:\Users\Catherine\Desktop\4-cycle-fat-loss-solution.zip [2015/02/15 20:29:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2015/01/07 17:30:46 | 000,020,513 | ---- | C] () -- C:\Windows\prodsett_copy.ini [2014/08/22 11:26:11 | 000,004,124 | ---- | C] () -- C:\Users\Catherine\.swfinfo [2013/06/11 10:24:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/11 10:24:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/11 10:24:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/11 10:24:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/11 10:24:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/05/08 19:50:17 | 000,000,258 | RHS- | C] () -- C:\Users\Catherine\ntuser.pol [2012/09/04 17:37:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 23:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 23:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/11/09 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Artogon [2011/09/22 23:48:56 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Big Finish [2011/06/15 11:30:09 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Blio [2011/09/19 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\CursedOnboard [2012/03/16 20:51:37 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\enchant [2014/04/21 15:13:35 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\EuroTrade A.L. Ltd [2012/04/11 16:40:53 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Floodlight Games [2012/04/16 20:48:14 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\GameMill Entertainment [2012/04/16 18:29:57 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\HdO Adventure [2011/09/11 21:00:22 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\iWing [2013/06/11 12:01:04 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Oberon Media [2014/04/21 15:23:36 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Opera Software [2011/06/09 02:39:05 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\PictureMover [2013/05/13 10:09:48 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\player [2011/06/09 02:39:12 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Sierra Wireless [2012/03/09 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Smart PDF Creator Pro [2015/02/02 13:46:34 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\SmartSoftOCRHelper [2013/07/08 12:23:05 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\SoftGrid Client [2012/05/26 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\SpinTop Games [2011/06/09 02:37:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Synaptics [2012/04/12 20:25:16 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TitanicMystery [2012/04/17 19:47:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Top Evidence [2011/07/28 23:30:28 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TP [2013/06/11 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TweakNow RegCleaner 2012 [2012/03/14 20:28:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\VisualShape [2013/04/18 11:17:24 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WildTangent [2011/09/19 17:17:40 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WildTangentv1002 [2012/03/01 20:23:33 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Windows Live Writer [2012/10/31 09:23:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PictureMover [2012/10/31 09:22:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics [2011/11/13 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PictureMover [2011/11/13 11:48:10 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Synaptics ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:4EE95FE7 @Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:30C74695 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:A2A602F0 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:94BD36A2 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D346F792 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9F38BF31 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C7A094AF @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:63ABD638 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:25FF8A61 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4E0D1F1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DA84DA4A @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:943FEF5D @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:EC2C753C @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:62D72D41 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E4E83517 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD < End of report >
  6. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/9/2011 2:21:45 AM System Uptime: 4/27/2015 8:26:22 PM (1 hours ago) . Motherboard: Hewlett-Packard | | 1697 Processor: AMD Athlon II P360 Dual-Core Processor | Socket S1G4 | 2300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 206.706 GiB free. D: is FIXED (NTFS) - 15 GiB total, 1.873 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP428: 3/8/2015 2:16:31 PM - Scheduled Checkpoint RP429: 3/12/2015 5:30:46 AM - Windows Update RP430: 4/5/2015 7:25:09 PM - Windows Update RP431: 4/7/2015 9:52:58 AM - F-Secure malware removal RP433: 4/20/2015 9:19:28 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 17 ActiveX Adobe Flash Player 17 NPAPI AMD Fuel ATI Catalyst Install Manager ccc-utility64 Charter Security Suite Computer Security 14.121.102.0 (release) F-Secure CCF Reputation F-Secure CCF Scanning 1.51.112.309 (release) F-Secure Network CCF 1.03.102 F-Secure SafeSearch 1.03.159.0 (release) Google Chrome Google Update Helper HP Auto HP Client Services HP Photosmart 5510 series Basic Device Software HP Photosmart 5510 series Product Improvement Study HP Update HP Wireless Assistant Malwarebytes Anti-Malware version 2.1.6.1022 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft PowerPoint Viewer Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Online Safety 2.115.2786.1676 Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.1 (KB3037581) Smart PDF Creator Pro 6.3.0.467 Synaptics Pointing Device Driver Update Installer for WildTangent Games App Windows Live ID Sign-in Assistant Windows Live Language Selector Windows Live MIME IFilter Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources WMV9/VC-1 Video Playback . ==== Event Viewer Messages From Past Week ======== . 