Sponsored By

Sign in to follow this  
Catherine

Need help with too many pop ups

Recommended Posts

Howdy Catherine and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  



===================================



AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Clean" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



NEXT



    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>>   http://api.viglink.com/api/click?format=go&jsonp=vglnk_142716402237113&key=9b4efad421c8b103b2c94b796db973b0&libId=i7moiq1n01002u9u000DAjanrgva6&subId=ada8cd58e448a82cf9bb2f2782266d43&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D129391%26page%3D1&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmwb-download%2Fconfirm%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3D49c36eb57530cd237bc7129892da2191%26showforum%3D27&title=can%27t%20download%20or%20run%20malwarebyts%20%5BSolved%5D%20-%20What%20the%20Tech&txt=http%3A%2F%2Fwww.malwareby...m_medium%3Dsocial

      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.

Malwarebytes.png

* Select type of scan to perform:

MBAMScanTab_zps2c5e74bd.gif
   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
 

 

Post these logs after running each program, then proceed to the next !!

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

When pasting the logs just click in the big box at the bottom, paste log, then click "Post" ! May have to try it a few times to paste !!

Share this post


Link to post
Share on other sites
# AdwCleaner v4.202 - Logfile created 27/04/2015 at 19:16:41

# Updated 23/04/2015 by Xplode

# Database : 2015-04-27.1 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Catherine - CATHERINE-HP

# Running from : C:\Users\Catherine\Downloads\adwcleaner_4.202.exe

# Option : Cleaning

 

***** [ Services ] *****

 

[#] Service Deleted : ReimageRealTimeProtector

Service Deleted : sbmntr

[#] Service Deleted : Update Mgr DigitalMore

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\IePluginServices

Folder Deleted : C:\ProgramData\SearchModule

Folder Deleted : C:\ProgramData\ZombieAlert

Folder Deleted : C:\ProgramData\Reimage Protector

Folder Deleted : C:\ProgramData\Winferno

Folder Deleted : C:\ProgramData\SparkTrust

Folder Deleted : C:\ProgramData\SaliesCheeckerr

Folder Deleted : C:\Program Files (x86)\globalUpdate

Folder Deleted : C:\Program Files (x86)\iWebar

[x] Not Deleted : C:\Program Files (x86)\MediaPlayerEnhance

Folder Deleted : C:\Program Files (x86)\predm

Folder Deleted : C:\Program Files (x86)\YTDownloader

Folder Deleted : C:\Program Files (x86)\Privacy DR

Folder Deleted : C:\Program Files (x86)\SparkTrust

Folder Deleted : C:\Program Files (x86)\SaliesCheeckerr

Folder Deleted : C:\Program Files (x86)\MediaPlayerEnhance

Folder Deleted : C:\Program Files (x86)\Common Files\SparkTrust

Folder Deleted : C:\Windows\SysWOW64\SearchProtect

[x] Not Deleted : C:\Program Files\002

[x] Not Deleted : C:\Program Files\003

[x] Not Deleted : C:\Program Files\Reimage

[x] Not Deleted : C:\Program Files\RrSavings

Folder Deleted : C:\Users\Catherine\AppData\Local\Freesofttoday

Folder Deleted : C:\Users\Catherine\AppData\Local\Gameo

Folder Deleted : C:\Users\Catherine\AppData\Local\globalUpdate

Folder Deleted : C:\Users\Catherine\AppData\Local\LPT

Folder Deleted : C:\Users\Catherine\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\Catherine\AppData\Local\Tuguu_SL

Folder Deleted : C:\Users\Catherine\AppData\Local\WeatherAlerts

Folder Deleted : C:\Users\Catherine\AppData\Local\ZombieAlert

Folder Deleted : C:\Users\Catherine\AppData\Roaming\SpeedAnalysis2

Folder Deleted : C:\Users\Catherine\AppData\Roaming\v9

Folder Deleted : C:\Users\Catherine\AppData\Roaming\SparkTrust

Folder Deleted : C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust

Folder Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\Extensions\[email protected]5ac7300ac.com

Folder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf

Folder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo

Folder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn

[/!\] Not Deleted ( Junction ) : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo

Folder Deleted : C:\Users\Catherine\AppData\Roaming\Opera Software\Opera Stable\Extensions\dfohdbmjdkfijghgklbickfnaepghgba

Folder Deleted : C:\Users\Catherine\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo

File Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\Extensions\[email protected]

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorage

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorage-journal

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gafhhbahpojnjfhpepjjfjojbphnogmn_0.localstorage

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gafhhbahpojnjfhpepjjfjojbphnogmn_0.localstorage-journal

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo

File Deleted : C:\Windows\Reimage.ini

File Deleted : C:\Windows\SysWOW64\SecureAssist.dll

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Windows\System32\SecureAssist64.dll

File Deleted : C:\Users\Catherine\daemonprocess.txt

File Deleted : C:\Users\Catherine\AppData\Roaming\speedanalysis.ico

File Deleted : C:\Users\Catherine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SparkTrust PC Cleaner Plus.lnk

File Deleted : C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url

File Deleted : C:\Users\Catherine\Desktop\SparkTrust PC Cleaner Plus.lnk

File Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\searchplugins\bingp.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\key-find.xml

File Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\searchplugins\trovi-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journal

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage-journal

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage

File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal

 

***** [ Scheduled tasks ] *****

 

Task Deleted : gameo_update

Task Deleted : LaunchApp

Task Deleted : PC Optimizer Pro Updates

Task Deleted : Reimage Reminder

Task Deleted : ReimageUpdater

Task Deleted : RunAsStdUser Task

Task Deleted : SMupdate1

Task Deleted : YTDownloader

Task Deleted : YTDownloaderUpd

Task Deleted : SparkTrust Update Version3

Task Deleted : SparkTrust Update Version3_triggeronce

Task Deleted : SparkTrust Registration3

Task Deleted : MediaPlayerEnhance-updater

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe

Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt

Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL

Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1

Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d925bc12-7440-413e-a040-cef15508f0c5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878B8524-AED5-4870-9A96-A515440DAC75}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{d925bc12-7440-413e-a040-cef15508f0c5}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d925bc12-7440-413e-a040-cef15508f0c5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\17BDFF48CB2043A3A7504DED58A442C5

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\Reimage

Key Deleted : HKCU\Software\YTDownloader

Key Deleted : HKCU\Software\gameo

Key Deleted : HKCU\Software\reimagerepair

Key Deleted : HKCU\Software\Local AppWizard-Generated Applications

Key Deleted : HKCU\Software\AppDataLow\Software\MediaPlayerEnhance

Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings

Key Deleted : HKCU\Software\AppDataLow\Software\RrSavings

Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings

Key Deleted : HKLM\SOFTWARE\MediaPlayerEnhance

Key Deleted : HKLM\SOFTWARE\PIP

Key Deleted : HKLM\SOFTWARE\SupDp

Key Deleted : HKLM\SOFTWARE\suprasavings

Key Deleted : HKLM\SOFTWARE\Tutorials

Key Deleted : HKLM\SOFTWARE\YTDownloader

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35827710-D042-428B-A1E5-E20E12D2FEB9}

Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher

Key Deleted : [x64] HKLM\SOFTWARE\RrSavings

Key Deleted : [x64] HKLM\SOFTWARE\suprasavings

Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

Key Deleted : [x64] HKLM\SOFTWARE\Reimage

Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17728

 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

 

-\\ Mozilla Firefox v

 

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"83°F\",\"temperatureClear\":\"83°F\",\"highTemperature\":\"93°F\",\"lowTemperature\":\"59°F\",\"feelsLike\":\"80°F\",[...]