4/27/2015 8:26:15 AM, Error: Service Control Manager [7000] - The Update Mgr DigitalMore service failed to start due to the following error: The system cannot find the file specified. 4/27/2015 7:36:38 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll 4/27/2015 7:30:27 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running. 4/27/2015 7:29:59 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 4/27/2015 7:29:58 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:29:57 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/27/2015 7:29:34 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:29:33 PM, Error: Service Control Manager [7034] - The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:29:32 PM, Error: Service Control Manager [7031] - The F-Secure Dll Hoster service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 4/27/2015 7:29:30 PM, Error: Service Control Manager [7034] - The Sierra Wireless Card Detection Service service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:29:30 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:29:10 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:29:10 PM, Error: Service Control Manager [7031] - The F-Secure ORSP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 4/27/2015 7:29:10 PM, Error: Service Control Manager [7031] - The F-Secure Dll Hoster service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 4/27/2015 7:29:09 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:29:09 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:29:09 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:29:09 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/27/2015 7:17:48 PM, Error: Service Control Manager [7034] - The FSMA service terminated unexpectedly. It has done this 2 time(s). 4/27/2015 7:17:48 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/27/2015 7:17:48 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/27/2015 7:17:48 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 4/27/2015 7:17:48 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/27/2015 7:17:48 PM, Error: Service Control Manager [7031] - The F-Secure ORSP Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 4/27/2015 7:17:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 4/27/2015 7:16:36 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:16:35 PM, Error: Service Control Manager [7034] - The FSMA service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:16:35 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/27/2015 7:16:34 PM, Error: Service Control Manager [7034] - The Reimage Real Time Protector service terminated unexpectedly. It has done this 1 time(s). 4/27/2015 7:16:34 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. . ==== End Of File ===========================
  7. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17728 Run by Catherine at 21:12:22 on 2015-04-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2160 [GMT -6:00] . AV: Computer Security *Enabled/Updated* {0F70A6C4-76E4-6A3B-2695-519F428B1C20} SP: Computer Security *Enabled/Updated* {B4114720-50DE-65B5-1C25-6AED390C569D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Charter Security Suite\fshoster32.exe C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE C:\Program Files (x86)\Charter Security Suite\fshoster32.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Browsing Protection: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN249395ND05V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 mRun: [attcm_AppStart.exe] "C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" /splash mRun: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: ecollege.com Trusted Zone: kaplan.edu Trusted Zone: kucourses.com TCP: NameServer = 192.168.1.1 TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\8686F6E6F62737 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{ED4A0A7E-FDE4-40D9-8D6E-CC71C8D5EC16} : DHCPNameServer = 69.144.127.53 71.10.216.1 71.10.216.2 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Browsing Protection: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Run: [smartSoft PDF Printer Agent] "C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800] R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2015-1-7 56016] R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2015-4-14 71080] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2015-1-7 13352] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-15 203776] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496] R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [2014-10-6 187432] R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [2014-6-24 60456] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-4-27 1871160] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-4-27 1080120] R2 SCWFPFilter;SCWFPFilter;C:\Windows\System32\drivers\WFPFilter.sys [2012-1-10 25552] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-6-24 317296] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-5 46136] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2015-1-7 208424] R3 fsni;fsni;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys [2014-6-23 90152] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-4-27 25816] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-4-27 136408] R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-4-27 63704] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-3-5 333416] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-5 406632] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-5 38528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S3 AdminHelper.exe;AdminHelper.exe;C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe [2012-3-22 55728] S3 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304] S3 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 265808] S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2014-7-7 41032] S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-7-25 32512] S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-4-16 114688] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056] S3 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 swiwdmbus;Sierra Wireless USB Composite Bus;C:\Windows\System32\drivers\swiwdmbusx64.sys [2011-6-9 102656] S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2011-6-9 240640] S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2011-6-9 210944] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-19 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-10 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2015-04-28 01:42:17 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-04-28 01:41:30 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-04-28 01:41:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-04-28 01:41:30 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-04-28 01:41:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-28 01:28:00 -------- d-----w- C:\RegBackup 2015-04-16 19:45:54 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-04-06 01:26:31 -------- d-s---w- C:\Windows\SysWow64\GWX 2015-04-06 01:26:30 -------- d-s---w- C:\Windows\System32\GWX . ==================== Find3M ==================== . 