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.embeddedsData", "[{\"appId\":\"129878973612432233\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]


[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298570%26octid%3DCT3298570%26SearchSource%3D61%26CUI%3DUN7[...]

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3286042.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");


[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"62°F\",\"temperatureClear\":\"62°F\",\"highTemperature\":\"62°F\",\"lowTemperature\":\"43°F\",\"feelsLike\":\"62°F\",[...]

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");


[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3298570.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3298570.embeddedsData", "[{\"appId\":\"130110228341463105\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]


[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3298570.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298570%26octid%3DCT3298570%26SearchSource%3D61%26CUI%3DUN7[...]

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.VYbDR.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.n[...]

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.WZ3n.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.ne[...]

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.dynconff.cache.search.conduit.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1169_1348_1420\"><content id=\"IntextAds\">\r\n<newjs>\r\n<![CDATA[\r\n\r\ntry {\r\n[...]

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.Visibility", false);

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.countryiso", "us");

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.downloadprovider", "quickobrw");

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installationid", "64cfa884-eb4e-4fc7-a8f1-7a7ed71afee5");

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installdate", "11/06/2013");

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(\\\\\\/ig\\\\\\/firefox)\",\"[...]

[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.trace_log", "1370821463940 - onFlagInfoReceived - Same server mapping version, don't update\n1370821463940 - onFlagInfoReceived - Saving server mapping version\n13708214639[...]

[niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");

[niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

[niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");

[niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

[niay4rle.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

[niay4rle.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "13ab8e032c6e6bfba17aeee9bb15f202");

 

-\\ Google Chrome v36.0.1985.125

 

[C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : dgjkhjdcljddbedokogakmmdjgnbeanf

[C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : lekgiimbfodefdaoofhlckefjbgpeilo

[C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : gafhhbahpojnjfhpepjjfjojbphnogmn

[C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : lekgiimbfodefdaoofhlckefjbgpeilo

 

-\\ Opera v0.0.0.0

 

 

*************************

 

AdwCleaner[R0].txt - [134887 bytes] - [25/07/2014 15:35:26]

AdwCleaner[R1].txt - [134887 bytes] - [25/07/2014 16:10:11]

AdwCleaner[R2].txt - [131174 bytes] - [25/07/2014 17:04:10]

AdwCleaner[R3].txt - [37748 bytes] - [27/04/2015 19:03:34]

AdwCleaner[s0].txt - [36289 bytes] - [27/04/2015 19:16:41]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [36349  bytes] ##########

Share this post


Link to post
Share on other sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.6.5 (04.27.2015:1)

OS: Windows 7 Home Premium x64

Ran by Catherine on Mon 04/27/2015 at 19:27:56.19

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

Successfully deleted: [Task] C:\Windows\system32\tasks\PC Optimizer Pro64 startups

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41}

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Users\Catherine\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal

Successfully deleted: [File] C:\Users\Catherine\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{366D4FC7-0F57-4DCC-A74A-65953B792687}

Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{60501BEB-D388-4A5F-95B0-68AFD524F7C5}

Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{60DF7411-2008-45FA-A5DA-74AA6DF227A8}

Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{B699C5BD-0C19-41AA-816B-FC8B6324D2B8}

Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{C405513C-7AC6-4570-9402-1C55BBA8CF8A}

Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{E11A79C8-934A-44BC-913B-FB62F8D679E5}

Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{F5414D90-EBE7-498E-8B84-F7ACDF4A1E01}

Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{FB9F177F-5448-40BE-A77D-2B699344714A}

Successfully deleted: [Folder] C:\ai_recyclebin

Successfully deleted: [Folder] C:\ProgramData\surffkoeeEPPit

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 04/27/2015 at 19:35:27.76

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

Catherine, that's looking better ! It should be running much better but we have a lot more to get you all clean so after you post the Malwarebytes log I will need you to download & run this for me !!

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com




==========================

NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   



Post Next:

1. DDS logs
2. OTL.txt and Extras.txt (if a Extras.txt is produced)


Thanks
Chuck

 

I will read these tomorrow & post back to you of what we need to do then !!

Good-Night
 

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/27/2015

Scan Time: 7:42:56 PM

Logfile: 

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.04.27.05

Rootkit Database: v2015.04.21.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Catherine

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 446009

Time Elapsed: 40 min, 7 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 25

PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], 

PUP.Optional.WeCare.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], 

PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], 

PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], 

PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], 

Adware.GamePlayLab, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], 

Adware.GamePlayLab, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], 

Adware.GamePlayLab, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], 

PUP.Optional.Gamesbar.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CB0D163C-E9F4-4236-9496-0597E24B23A5}, Quarantined, [fc950c6517730036706655ec788b03fd], 

PUP.Optional.Gamesbar.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB0D163C-E9F4-4236-9496-0597E24B23A5}, Quarantined, [fc950c6517730036706655ec788b03fd], 

PUP.Optional.Gamesbar.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB0D163C-E9F4-4236-9496-0597E24B23A5}, Quarantined, [fc950c6517730036706655ec788b03fd], 

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cnpkmcjgpcihgfnkcjapiaabbbplkcmf, Quarantined, [7c156e0352381422da8d21b77c8738c8], 

PUP.Optional.MyCoups.A, HKLM\SOFTWARE\WOW6432NODE\MYCOUPS, Quarantined, [81105c15f09a6cca743f9bb5689dd12f], 

PUP.Optional.Enformation.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\enformation, Quarantined, [0b8678f95d2d9e987327ec09679c768a], 

PUP.Optional.GenericAddon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [840d9cd55634cc6a69240fd9db288c74], 

PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, Quarantined, [3c55e28fd3b761d5afa7a76937cdfa06], 

PUP.Optional.PlusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-8.9, Quarantined, [7021ec85c1c92d0987894fbade2650b0], 

PUP.Optional.GenericAddon.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [95fcdd94e5a570c6345932b67093e020], 

PUP.Optional.MyCoups.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\MYCOUPS, Quarantined, [eea3cca58109a393e0d43e1227de1ee2], 

PUP.Optional.CrossRider.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [deb3b0c1a7e3b383db1edf5f38cd04fc], 

PUP.Optional.MultiIE.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [eba62f4284061125943db79062a330d0], 

PUP.Optional.IWantThis.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\I Want This, Quarantined, [078a81f091f9d264e4d557ae45bf6f91], 

PUP.Optional.Mindspark.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\TotalRecipeSearch_14, Quarantined, [830e61100882053145982cd03dc6db25], 

PUP.Optional.MultiIE.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [4849bdb4f39746f059782027bd486a96], 

PUP.Optional.IWantThis.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\APPDATALOW\SOFTWARE\I Want This, Quarantined, [850c521fddad1c1a8a2f8e77788c60a0], 

 

Registry Values: 5

PUP.Optional.MyCoups.A, HKLM\SOFTWARE\WOW6432NODE\MYCOUPS|age, 1370232000, Quarantined, [81105c15f09a6cca743f9bb5689dd12f]

PUP.Optional.MyCoups.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\MYCOUPS|age, 1370232000, Quarantined, [eea3cca58109a393e0d43e1227de1ee2]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\NEW WINDOWS\ALLOW|*.crossrider.com, CrossriderApp0002258, Quarantined, [97faa3cee9a159ddfdffe466b451d030]

PUP.Optional.UnFriendApp.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\UnfriendApp\Firefox\, Quarantined, [1b765a17b0da31052dad1de22fd4cf31]

PUP.Optional.UnFriendApp.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\UnfriendApp\Firefox\, Quarantined, [8e03f27f46447abc31a9dd22cf3418e8]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 93

PUP.Optional.CrossRider.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0, Quarantined, [a1f083eef29891a52c554e4c5aa909f7], 

PUP.Optional.CrossRider.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo, Quarantined, [d8b9710091f9b086335a9bffdc278f71], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\HeadlineAlley_29, Quarantined, [e1b098d9b8d2ec4a9dd7811b54af5ea2], 

PUP.Optional.RRSavings.A, C:\Program Files\rrsavings, Quarantined, [9ef33c3566247bbbf1f0d0cde51efa06], 

PUP.Optional.FreeSoftToday.A, C:\Users\Catherine\AppData\Local\fst_us_42, Quarantined, [f1a00869206a5ed87833a701cf34d32d], 

PUP.Optional.FreeSoftToday.A, C:\Program Files (x86)\fst_us_42, Quarantined, [96fba3ce28626bcb139906a26e957789], 

PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, Quarantined, [c2cff47de9a143f3a48999157e85d729], 

PUP.Optional.DigitalMore.A, C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e, Quarantined, [e1b0a2cffd8dfa3c53c0a2223ec5e719], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\adapter, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\abstractbutton, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\abstractbutton\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\alert, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\alert\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\generic, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\generic\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\link, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\link\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\images, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\rss, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\rss\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\thirdparty, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\thirdparty\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\uninstall, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\uninstall\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\weather, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\weather\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\foreground, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\radioWrapper, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\_metadata, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

 

Files: 244

PUP.Optional.WeCare.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], 

Adware.GamePlayLab, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], 

PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu64.dll, Quarantined, [dbb6d899276361d523b0c283bb4b60a0], 

PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [335e2e434b3f62d409badfe89372f60a], 

PUP.Optional.PreBackup.A, C:\Users\Catherine\AppData\Local\Temp\CloudBackup9025.exe, Quarantined, [167bb0c19af0092d201398dccd337a86], 

PUP.Optional.Goobzo, C:\Users\Catherine\AppData\Local\Temp\dufgmr4c.exe, Quarantined, [58394b26e9a1f93db8ed02c890717090], 

PUP.Optional.InstallIQ, C:\Users\Catherine\Downloads\mediaclassic.exe, Quarantined, [5b368ee3f892d561d3c1a39ae61b30d0], 

PUP.Optional.Bundle, C:\Users\Catherine\Downloads\adobe_flash_setup (1).exe, Quarantined, [0d84521f3a504bebb0d693b227dfe818], 

PUP.Optional.Bundle, C:\Users\Catherine\Downloads\adobe_flash_setup (2).exe, Quarantined, [4f4211600a808aac444264e1e81e8779], 

PUP.Optional.Bundle, C:\Users\Catherine\Downloads\adobe_flash_setup.exe, Quarantined, [a1f0036efc8eef4712741e278383da26], 

PUP.Optional.BundleInstaller.A, C:\Users\Catherine\Downloads\Unconfirmed 274501.crdownload, Quarantined, [8f0275fc0981d264d7539bb4e9196997], 

PUP.Optional.AirInstaller, C:\Users\Catherine\Downloads\Flash_Setup.exe, Quarantined, [9ef36011a5e5cf67e21ff742a35eb64a], 

PUP.Optional.Somoto, C:\Users\Catherine\Downloads\FLVPlayerSetup-Nb7SelJcY.exe, Quarantined, [a7ea4e2318725adcbb66ecfc7392916f], 

PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26263\ytdi_bf4fca0ff8_setup.exe, Quarantined, [0091ef824a407eb8795a073e0bfb29d7], 

PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26312\ytdi_bf4fca0ff8_setup.exe, Quarantined, [0b86224f0882b97d9142c0858680ef11], 

PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26364\ytdi_bf4fca0ff8_setup.exe, Quarantined, [ccc53d34a1e9ce68dbf8430248bec937], 

PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26413\ytdi_bf4fca0ff8_setup.exe, Quarantined, [058c1a57187265d107cc0d38ad593ec2], 

PUP.Optional.SnapDo.A, C:\Windows\Installer\f93ef39.msi, Quarantined, [e4ada8c999f1ce68d8e81e96847dac54], 

PUP.Optional.SelectNGo.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [434e6110eb9f191dc6d655a7ab587a86], 

PUP.Optional.SelectNGo.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Quarantined, [f1a039389ded94a2fd9f26d60cf7e41c], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pcpehlgijbdajfafffojllcaecaecngb_0.localstorage, Delete-on-Reboot, [226f670a95f56bcbb6d9c144cc3841bf], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pcpehlgijbdajfafffojllcaecaecngb_0.localstorage-journal, Delete-on-Reboot, [bfd2353cdcaea5915d32927354b060a0], 

PUP.Optional.FreeSoftToday.A, C:\Users\Catherine\AppData\Local\fst_us_42\upfst_us_42.cyp, Quarantined, [f1a00869206a5ed87833a701cf34d32d], 

PUP.Optional.FreeSoftToday.A, C:\Users\Catherine\AppData\Local\fst_us_42\user_profil.cyp, Quarantined, [f1a00869206a5ed87833a701cf34d32d], 

PUP.Optional.FreeSoftToday.A, C:\Program Files (x86)\fst_us_42\unins000.dat, Quarantined, [96fba3ce28626bcb139906a26e957789], 

PUP.Optional.FreeSoftToday.A, C:\Program Files (x86)\fst_us_42\unins000.msg, Quarantined, [96fba3ce28626bcb139906a26e957789], 

PUP.Optional.DigitalMore.A, C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\temp, Quarantined, [e1b0a2cffd8dfa3c53c0a2223ec5e719], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\manifest.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\bg.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\buildVars, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\buildVars.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\companionSW.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\config.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\contentScript.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\contentScript.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\debug.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\debug.jade, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\extension_toolbar_api.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\initWidgetWindow.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\newTabContentScript.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\options.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent2.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent2.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spentJ.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spentK.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spentK.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\startup.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\stub.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\stubby.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\superFrame.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbar.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbar.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbarUI.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbarUI.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbarUI.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\url.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\adapter\adapterUtil.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\adapter\widget-adapter.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\alert\background\alertButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\background\FlareWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons\Thumbs.db, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\generic\background\GenericWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\link\background\linkButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\README.txt, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\background\menuButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\css\menuframe.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\html\menuframe.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\images\right_arrow.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\images\right_arrow_white.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\menuframe.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\query-string.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\rss\background\RssWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\weather\background\weatherButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\bs.30.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\common.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\dynamic.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\enableDetect.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\eventListening.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\global.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\list-interaction.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\messageEventListener.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\navRedirector.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\paramReplacer.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\PartnerId.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\set.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\underscore-1.5.2.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\unifiedLogging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widget-context-1.0.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\common.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\set.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\invalid.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\jquery.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\qunit.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\qunit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\resource.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\resource.xml, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\background\ApiBasedWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\background\widget-api-impl.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\widgetWindow.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\widgetWindow.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\background\updateSearch.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\css\movieReviews.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\html\movieReviews.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\js\movieReviews.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\background\RadioWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\css\toolbar-item.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\foreground\button.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\background\searchBox.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestions.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestions.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestions.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestionsInit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\css\supertab.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\html\supertab.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\newtabfork.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\reporting.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\srchsugg.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\supertab.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\unifiedLogging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\__utm.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\arrowSprite.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon128.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon16.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon19disabled.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon19on.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon48.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116621.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116625.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116640.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116644.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116653.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116675.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\down_arrow.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\magnifying_glass.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\RadioPlayerSprite.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\search_button.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\tvf_icon_guide.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\tvf_logo.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\wrench.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\chromeUtils.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\exeManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\exeManagerNMD.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\exePackageManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\focusManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\globalBlacklistManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\messaging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\mutation_summary-min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\mutation_summary.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\nativeMessagingDispatcher.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\newTabInfo.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\newTabInitialize.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\options.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\readLocalStorage.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\reservespacefortoolbar.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\reservespaceifenabled.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\scriptInjector.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\searchContext.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\settingsOverrides.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\toolbarCookieParser.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\toolbarPreinit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\URILoaderContentScript.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\Widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\widgetContentScriptInjectee.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\widgetFactory.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\widgetWindowManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\cache.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\ce.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\debug.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\ss.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs\jquery-1.9.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs\underscore-1.5.2.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\HttpURL.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\rsvp-latest.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\unifiedLogging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\universalConsole.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\utils.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\_metadata\verified_contents.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], 

PUP.Optional.KeyFind.A, C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\search.json, Good: (), Bad: (key-find), Replaced,[61306e030b7f6bcb69be52f5aa5c7a86]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Share this post


Link to post
Share on other sites
DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17728

Run by Catherine at 21:12:22 on 2015-04-27

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.2160 [GMT -6:00]

.