2015-04-21 17:01:23 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2015-04-21 17:01:23 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll 2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll 2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll 2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll 2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll 2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe 2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll 2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe 2015-03-23 03:25:15 726528 ----a-w- C:\Windows\System32\generaltel.dll 2015-03-23 03:25:01 769536 ----a-w- C:\Windows\System32\invagent.dll 2015-03-23 03:24:56 419840 ----a-w- C:\Windows\System32\devinv.dll 2015-03-23 03:24:54 957952 ----a-w- C:\Windows\System32\appraiser.dll 2015-03-23 03:24:53 30720 ----a-w- C:\Windows\System32\acmigration.dll 2015-03-23 03:24:53 227328 ----a-w- C:\Windows\System32\aepdu.dll 2015-03-23 03:24:53 192000 ----a-w- C:\Windows\System32\aepic.dll 2015-03-23 03:17:39 1111552 ----a-w- C:\Windows\System32\aeinv.dll 2015-03-17 05:22:35 95672 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-03-17 05:22:35 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-03-17 05:19:37 1727904 ----a-w- C:\Windows\System32\ntdll.dll 2015-03-17 05:17:00 362496 ----a-w- C:\Windows\System32\wow64win.dll 2015-03-17 05:17:00 243712 ----a-w- C:\Windows\System32\wow64.dll 2015-03-17 05:17:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2015-03-17 05:15:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2015-03-17 05:15:44 338432 ----a-w- C:\Windows\System32\conhost.exe 2015-03-17 05:15:40 64000 ----a-w- C:\Windows\System32\auditpol.exe 2015-03-17 05:13:29 60416 ----a-w- C:\Windows\System32\msobjs.dll 2015-03-17 05:13:17 146432 ----a-w- C:\Windows\System32\msaudite.dll 2015-03-17 05:01:09 3976632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2015-03-17 05:01:09 3920824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2015-03-17 04:59:26 1309696 ----a-w- C:\Windows\SysWow64\ntdll.dll 2015-03-17 04:57:25 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll 2015-03-17 04:57:21 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll 2015-03-17 04:57:20 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2015-03-17 04:57:17 248832 ----a-w- C:\Windows\SysWow64\schannel.dll 2015-03-17 04:57:17 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2015-03-17 04:57:13 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2015-03-17 04:57:12 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2015-03-17 04:57:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2015-03-17 04:57:07 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll 2015-03-17 04:56:59 17408 ----a-w- C:\Windows\SysWow64\credssp.dll 2015-03-17 04:56:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2015-03-17 04:56:41 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2015-03-17 04:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe 2015-03-17 04:56:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2015-03-17 04:56:01 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2015-03-17 04:56:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2015-03-17 04:53:35 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll 2015-03-17 04:53:13 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll 2015-03-17 03:45:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2015-03-17 03:45:23 2048 ----a-w- C:\Windows\SysWow64\user.exe 2015-03-17 03:43:04 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2015-03-17 03:43:04 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2015-03-17 03:43:04 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2015-03-17 03:43:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2015-03-13 04:25:14 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2015-03-13 04:25:01 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2015-03-13 04:09:12 66560 ----a-w- C:\Windows\System32\iesetup.dll 2015-03-13 04:08:33 584192 ----a-w- C:\Windows\System32\vbscript.dll 2015-03-13 04:08:27 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2015-03-13 04:08:17 417280 ----a-w- C:\Windows\System32\html.iec 2015-03-13 04:06:54 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll 2015-03-13 03:54:11 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-03-13 03:54:00 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-03-13 03:53:22 814080 ----a-w- C:\Windows\System32\jscript9diag.dll 2015-03-13 03:50:45 6025216 ----a-w- C:\Windows\System32\jscript9.dll 2015-03-13 03:44:48 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-03-13 03:42:18 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2015-03-13 03:32:48 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2015-03-13 03:28:48 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll 2015-03-13 03:28:37 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll 2015-03-13 03:27:51 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2015-03-13 03:27:35 340992 ----a-w- C:\Windows\SysWow64\html.iec 2015-03-13 03:26:19 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll 2015-03-13 03:16:26 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2015-03-13 03:15:40 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2015-03-13 03:05:50 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2015-03-13 03:05:24 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl 2015-03-13 03:01:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2015-03-13 02:49:21 4305408 ----a-w- C:\Windows\SysWow64\jscript9.dll 2015-03-13 02:45:57 2358784 ----a-w- C:\Windows\System32\wininet.dll 2015-03-13 02:43:41 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2015-03-13 02:42:47 