AV: Computer Security *Enabled/Updated* {0F70A6C4-76E4-6A3B-2695-519F428B1C20}

SP: Computer Security *Enabled/Updated* {B4114720-50DE-65B5-1C25-6AED390C569D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Charter Security Suite\fshoster32.exe

C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE

C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe

C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE

C:\Program Files (x86)\Charter Security Suite\fshoster32.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.




BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Browsing Protection: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN249395ND05V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1

mRun: [attcm_AppStart.exe] "C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" /splash

mRun: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: ecollege.com

Trusted Zone: kaplan.edu

Trusted Zone: kucourses.com



TCP: NameServer = 192.168.1.1

TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\8686F6E6F62737 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{ED4A0A7E-FDE4-40D9-8D6E-CC71C8D5EC16} : DHCPNameServer = 69.144.127.53 71.10.216.1 71.10.216.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Browsing Protection: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

x64-Run: [smartSoft PDF Printer Agent] "C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]

R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2015-1-7 56016]

R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2015-4-14 71080]

R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2015-1-7 13352]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-15 203776]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]

R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [2014-10-6 187432]

R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [2014-6-24 60456]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-4-27 1871160]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-4-27 1080120]

R2 SCWFPFilter;SCWFPFilter;C:\Windows\System32\drivers\WFPFilter.sys [2012-1-10 25552]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]

R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-6-24 317296]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-5 46136]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2015-1-7 208424]

R3 fsni;fsni;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys [2014-6-23 90152]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-4-27 25816]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-4-27 136408]

R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-4-27 63704]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-3-5 333416]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-5 406632]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-5 38528]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 AdminHelper.exe;AdminHelper.exe;C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe [2012-3-22 55728]

S3 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]

S3 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 265808]

S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2014-7-7 41032]

S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-7-25 32512]

S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-4-16 114688]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]

S3 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 swiwdmbus;Sierra Wireless USB Composite Bus;C:\Windows\System32\drivers\swiwdmbusx64.sys [2011-6-9 102656]

S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2011-6-9 240640]

S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2011-6-9 210944]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-19 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-10 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

S4 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2015-04-28 01:42:17 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2015-04-28 01:41:30 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

2015-04-28 01:41:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2015-04-28 01:41:30 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2015-04-28 01:41:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-28 01:28:00 -------- d-----w- C:\RegBackup

2015-04-16 19:45:54 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe

2015-04-06 01:26:31 -------- d-s---w- C:\Windows\SysWow64\GWX

2015-04-06 01:26:30 -------- d-s---w- C:\Windows\System32\GWX

.

==================== Find3M  ====================

.

2015-04-21 17:01:23 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2015-04-21 17:01:23 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll

2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll

2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll

2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll

2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll

2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe

2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll

2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2015-03-23 03:25:15 726528 ----a-w- C:\Windows\System32\generaltel.dll

2015-03-23 03:25:01 769536 ----a-w- C:\Windows\System32\invagent.dll

2015-03-23 03:24:56 419840 ----a-w- C:\Windows\System32\devinv.dll

2015-03-23 03:24:54 957952 ----a-w- C:\Windows\System32\appraiser.dll

2015-03-23 03:24:53 30720 ----a-w- C:\Windows\System32\acmigration.dll

2015-03-23 03:24:53 227328 ----a-w- C:\Windows\System32\aepdu.dll

2015-03-23 03:24:53 192000 ----a-w- C:\Windows\System32\aepic.dll

2015-03-23 03:17:39 1111552 ----a-w- C:\Windows\System32\aeinv.dll

2015-03-17 05:22:35 95672 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2015-03-17 05:22:35 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2015-03-17 05:19:37 1727904 ----a-w- C:\Windows\System32\ntdll.dll

2015-03-17 05:17:00 362496 ----a-w- C:\Windows\System32\wow64win.dll

2015-03-17 05:17:00 243712 ----a-w- C:\Windows\System32\wow64.dll

2015-03-17 05:17:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2015-03-17 05:15:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2015-03-17 05:15:44 338432 ----a-w- C:\Windows\System32\conhost.exe

2015-03-17 05:15:40 64000 ----a-w- C:\Windows\System32\auditpol.exe

2015-03-17 05:13:29 60416 ----a-w- C:\Windows\System32\msobjs.dll

2015-03-17 05:13:17 146432 ----a-w- C:\Windows\System32\msaudite.dll

2015-03-17 05:01:09 3976632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2015-03-17 05:01:09 3920824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2015-03-17 04:59:26 1309696 ----a-w- C:\Windows\SysWow64\ntdll.dll

2015-03-17 04:57:25 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll

2015-03-17 04:57:21 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll

2015-03-17 04:57:20 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2015-03-17 04:57:17 248832 ----a-w- C:\Windows\SysWow64\schannel.dll

2015-03-17 04:57:17 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2015-03-17 04:57:13 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2015-03-17 04:57:12 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2015-03-17 04:57:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2015-03-17 04:57:07 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll

2015-03-17 04:56:59 17408 ----a-w- C:\Windows\SysWow64\credssp.dll

2015-03-17 04:56:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2015-03-17 04:56:41 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2015-03-17 04:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe

2015-03-17 04:56:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2015-03-17 04:56:01 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2015-03-17 04:56:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2015-03-17 04:53:35 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll

2015-03-17 04:53:13 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll

2015-03-17 03:45:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2015-03-17 03:45:23 2048 ----a-w- C:\Windows\SysWow64\user.exe

2015-03-17 03:43:04 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2015-03-17 03:43:04 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2015-03-17 03:43:04 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2015-03-17 03:43:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2015-03-13 04:25:14 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2015-03-13 04:25:01 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2015-03-13 04:09:12 66560 ----a-w- C:\Windows\System32\iesetup.dll

2015-03-13 04:08:33 584192 ----a-w- C:\Windows\System32\vbscript.dll

2015-03-13 04:08:27 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2015-03-13 04:08:17 417280 ----a-w- C:\Windows\System32\html.iec

2015-03-13 04:06:54 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll

2015-03-13 03:54:11 144384 ----a-w- C:\Windows\System32\ieUnatt.exe

2015-03-13 03:54:00 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe

2015-03-13 03:53:22 814080 ----a-w- C:\Windows\System32\jscript9diag.dll

2015-03-13 03:50:45 6025216 ----a-w- C:\Windows\System32\jscript9.dll

2015-03-13 03:44:48 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2015-03-13 03:42:18 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2015-03-13 03:32:48 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2015-03-13 03:28:48 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll

2015-03-13 03:28:37 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll

2015-03-13 03:27:51 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2015-03-13 03:27:35 340992 ----a-w- C:\Windows\SysWow64\html.iec