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2015-03-13 02:20:28 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll 2015-03-10 03:25:10 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2015-03-10 03:21:42 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2015-03-10 03:08:26 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2015-03-10 03:05:39 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2015-03-05 05:12:33 404480 ----a-w- C:\Windows\System32\gdi32.dll 2015-03-05 04:05:06 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll 2015-03-04 04:55:13 367552 ----a-w- C:\Windows\System32\clfs.sys 2015-03-04 04:41:27 79360 ----a-w- C:\Windows\System32\clfsw32.dll 2015-03-04 04:10:54 58880 ----a-w- C:\Windows\SysWow64\clfsw32.dll 2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys 2015-02-25 03:18:01 754688 ----a-w- C:\Windows\System32\drivers\http.sys 2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll 2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll 2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll . ============= FINISH: 21:13:40.76 ===============
  8. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/27/2015 Scan Time: 7:42:56 PM Logfile: Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.04.27.05 Rootkit Database: v2015.04.21.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Catherine Scan Type: Threat Scan Result: Completed Objects Scanned: 446009 Time Elapsed: 40 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 25 PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], PUP.Optional.WeCare.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], Adware.GamePlayLab, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], Adware.GamePlayLab, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], Adware.GamePlayLab, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], PUP.Optional.Gamesbar.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CB0D163C-E9F4-4236-9496-0597E24B23A5}, Quarantined, [fc950c6517730036706655ec788b03fd], PUP.Optional.Gamesbar.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB0D163C-E9F4-4236-9496-0597E24B23A5}, Quarantined, [fc950c6517730036706655ec788b03fd], PUP.Optional.Gamesbar.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB0D163C-E9F4-4236-9496-0597E24B23A5}, Quarantined, [fc950c6517730036706655ec788b03fd], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cnpkmcjgpcihgfnkcjapiaabbbplkcmf, Quarantined, [7c156e0352381422da8d21b77c8738c8], PUP.Optional.MyCoups.A, HKLM\SOFTWARE\WOW6432NODE\MYCOUPS, Quarantined, [81105c15f09a6cca743f9bb5689dd12f], PUP.Optional.Enformation.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\enformation, Quarantined, [0b8678f95d2d9e987327ec09679c768a], PUP.Optional.GenericAddon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [840d9cd55634cc6a69240fd9db288c74], PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, Quarantined, [3c55e28fd3b761d5afa7a76937cdfa06], PUP.Optional.PlusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-8.9, Quarantined, [7021ec85c1c92d0987894fbade2650b0], PUP.Optional.GenericAddon.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [95fcdd94e5a570c6345932b67093e020], PUP.Optional.MyCoups.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\MYCOUPS, Quarantined, [eea3cca58109a393e0d43e1227de1ee2], PUP.Optional.CrossRider.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [deb3b0c1a7e3b383db1edf5f38cd04fc], PUP.Optional.MultiIE.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [eba62f4284061125943db79062a330d0], PUP.Optional.IWantThis.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\I Want This, Quarantined, [078a81f091f9d264e4d557ae45bf6f91], PUP.Optional.Mindspark.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\TotalRecipeSearch_14, Quarantined, [830e61100882053145982cd03dc6db25], PUP.Optional.MultiIE.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [4849bdb4f39746f059782027bd486a96], PUP.Optional.IWantThis.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\APPDATALOW\SOFTWARE\I Want This, Quarantined, [850c521fddad1c1a8a2f8e77788c60a0], Registry Values: 5 PUP.Optional.MyCoups.A, HKLM\SOFTWARE\WOW6432NODE\MYCOUPS|age, 1370232000, Quarantined, [81105c15f09a6cca743f9bb5689dd12f] PUP.Optional.MyCoups.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\MYCOUPS|age, 1370232000, Quarantined, [eea3cca58109a393e0d43e1227de1ee2] PUP.Optional.CrossRider.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\NEW WINDOWS\ALLOW|*.crossrider.com, CrossriderApp0002258, Quarantined, [97faa3cee9a159ddfdffe466b451d030] PUP.Optional.UnFriendApp.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\UnfriendApp\Firefox\, Quarantined, [1b765a17b0da31052dad1de22fd4cf31] PUP.Optional.UnFriendApp.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\UnfriendApp\Firefox\, Quarantined, [8e03f27f46447abc31a9dd22cf3418e8] Registry Data: 0 (No malicious items detected) Folders: 93 PUP.Optional.CrossRider.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0, Quarantined, [a1f083eef29891a52c554e4c5aa909f7], PUP.Optional.CrossRider.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo, Quarantined, [d8b9710091f9b086335a9bffdc278f71], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\HeadlineAlley_29, Quarantined, [e1b098d9b8d2ec4a9dd7811b54af5ea2], PUP.Optional.RRSavings.A, C:\Program Files\rrsavings, Quarantined, [9ef33c3566247bbbf1f0d0cde51efa06], PUP.Optional.FreeSoftToday.A, C:\Users\Catherine\AppData\Local\fst_us_42, Quarantined, [f1a00869206a5ed87833a701cf34d32d], PUP.Optional.FreeSoftToday.A, C:\Program Files (x86)\fst_us_42, Quarantined, [96fba3ce28626bcb139906a26e957789], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, Quarantined, [c2cff47de9a143f3a48999157e85d729], PUP.Optional.DigitalMore.A, C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e, Quarantined, [e1b0a2cffd8dfa3c53c0a2223ec5e719], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\adapter, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\abstractbutton, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\abstractbutton\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\alert, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\alert\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\generic, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\generic\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\link, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\link\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\images, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\rss, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\rss\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\thirdparty, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\thirdparty\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\uninstall, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\uninstall\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\weather, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\weather\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\foreground, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\radioWrapper, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\_metadata, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], Files: 244 PUP.Optional.WeCare.