2015-03-13 03:26:19 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll

2015-03-13 03:16:26 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2015-03-13 03:15:40 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2015-03-13 03:05:50 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll

2015-03-13 03:05:24 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl

2015-03-13 03:01:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2015-03-13 02:49:21 4305408 ----a-w- C:\Windows\SysWow64\jscript9.dll

2015-03-13 02:45:57 2358784 ----a-w- C:\Windows\System32\wininet.dll

2015-03-13 02:43:41 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2015-03-13 02:42:47 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

2015-03-13 02:20:28 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll

2015-03-10 03:25:10 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2015-03-10 03:21:42 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2015-03-10 03:08:26 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll

2015-03-10 03:05:39 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2015-03-05 05:12:33 404480 ----a-w- C:\Windows\System32\gdi32.dll

2015-03-05 04:05:06 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2015-03-04 04:55:13 367552 ----a-w- C:\Windows\System32\clfs.sys

2015-03-04 04:41:27 79360 ----a-w- C:\Windows\System32\clfsw32.dll

2015-03-04 04:10:54 58880 ----a-w- C:\Windows\SysWow64\clfsw32.dll

2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys

2015-02-25 03:18:01 754688 ----a-w- C:\Windows\System32\drivers\http.sys

2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll

2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll

2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll

.

============= FINISH: 21:13:40.76 ===============

Share this post


Link to post
Share on other sites
.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 6/9/2011 2:21:45 AM

System Uptime: 4/27/2015 8:26:22 PM (1 hours ago)

.

Motherboard: Hewlett-Packard |  | 1697

Processor: AMD Athlon II P360 Dual-Core Processor | Socket S1G4 | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 206.706 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 1.873 GiB free.

E: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP428: 3/8/2015 2:16:31 PM - Scheduled Checkpoint

RP429: 3/12/2015 5:30:46 AM - Windows Update

RP430: 4/5/2015 7:25:09 PM - Windows Update

RP431: 4/7/2015 9:52:58 AM - F-Secure malware removal

RP433: 4/20/2015 9:19:28 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 17 ActiveX

Adobe Flash Player 17 NPAPI

AMD Fuel

ATI Catalyst Install Manager

ccc-utility64

Charter Security Suite

Computer Security 14.121.102.0 (release)

F-Secure CCF Reputation

F-Secure CCF Scanning 1.51.112.309 (release)

F-Secure Network CCF 1.03.102

F-Secure SafeSearch 1.03.159.0 (release)

Google Chrome

Google Update Helper

HP Auto

HP Client Services

HP Photosmart 5510 series Basic Device Software

HP Photosmart 5510 series Product Improvement Study

HP Update

HP Wireless Assistant

Malwarebytes Anti-Malware version 2.1.6.1022

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft PowerPoint Viewer

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Online Safety 2.115.2786.1676

Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)

Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)

Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)

Smart PDF Creator Pro 6.3.0.467

Synaptics Pointing Device Driver

Update Installer for WildTangent Games App

Windows Live ID Sign-in Assistant

Windows Live Language Selector

Windows Live MIME IFilter

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

WMV9/VC-1 Video Playback

.

==== Event Viewer Messages From Past Week ========

.

4/27/2015 8:26:15 AM, Error: Service Control Manager [7000]  - The Update Mgr DigitalMore service failed to start due to the following error:  The system cannot find the file specified.

4/27/2015 7:36:38 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003]  - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll

4/27/2015 7:30:27 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error:  An instance of the service is already running.

4/27/2015 7:29:59 PM, Error: Service Control Manager [7031]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

4/27/2015 7:29:58 PM, Error: Service Control Manager [7034]  - The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:29:57 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/27/2015 7:29:34 PM, Error: Service Control Manager [7034]  - The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:29:33 PM, Error: Service Control Manager [7034]  - The HP Wireless Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:29:32 PM, Error: Service Control Manager [7031]  - The F-Secure Dll Hoster service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

4/27/2015 7:29:30 PM, Error: Service Control Manager [7034]  - The Sierra Wireless Card Detection Service service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:29:30 PM, Error: Service Control Manager [7034]  - The Application Virtualization Service Agent service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:29:10 PM, Error: Service Control Manager [7034]  - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:29:10 PM, Error: Service Control Manager [7031]  - The F-Secure ORSP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

4/27/2015 7:29:10 PM, Error: Service Control Manager [7031]  - The F-Secure Dll Hoster service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

4/27/2015 7:29:09 PM, Error: Service Control Manager [7034]  - The Audio Service service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:29:09 PM, Error: Service Control Manager [7034]  - The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:29:09 PM, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:29:09 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/27/2015 7:17:48 PM, Error: Service Control Manager [7034]  - The FSMA service terminated unexpectedly.  It has done this 2 time(s).

4/27/2015 7:17:48 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/27/2015 7:17:48 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/27/2015 7:17:48 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

4/27/2015 7:17:48 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/27/2015 7:17:48 PM, Error: Service Control Manager [7031]  - The F-Secure ORSP Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

4/27/2015 7:17:05 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.

4/27/2015 7:16:36 PM, Error: Service Control Manager [7034]  - The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:16:35 PM, Error: Service Control Manager [7034]  - The FSMA service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:16:35 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/27/2015 7:16:34 PM, Error: Service Control Manager [7034]  - The Reimage Real Time Protector service terminated unexpectedly.  It has done this 1 time(s).

4/27/2015 7:16:34 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites
OTL logfile created on: 4/27/2015 9:20:49 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Catherine\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17728)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.80% Memory free

7.49 Gb Paging File | 5.06 Gb Available in Paging File | 67.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 282.82 Gb Total Space | 206.71 Gb Free Space | 73.09% Space Free | Partition Type: NTFS

Drive D: | 14.98 Gb Total Space | 1.87 Gb Free Space | 12.51% Space Free | Partition Type: NTFS

Drive E: | 3.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

 

Computer Name: CATHERINE-HP | User Name: Catherine | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2015/04/27 21:17:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Downloads\OTL.scr

PRC - [2015/04/14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2015/04/14 09:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2015/04/14 09:36:20 | 006,212,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2015/04/14 08:36:32 | 001,263,144 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe

PRC - [2015/04/14 08:36:29 | 000,690,216 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe

PRC - [2015/03/09 08:31:56 | 000,060,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe

PRC - [2014/10/06 16:07:08 | 000,187,432 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe

PRC - [2014/09/18 04:29:04 | 000,310,312 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE

PRC - [2014/09/18 04:29:04 | 000,216,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE

PRC - [2014/07/15 03:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2012/03/22 15:18:30 | 000,219,056 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe

PRC - [2011/12/12 16:53:22 | 000,052,952 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe

PRC - [2010/12/11 01:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2015/02/04 11:12:58 | 000,592,936 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll

MOD - [2014/09/18 04:28:54 | 000,056,360 | ---- | M] () -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\FSGUI\fsavures.eng

MOD - [2014/07/15 03:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll

MOD - [2014/07/15 03:24:46 | 014,664,008 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

MOD - [2014/07/15 03:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll

MOD - [2014/07/15 03:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll

MOD - [2014/07/15 03:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll

MOD - [2014/07/15 03:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

MOD - [2012/03/22 15:18:36 | 001,049,320 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll

MOD - [2012/03/22 15:18:36 | 000,727,784 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll

MOD - [2012/03/22 15:18:36 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin

MOD - [2012/03/22 15:18:36 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin

MOD - [2012/03/22 15:18:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin

MOD - [2012/03/22 15:18:36 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin

MOD - [2012/03/22 15:18:36 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin

MOD - [2012/03/22 15:18:34 | 000,892,136 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\UIToolkit.dll