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], Adware.GamePlayLab, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu64.dll, Quarantined, [dbb6d899276361d523b0c283bb4b60a0], PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [335e2e434b3f62d409badfe89372f60a], PUP.Optional.PreBackup.A, C:\Users\Catherine\AppData\Local\Temp\CloudBackup9025.exe, Quarantined, [167bb0c19af0092d201398dccd337a86], PUP.Optional.Goobzo, C:\Users\Catherine\AppData\Local\Temp\dufgmr4c.exe, Quarantined, [58394b26e9a1f93db8ed02c890717090], PUP.Optional.InstallIQ, C:\Users\Catherine\Downloads\mediaclassic.exe, Quarantined, [5b368ee3f892d561d3c1a39ae61b30d0], PUP.Optional.Bundle, C:\Users\Catherine\Downloads\adobe_flash_setup (1).exe, Quarantined, [0d84521f3a504bebb0d693b227dfe818], PUP.Optional.Bundle, C:\Users\Catherine\Downloads\adobe_flash_setup (2).exe, Quarantined, [4f4211600a808aac444264e1e81e8779], PUP.Optional.Bundle, C:\Users\Catherine\Downloads\adobe_flash_setup.exe, Quarantined, [a1f0036efc8eef4712741e278383da26], PUP.Optional.BundleInstaller.A, C:\Users\Catherine\Downloads\Unconfirmed 274501.crdownload, Quarantined, [8f0275fc0981d264d7539bb4e9196997], PUP.Optional.AirInstaller, C:\Users\Catherine\Downloads\Flash_Setup.exe, Quarantined, [9ef36011a5e5cf67e21ff742a35eb64a], PUP.Optional.Somoto, C:\Users\Catherine\Downloads\FLVPlayerSetup-Nb7SelJcY.exe, Quarantined, [a7ea4e2318725adcbb66ecfc7392916f], PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26263\ytdi_bf4fca0ff8_setup.exe, Quarantined, [0091ef824a407eb8795a073e0bfb29d7], PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26312\ytdi_bf4fca0ff8_setup.exe, Quarantined, [0b86224f0882b97d9142c0858680ef11], PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26364\ytdi_bf4fca0ff8_setup.exe, Quarantined, [ccc53d34a1e9ce68dbf8430248bec937], PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26413\ytdi_bf4fca0ff8_setup.exe, Quarantined, [058c1a57187265d107cc0d38ad593ec2], PUP.Optional.SnapDo.A, C:\Windows\Installer\f93ef39.msi, Quarantined, [e4ada8c999f1ce68d8e81e96847dac54], PUP.Optional.SelectNGo.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [434e6110eb9f191dc6d655a7ab587a86], PUP.Optional.SelectNGo.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Quarantined, [f1a039389ded94a2fd9f26d60cf7e41c], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pcpehlgijbdajfafffojllcaecaecngb_0.localstorage, Delete-on-Reboot, [226f670a95f56bcbb6d9c144cc3841bf], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pcpehlgijbdajfafffojllcaecaecngb_0.localstorage-journal, Delete-on-Reboot, [bfd2353cdcaea5915d32927354b060a0], PUP.Optional.FreeSoftToday.A, C:\Users\Catherine\AppData\Local\fst_us_42\upfst_us_42.cyp, Quarantined, [f1a00869206a5ed87833a701cf34d32d], PUP.Optional.FreeSoftToday.A, C:\Users\Catherine\AppData\Local\fst_us_42\user_profil.cyp, Quarantined, [f1a00869206a5ed87833a701cf34d32d], PUP.Optional.FreeSoftToday.A, C:\Program Files (x86)\fst_us_42\unins000.dat, Quarantined, [96fba3ce28626bcb139906a26e957789], PUP.Optional.FreeSoftToday.A, C:\Program Files (x86)\fst_us_42\unins000.msg, Quarantined, [96fba3ce28626bcb139906a26e957789], PUP.Optional.DigitalMore.A, C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\temp, Quarantined, [e1b0a2cffd8dfa3c53c0a2223ec5e719], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\manifest.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\bg.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\buildVars, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\buildVars.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\companionSW.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\config.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\contentScript.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\contentScript.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\debug.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\debug.jade, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\extension_toolbar_api.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\initWidgetWindow.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\newTabContentScript.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\options.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent2.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent2.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spentJ.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spentK.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spentK.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\startup.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\stub.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\stubby.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\superFrame.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbar.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbar.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbarUI.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbarUI.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbarUI.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\url.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\adapter\adapterUtil.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\adapter\widget-adapter.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\alert\background\alertButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\background\FlareWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons\Thumbs.db, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\generic\background\GenericWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\link\background\linkButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\README.txt, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\background\menuButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\css\menuframe.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\html\menuframe.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\images\right_arrow.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\images\right_arrow_white.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\menuframe.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\query-string.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\rss\background\RssWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\weather\background\weatherButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\bs.30.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\common.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\dynamic.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\enableDetect.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\eventListening.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\global.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\list-interaction.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\messageEventListener.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\navRedirector.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\paramReplacer.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\PartnerId.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\set.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\underscore-1.5.2.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\unifiedLogging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widget-context-1.0.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\common.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\set.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\invalid.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\jquery.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\qunit.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\qunit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\resource.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\resource.xml, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\background\ApiBasedWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\background\widget-api-impl.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\widgetWindow.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\widgetWindow.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\background\updateSearch.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\css\movieReviews.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\html\movieReviews.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\js\movieReviews.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\background\RadioWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\css\toolbar-item.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\foreground\button.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\background\searchBox.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestions.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestions.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestions.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestionsInit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\css\supertab.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\html\supertab.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\newtabfork.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\reporting.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\srchsugg.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\supertab.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\unifiedLogging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\__utm.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\arrowSprite.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon128.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon16.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon19disabled.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon19on.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon48.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116621.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116625.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116640.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116644.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116653.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116675.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\down_arrow.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\magnifying_glass.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\RadioPlayerSprite.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\search_button.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\tvf_icon_guide.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\tvf_logo.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\wrench.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\chromeUtils.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\exeManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\exeManagerNMD.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\exePackageManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\focusManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\globalBlacklistManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\messaging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\mutation_summary-min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\mutation_summary.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\nativeMessagingDispatcher.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\newTabInfo.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\newTabInitialize.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\options.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\readLocalStorage.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\reservespacefortoolbar.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\reservespaceifenabled.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\scriptInjector.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\searchContext.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\settingsOverrides.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\toolbarCookieParser.