MOD - [2012/03/22 15:18:34 | 000,629,480 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Toolkit.dll

MOD - [2012/03/22 15:18:34 | 000,399,080 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\WebClient.dll

MOD - [2012/03/22 15:18:34 | 000,123,112 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\System.dll

MOD - [2012/03/22 15:18:32 | 000,148,712 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\pcre3.dll

MOD - [2012/03/22 15:18:32 | 000,061,160 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DriveDetector.dll

MOD - [2012/03/22 15:18:32 | 000,051,432 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Preferences.dll

MOD - [2012/03/22 15:18:30 | 000,376,040 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Device.dll

MOD - [2012/03/22 15:18:30 | 000,249,064 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DB.dll

MOD - [2012/03/22 15:18:30 | 000,219,056 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe

MOD - [2012/03/22 15:18:30 | 000,132,840 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Discovery.dll

MOD - [2012/03/22 15:18:30 | 000,099,560 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ComCore.dll

MOD - [2011/12/12 16:53:22 | 000,052,952 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe

MOD - [2010/11/22 16:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2010/11/22 16:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010/11/22 16:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2015/04/21 11:01:24 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2015/04/14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2015/04/14 09:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2015/04/08 15:24:27 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2015/03/09 08:31:56 | 000,060,456 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)

SRV - [2014/10/06 16:07:08 | 000,187,432 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe -- (fshoster)

SRV - [2014/09/18 04:29:04 | 000,216,104 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)

SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2013/03/25 09:20:50 | 000,520,360 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)

SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/03/22 15:18:30 | 000,055,728 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)

SRV - [2011/06/24 11:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)

SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2015/04/16 09:21:25 | 000,090,152 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys -- (fsni)

DRV - [2015/04/14 08:36:32 | 000,071,080 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)

DRV - [2015/02/24 15:42:35 | 000,208,424 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)

DRV - [2014/09/18 04:29:02 | 000,013,352 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U150&ocid=U150DHP

IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 01 37 90 CE 66 CE 01  [binary data]

IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\{5239903F-EA48-456A-A1F8-0E737E1E7093}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131148,20028,0,71,0

IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\Yahoo: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iwin

IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..CT3239904.browser.search.defaultthis.engineName: true

FF - prefs.js..CT3286042.browser.search.defaultthis.engineName: "true"

FF - prefs.js..CT3289663.browser.search.defaultthis.engineName: "true"

FF - prefs.js..CT3289847.browser.search.defaultthis.engineName: "true"

FF - prefs.js..CT3298570.browser.search.defaultthis.engineName: "true"

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.order.1: "Ask Search"

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: pluswinks%40PlusWinks:3.0.0.0

FF - prefs.js..extensions.enabledAddons: msntoolbar%40msn.com:6.0

FF - prefs.js..extensions.enabledAddons: 0c822a17-a68f-4066-9257-d229458d21ca%409c178d17-dc61-4aaf-b2da-1425ac7300ac.com:0.95.145

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0

FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={3740200A-D7A6-4D90-A4DF-EBE0BB8308AF}&Version=3.6.5&Vintage=20120416&Defaultbrowserid=28&Productid=157&Vendorid=4880&Offerid=6894&searchterm="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/05 09:02:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/05 09:02:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/31 09:27:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/31 09:27:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{66f888e9-4011-4d6d-8e71-876089e7c956}: C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2015/02/04 11:21:46 | 000,000,000 | ---D | M]

 

[2013/06/04 16:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions

[2015/04/27 19:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\extensions

[2013/06/03 07:25:35 | 000,001,793 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\searchplugins\Bing.xml

[2011/03/05 09:02:23 | 000,000,000 | ---D | M] (Bing Bar) -- C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX

File not found (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3DKT76NV.DEFAULT\EXTENSIONS\[email protected]78D17-DC61-4AAF-B2DA-1425AC7300AC.COM

File not found (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3DKT76NV.DEFAULT\EXTENSIONS\[email protected]

[2013/03/31 09:26:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

 

========== Chrome  ==========

 

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\

CHR - Extension: Google Drive = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: YouTube = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\

CHR - Extension: Google Search = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\

CHR - Extension: RealDownloader = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\

CHR - Extension: Google Wallet = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\

CHR - Extension: Gmail = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

 

O1 HOSTS File: ([2014/07/26 09:26:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Browsing Protection) - {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()

O4 - HKLM..\Run: [F-Secure Hoster (42626)] C:\Program Files (x86)\Charter Security Suite\fshoster32.exe (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: ecollege.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: kaplan.edu ([]* in Trusted sites)

O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: kucourses.com ([]* in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED4A0A7E-FDE4-40D9-8D6E-CC71C8D5EC16}: DhcpNameServer = 69.144.127.53 71.10.216.1 71.10.216.2

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2015/04/27 19:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2015/04/27 19:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2015/04/27 19:28:00 | 000,000,000 | ---D | C] -- C:\RegBackup

[2015/04/16 13:46:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll

[2015/04/16 13:46:30 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll

[2015/04/16 13:46:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe

[2015/04/16 13:46:30 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll

[2015/04/16 13:46:29 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll

[2015/04/16 13:46:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2015/04/16 13:45:50 | 003,920,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2015/04/16 13:45:49 | 003,976,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2015/04/16 13:45:47 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe

[2015/04/16 13:45:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2015/04/16 13:45:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2015/04/16 13:45:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2015/04/16 13:45:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2015/04/16 13:45:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2015/04/16 13:45:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2015/04/16 13:45:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2015/04/16 13:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2015/04/16 13:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2015/04/16 13:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2015/04/16 13:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2015/04/16 13:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2015/04/16 13:45:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2015/04/16 13:45:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2015/04/16 13:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2015/04/16 13:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2015/04/16 13:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2015/04/16 13:45:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2015/04/16 13:45:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2015/04/16 13:45:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2015/04/16 13:45:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2015/04/16 13:45:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2015/04/16 13:45:42 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll

[2015/04/16 13:45:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2015/04/16 13:45:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2015/04/16 13:45:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2015/04/16 13:45:40 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll

[2015/04/16 13:45:39 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll

[2015/04/16 13:45:06 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2015/04/16 13:45:06 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2015/04/16 13:45:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2015/04/16 13:45:05 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll

[2015/04/16 13:45:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2015/04/16 13:44:59 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2015/04/16 13:44:59 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2015/04/16 13:44:58 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2015/04/16 13:44:57 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2015/04/16 13:44:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2015/04/16 13:44:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2015/04/16 13:44:52 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2015/04/16 13:44:51 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2015/04/16 13:44:51 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2015/04/16 13:44:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll

[2015/04/05 19:26:31 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX

 

========== Files - Modified Within 30 Days ==========

 

[2015/04/27 21:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2015/04/27 21:01:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job

[2015/04/27 20:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2015/04/27 20:50:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2015/04/27 20:27:24 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus Startup.job

[2015/04/27 20:27:24 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3 Startup Task.job

[2015/04/27 20:27:20 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2015/04/27 20:26:36 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys

[2015/04/27 19:41:40 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2015/04/27 19:28:07 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-CATHERINE-HP-Windows-7-Home-Premium-(64-bit).dat

[2015/04/27 19:19:25 | 000,000,653 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_409E1657-ED37-11E4-B47E-64315086D795.job

[2015/04/27 14:06:12 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCATHERINE-HP$.job

[2015/04/22 11:01:03 | 000,033,799 | ---- | M] () -- C:\Users\Catherine\Desktop\John Conquer Root.rtf

[2015/04/22 09:32:35 | 000,001,191 | ---- | M] () -- C:\Users\Catherine\Desktop\DOB15B81 Handouts - Shortcut.lnk

[2015/04/22 09:32:04 | 000,001,273 | ---- | M] () -- C:\Users\Catherine\Desktop\Commonly Abused Drugs - Shortcut.lnk

[2015/04/22 09:31:51 | 000,001,354 | ---- | M] () -- C:\Users\Catherine\Desktop\Drugs in the Detention Setting - Shortcut.lnk

[2015/04/22 09:31:15 | 000,001,192 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions - Shortcut.lnk

[2015/04/22 09:31:09 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions (3) - Shortcut.lnk

[2015/04/22 09:31:03 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions (2) - Shortcut.lnk

[2015/04/22 09:30:56 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions (1) - Shortcut.lnk

[2015/04/22 09:29:21 | 000,001,489 | ---- | M] () -- C:\Users\Catherine\Desktop\Occupational Exposure to Bloodborne Pathogens - Shortcut.lnk

[2015/04/22 09:29:13 | 000,001,255 | ---- | M] () -- C:\Users\Catherine\Desktop\LEApplicationPacket - Shortcut.lnk

[2015/04/22 09:29:01 | 000,001,399 | ---- | M] () -- C:\Users\Catherine\Desktop\PHYSICAL TRAINING VERIFICATION FORM - Shortcut.lnk

[2015/04/22 09:28:53 | 000,001,273 | ---- | M] () -- C:\Users\Catherine\Desktop\PRACTICAL ORIENTATION - Shortcut.lnk

[2015/04/22 09:27:33 | 000,001,291 | ---- | M] () -- C:\Users\Catherine\Desktop\Wyo Criminal Procedures - Shortcut.lnk

[2015/04/22 09:27:08 | 000,001,284 | ---- | M] () -- C:\Users\Catherine\Desktop\StudentCorr - Shortcut.lnk

[2015/04/22 09:26:20 | 000,001,156 | ---- | M] () -- C:\Users\Catherine\Desktop\Overview - Shortcut.lnk

[2015/04/22 09:25:31 | 000,001,273 | ---- | M] () -- C:\Users\Catherine\Desktop\Report Writing IL 4-b - Shortcut.lnk

[2015/04/22 09:25:17 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\PHYSICAL FITNESS - Shortcut.lnk

[2015/04/22 09:18:36 | 000,060,188 | ---- | M] () -- C:\Users\Catherine\Desktop\Completion Dates for Students (P).pdf

[2015/04/22 09:17:41 | 000,563,379 | ---- | M] () -- C:\Users\Catherine\Desktop\DOB Instructional Objectives (P).pdf

[2015/04/22 09:17:08 | 000,282,966 | ---- | M] () -- C:\Users\Catherine\Desktop\Information Guide.pdf

[2015/04/21 11:01:23 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2015/04/21 11:01:23 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2015/04/20 09:47:10 | 000,793,542 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2015/04/13 07:40:50 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCatherine.job

[2015/04/11 20:57:31 | 065,955,922 | ---- | M] () -- C:\Users\Catherine\Desktop\4-cycle-fat-loss-solution.zip

 

========== Files Created - No Company Name ==========

 

[2015/04/27 19:41:40 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2015/04/27 19:28:07 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CATHERINE-HP-Windows-7-Home-Premium-(64-bit).dat

[2015/04/27 17:43:54 | 000,000,606 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus Startup.job

[2015/04/27 17:43:50 | 000,000,653 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_409E1657-ED37-11E4-B47E-64315086D795.job

[2015/04/22 10:57:58 | 000,033,799 | ---- | C] () -- C:\Users\Catherine\Desktop\John Conquer Root.rtf

[2015/04/22 09:32:35 | 000,001,191 | ---- | C] () -- C:\Users\Catherine\Desktop\DOB15B81 Handouts - Shortcut.lnk

[2015/04/22 09:32:04 | 000,001,273 | ---- | C] () -- C:\Users\Catherine\Desktop\Commonly Abused Drugs - Shortcut.lnk

[2015/04/22 09:31:51 | 000,001,354 | ---- | C] () -- C:\Users\Catherine\Desktop\Drugs in the Detention Setting - Shortcut.lnk

[2015/04/22 09:31:15 | 000,001,192 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions - Shortcut.lnk

[2015/04/22 09:31:09 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions (3) - Shortcut.lnk

[2015/04/22 09:31:03 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions (2) - Shortcut.lnk

[2015/04/22 09:30:56 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions (1) - Shortcut.lnk

[2015/04/22 09:29:21 | 000,001,489 | ---- | C] () -- C:\Users\Catherine\Desktop\Occupational Exposure to Bloodborne Pathogens - Shortcut.lnk

[2015/04/22 09:29:13 | 000,001,255 | ---- | C] () -- C:\Users\Catherine\Desktop\LEApplicationPacket - Shortcut.lnk

[2015/04/22 09:29:01 | 000,001,399 | ---- | C] () -- C:\Users\Catherine\Desktop\PHYSICAL TRAINING VERIFICATION FORM - Shortcut.lnk

[2015/04/22 09:28:53 | 000,001,273 | ---- | C] () -- C:\Users\Catherine\Desktop\PRACTICAL ORIENTATION - Shortcut.lnk

[2015/04/22 09:27:33 | 000,001,291 | ---- | C] () -- C:\Users\Catherine\Desktop\Wyo Criminal Procedures - Shortcut.lnk

[2015/04/22 09:27:08 | 000,001,284 | ---- | C] () -- C:\Users\Catherine\Desktop\StudentCorr - Shortcut.lnk

[2015/04/22 09:26:20 | 000,001,156 | ---- | C] () -- C:\Users\Catherine\Desktop\Overview - Shortcut.lnk

[2015/04/22 09:25:31 | 000,001,273 | ---- | C] () -- C:\Users\Catherine\Desktop\Report Writing IL 4-b - Shortcut.lnk

[2015/04/22 09:25:17 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\PHYSICAL FITNESS - Shortcut.lnk

[2015/04/22 09:18:36 | 000,060,188 | ---- | C] () -- C:\Users\Catherine\Desktop\Completion Dates for Students (P).pdf

[2015/04/22 09:17:40 | 000,563,379 | ---- | C] () -- C:\Users\Catherine\Desktop\DOB Instructional Objectives (P).pdf

[2015/04/22 09:17:08 | 000,282,966 | ---- | C] () -- C:\Users\Catherine\Desktop\Information Guide.pdf

[2015/04/16 13:45:06 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2015/04/11 20:56:52 | 065,955,922 | ---- | C] () -- C:\Users\Catherine\Desktop\4-cycle-fat-loss-solution.zip

[2015/02/15 20:29:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2015/01/07 17:30:46 | 000,020,513 | ---- | C] () -- C:\Windows\prodsett_copy.ini

[2014/08/22 11:26:11 | 000,004,124 | ---- | C] () -- C:\Users\Catherine\.swfinfo

[2013/06/11 10:24:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/06/11 10:24:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/06/11 10:24:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/06/11 10:24:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/06/11 10:24:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/05/08 19:50:17 | 000,000,258 | RHS- | C] () -- C:\Users\Catherine\ntuser.pol

[2012/09/04 17:37:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

 

========== ZeroAccess Check ==========

 

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 23:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 23:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2011/11/09 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Artogon

[2011/09/22 23:48:56 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Big Finish

[2011/06/15 11:30:09 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Blio

[2011/09/19 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\CursedOnboard

[2012/03/16 20:51:37 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\enchant

[2014/04/21 15:13:35 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\EuroTrade A.L. Ltd

[2012/04/11 16:40:53 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Floodlight Games

[2012/04/16 20:48:14 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\GameMill Entertainment

[2012/04/16 18:29:57 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\HdO Adventure