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\toolbarPreinit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\URILoaderContentScript.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\Widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\widgetContentScriptInjectee.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\widgetFactory.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\widgetWindowManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\cache.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\ce.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\debug.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\ss.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs\jquery-1.9.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs\underscore-1.5.2.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\HttpURL.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\rsvp-latest.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\unifiedLogging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\universalConsole.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\utils.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\_metadata\verified_contents.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.KeyFind.A, C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\search.json, Good: (), Bad: (key-find), Replaced,[61306e030b7f6bcb69be52f5aa5c7a86] Physical Sectors: 0 (No malicious items detected) (end)
  9. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.6.5 (04.27.2015:1) OS: Windows 7 Home Premium x64 Ran by Catherine on Mon 04/27/2015 at 19:27:56.19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\system32\tasks\PC Optimizer Pro64 startups ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Users\Catherine\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal Successfully deleted: [File] C:\Users\Catherine\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{366D4FC7-0F57-4DCC-A74A-65953B792687} Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{60501BEB-D388-4A5F-95B0-68AFD524F7C5} Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{60DF7411-2008-45FA-A5DA-74AA6DF227A8} Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{B699C5BD-0C19-41AA-816B-FC8B6324D2B8} Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{C405513C-7AC6-4570-9402-1C55BBA8CF8A} Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{E11A79C8-934A-44BC-913B-FB62F8D679E5} Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{F5414D90-EBE7-498E-8B84-F7ACDF4A1E01} Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{FB9F177F-5448-40BE-A77D-2B699344714A} Successfully deleted: [Folder] C:\ai_recyclebin Successfully deleted: [Folder] C:\ProgramData\surffkoeeEPPit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 04/27/2015 at 19:35:27.76 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. # AdwCleaner v4.202 - Logfile created 27/04/2015 at 19:16:41 # Updated 23/04/2015 by Xplode # Database : 2015-04-27.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Catherine - CATHERINE-HP # Running from : C:\Users\Catherine\Downloads\adwcleaner_4.202.exe # Option : Cleaning ***** [ Services ] ***** [#] Service Deleted : ReimageRealTimeProtector Service Deleted : sbmntr [#] Service Deleted : Update Mgr DigitalMore ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\IePluginServices Folder Deleted : C:\ProgramData\SearchModule Folder Deleted : C:\ProgramData\ZombieAlert Folder Deleted : C:\ProgramData\Reimage Protector Folder Deleted : C:\ProgramData\Winferno Folder Deleted : C:\ProgramData\SparkTrust Folder Deleted : C:\ProgramData\SaliesCheeckerr Folder Deleted : C:\Program Files (x86)\globalUpdate Folder Deleted : C:\Program Files (x86)\iWebar [x] Not Deleted : C:\Program Files (x86)\MediaPlayerEnhance Folder Deleted : C:\Program Files (x86)\predm Folder Deleted : C:\Program Files (x86)\YTDownloader Folder Deleted : C:\Program Files (x86)\Privacy DR Folder Deleted : C:\Program Files (x86)\SparkTrust Folder Deleted : C:\Program Files (x86)\SaliesCheeckerr Folder Deleted : C:\Program Files (x86)\MediaPlayerEnhance Folder Deleted : C:\Program Files (x86)\Common Files\SparkTrust Folder Deleted : C:\Windows\SysWOW64\SearchProtect [x] Not Deleted : C:\Program Files\002 [x] Not Deleted : C:\Program Files\003 [x] Not Deleted : C:\Program Files\Reimage [x] Not Deleted : C:\Program Files\RrSavings Folder Deleted : C:\Users\Catherine\AppData\Local\Freesofttoday Folder Deleted : C:\Users\Catherine\AppData\Local\Gameo Folder Deleted : C:\Users\Catherine\AppData\Local\globalUpdate Folder Deleted : C:\Users\Catherine\AppData\Local\LPT Folder Deleted : C:\Users\Catherine\AppData\Local\SwvUpdater Folder Deleted : C:\Users\Catherine\AppData\Local\Tuguu_SL Folder Deleted : C:\Users\Catherine\AppData\Local\WeatherAlerts Folder Deleted : C:\Users\Catherine\AppData\Local\ZombieAlert Folder Deleted : C:\Users\Catherine\AppData\Roaming\SpeedAnalysis2 Folder Deleted : C:\Users\Catherine\AppData\Roaming\v9 Folder Deleted : C:\Users\Catherine\AppData\Roaming\SparkTrust Folder Deleted : C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust Folder Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\Extensions\[email protected]5ac7300ac.com Folder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf Folder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo Folder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn [/!\] Not Deleted ( Junction ) : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo Folder Deleted : C:\Users\Catherine\AppData\Roaming\Opera Software\Opera Stable\Extensions\dfohdbmjdkfijghgklbickfnaepghgba Folder Deleted : C:\Users\Catherine\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo File Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\Extensions\[email protected] File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorage File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorage-journal File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0 File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gafhhbahpojnjfhpepjjfjojbphnogmn_0.localstorage File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gafhhbahpojnjfhpepjjfjojbphnogmn_0.localstorage-journal File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0 File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo File Deleted : C:\Windows\Reimage.ini File Deleted : C:\Windows\SysWOW64\SecureAssist.dll File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Windows\System32\SecureAssist64.dll File Deleted : C:\Users\Catherine\daemonprocess.txt File Deleted : C:\Users\Catherine\AppData\Roaming\speedanalysis.ico File Deleted : C:\Users\Catherine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SparkTrust PC Cleaner Plus.lnk File Deleted : C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url File Deleted : C:\Users\Catherine\Desktop\SparkTrust PC Cleaner Plus.lnk File Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\searchplugins\bingp.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\key-find.xml File Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\searchplugins\trovi-search.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journal File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage-journal File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal ***** [ Scheduled tasks ] ***** Task Deleted : gameo_update Task Deleted : LaunchApp Task Deleted : PC Optimizer Pro Updates Task Deleted : Reimage Reminder Task Deleted : ReimageUpdater Task Deleted : RunAsStdUser Task Task Deleted : SMupdate1 Task Deleted : YTDownloader Task Deleted : YTDownloaderUpd Task Deleted : SparkTrust Update Version3 Task Deleted : SparkTrust Update Version3_triggeronce Task Deleted : SparkTrust Registration3 Task Deleted : MediaPlayerEnhance-updater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d925bc12-7440-413e-a040-cef15508f0c5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878B8524-AED5-4870-9A96-A515440DAC75} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{d925bc12-7440-413e-a040-cef15508f0c5}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d925bc12-7440-413e-a040-cef15508f0c5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\17BDFF48CB2043A3A7504DED58A442C5 Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\TutoTag Key Deleted : HKCU\Software\Reimage Key Deleted : HKCU\Software\YTDownloader Key Deleted : HKCU\Software\gameo Key Deleted : HKCU\Software\reimagerepair Key Deleted : HKCU\Software\Local AppWizard-Generated Applications Key Deleted : HKCU\Software\AppDataLow\Software\MediaPlayerEnhance Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings Key Deleted : HKCU\Software\AppDataLow\Software\RrSavings Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings Key Deleted : HKLM\SOFTWARE\MediaPlayerEnhance Key Deleted : HKLM\SOFTWARE\PIP Key Deleted : HKLM\SOFTWARE\SupDp Key Deleted : HKLM\SOFTWARE\suprasavings Key Deleted : HKLM\SOFTWARE\Tutorials Key Deleted : HKLM\SOFTWARE\YTDownloader Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35827710-D042-428B-A1E5-E20E12D2FEB9} Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher Key Deleted : [x64] HKLM\SOFTWARE\RrSavings Key Deleted : [x64] HKLM\SOFTWARE\suprasavings Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks Key Deleted : [x64] HKLM\SOFTWARE\Reimage Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17728 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] -\\ Mozilla Firefox v [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"83°F\",\"temperatureClear\":\"83°F\",\"highTemperature\":\"93°F\",\"lowTemperature\":\"59°F\",\"feelsLike\":\"80°F\",[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.embeddedsData", "[{\"appId\":\"129878973612432233\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298570%26octid%3DCT3298570%26SearchSource%3D61%26CUI%3DUN7[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3286042.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"62°F\",\"temperatureClear\":\"62°F\",\"highTemperature\":\"62°F\",\"lowTemperature\":\"43°F\",\"feelsLike\":\"62°F\",[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3298570.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3298570.embeddedsData", "[{\"appId\":\"130110228341463105\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3298570.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298570%26octid%3DCT3298570%26SearchSource%3D61%26CUI%3DUN7[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.VYbDR.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.n[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.WZ3n.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.ne[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.dynconff.cache.search.conduit.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1169_1348_1420\"><content id=\"IntextAds\">\r\n<newjs>\r\n<![CDATA[\r\n\r\ntry {\r\n[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.Visibility", false); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.countryiso", "us"); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.downloadprovider", "quickobrw"); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installationid", "64cfa884-eb4e-4fc7-a8f1-7a7ed71afee5"); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installdate", "11/06/2013"); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw"); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(\\\\\\/ig\\\\\\/firefox)\",\"[...] [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.trace_log", "1370821463940 - onFlagInfoReceived - Same server mapping version, don't update\n1370821463940 - onFlagInfoReceived - Saving server mapping version\n13708214639[...] [niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com"); [niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); [niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com"); [niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com"); [niay4rle.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); [niay4rle.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "13ab8e032c6e6bfba17aeee9bb15f202"); -\\ Google Chrome v36.0.1985.125 [C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : dgjkhjdcljddbedokogakmmdjgnbeanf [C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : lekgiimbfodefdaoofhlckefjbgpeilo [C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : gafhhbahpojnjfhpepjjfjojbphnogmn [C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : lekgiimbfodefdaoofhlckefjbgpeilo -\\ Opera v0.0.0.0 ************************* AdwCleaner[R0].txt - [134887 bytes] - [25/07/2014 15:35:26] AdwCleaner[R1].txt - [134887 bytes] - [25/07/2014 16:10:11] AdwCleaner[R2].txt - [131174 bytes] - [25/07/2014 17:04:10] AdwCleaner[R3].txt - [37748 bytes] - [27/04/2015 19:03:34] AdwCleaner[s0].txt - [36289 bytes] - [27/04/2015 19:16:41] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [36349 bytes] ##########
  11. My computer has tons of pop up all over the page that I am on