[2011/09/11 21:00:22 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\iWing

[2013/06/11 12:01:04 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Oberon Media

[2014/04/21 15:23:36 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Opera Software

[2011/06/09 02:39:05 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\PictureMover

[2013/05/13 10:09:48 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\player

[2011/06/09 02:39:12 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Sierra Wireless

[2012/03/09 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Smart PDF Creator Pro

[2015/02/02 13:46:34 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\SmartSoftOCRHelper

[2013/07/08 12:23:05 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\SoftGrid Client

[2012/05/26 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\SpinTop Games

[2011/06/09 02:37:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Synaptics

[2012/04/12 20:25:16 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TitanicMystery

[2012/04/17 19:47:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Top Evidence

[2011/07/28 23:30:28 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TP

[2013/06/11 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TweakNow RegCleaner 2012

[2012/03/14 20:28:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\VisualShape

[2013/04/18 11:17:24 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WildTangent

[2011/09/19 17:17:40 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WildTangentv1002

[2012/03/01 20:23:33 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Windows Live Writer

[2012/10/31 09:23:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PictureMover

[2012/10/31 09:22:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics

[2011/11/13 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PictureMover

[2011/11/13 11:48:10 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Synaptics

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:4EE95FE7

@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:30C74695

@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:A2A602F0

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:94BD36A2

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D346F792

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9F38BF31

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C7A094AF

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:63ABD638

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:25FF8A61

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4E0D1F1

@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447

@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DA84DA4A

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:943FEF5D

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:EC2C753C

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:62D72D41

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E4E83517

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD

 

< End of report >

Share this post


Link to post
Share on other sites
OTL Extras logfile created on: 4/27/2015 9:20:49 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Catherine\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17728)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.80% Memory free

7.49 Gb Paging File | 5.06 Gb Available in Paging File | 67.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 282.82 Gb Total Space | 206.71 Gb Free Space | 73.09% Space Free | Partition Type: NTFS

Drive D: | 14.98 Gb Total Space | 1.87 Gb Free Space | 12.51% Space Free | Partition Type: NTFS

Drive E: | 3.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

 

Computer Name: CATHERINE-HP | User Name: Catherine | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{212F01E6-CD8D-497C-B3A0-CB5B9DABC2F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

"{26227169-1D10-4AE2-9F7C-451BDFF48511}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 

"{373A58E8-C1BB-47D7-8986-91CF37972AD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{3BF99E4F-015B-4EE2-8146-92B3730F28BF}" = rport=445 | protocol=6 | dir=out | app=system | 

"{4495A9D7-E86C-4723-9CBE-7F294450CCA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{5709672E-1CC6-4FAD-9768-51D4B8EEF4F2}" = rport=138 | protocol=17 | dir=out | app=system | 

"{5D0F8DE0-5465-4E98-9E24-C6D50D992A2B}" = lport=138 | protocol=17 | dir=in | app=system | 

"{5FE85E43-A246-482E-846C-A9B67A6BCDE7}" = lport=139 | protocol=6 | dir=in | app=system | 

"{6D9EBBDB-CCD1-4F55-976F-A98A7E231428}" = lport=445 | protocol=6 | dir=in | app=system | 

"{761F8376-220A-42F6-B8FD-3CF0D5F444EB}" = rport=139 | protocol=6 | dir=out | app=system | 

"{8B863AA4-1253-4BDA-8042-EDAAF4ED9EA6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{8D068EBF-2C5F-49BD-A53E-EFA6800A9CC1}" = lport=137 | protocol=17 | dir=in | app=system | 

"{ACFF1D29-6DF8-465B-8112-6AB2786C761B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 

"{B1129A83-15F0-43CF-8877-A02D26B432C0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{CE52B5B1-276D-4A90-A54E-228A789E0E9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D17FCD55-D283-493A-B664-E5C74197E343}" = rport=137 | protocol=17 | dir=out | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0023F4AC-9C35-44E3-8A60-4C3EFE56E6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{0B097130-8F73-48BC-A08F-4CCE3280C6E2}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe | 

"{0BBFE853-993F-4DC0-B0DB-0D70ED32D6BE}" = protocol=58 | dir=out | [email protected],-28546 | 

"{1C08DEF9-9602-4609-8984-602EA93BEA40}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe | 

"{1DD0D249-EFDF-47B2-AE22-8A0B9E307A38}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{2ADD8651-C2AC-4541-9AC0-2236417C04C9}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe | 

"{36A89647-696F-4B72-8F38-BB690BA04CB4}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 

"{3729B70A-544C-47B9-9076-28BE8FDB045D}" = protocol=58 | dir=in | [email protected],-28545 | 

"{44AE4932-A859-4F9F-9742-345C8DD2767E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{53CA439B-33E0-474B-8D29-031E9039FFA4}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe | 

"{7A281551-6A8D-499E-8E56-6A65B9B7CA89}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | 

"{7C60CEBE-44AE-442A-B883-EE68F6EFED10}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{87148635-2069-4492-8C92-8FE862FE1D31}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe | 

"{929D2BB5-9BDD-4560-A6DF-8D5DA298E00C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{A432C1F1-CA65-409E-8007-A090F53C8F06}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 

"{ABA3E82F-1B24-4B86-B03F-BEA5311F8EB9}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | 

"{D0F9D0B6-50A4-4B9C-BD68-DD57205A6D76}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 

"{D3E0E7C4-49D4-4C0B-9DA9-F17BD5E8BB8C}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 

"{E40D21BF-A931-45B6-B48E-131F5A396E29}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe | 

"{E606A195-08AB-458C-9496-1A554FA277D0}" = protocol=1 | dir=in | [email protected],-28543 | 

"{F49CE8AC-82C8-42E8-AD45-F4F7ED211C1D}" = protocol=1 | dir=out | [email protected],-28544 | 

"TCP Query User{3D9742ED-FA38-44C5-A4AB-3A3A7F6B89F3}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 

"UDP Query User{27B362CA-AB8B-4796-AE5B-ADBA9D05DF39}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{53BA6504-F1CE-4604-970A-082021D39784}" = F-Secure CCF Scanning 1.51.112.309 (release)

"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 14.121.102.0 (release)

"{6C7CA47E-11FC-4309-B602-12571A9BDD5B}" = Charter Security Suite

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update

"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{B50345AE-60D0-48D7-AFD2-F0B1A07F2294}" = F-Secure SafeSearch 1.03.159.0 (release)

"{D6D865A5-2703-4B26-A0AA-30B29C0696BC}" = Online Safety 2.115.2786.1676

"{EFE33E35-9B0B-4CF9-AF8C-CBE93BB8E6FF}" = F-Secure Network CCF 1.03.102

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX

"Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI

"F-Secure ServiceEnabler 42626" = Charter Security Suite

"Google Chrome" = Google Chrome

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.6.1022

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 4/27/2015 9:08:59 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure DeepGuard | ID = 103

Description = 21  2015-04-27  19:08:58-06:00  CATHERINE-HP  SYSTEM  F-Secure DeepGuard

 

 Application was blocked. This was determined to be a high-risk application by system

 control heuristics.   Application path: \\?\c:\program files\reimage\reimage protector\reiguard.exe

 

 File hash: d58870535ebc629fcbd1122d929d851cf1804e7f  

 

Error - 4/27/2015 9:29:31 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 1  2015-04-27  19:29:31-06:00  CATHERINE-HP  Catherine-HP\Catherine

  F-Secure Anti-Virus   Crash detected.    \Device\HarddiskVolume2\Windows\Tasks\GoogleUpdateTaskMachineCore.job

 

 

Error - 4/27/2015 9:56:59 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 1  2015-04-27  19:56:59-06:00  CATHERINE-HP  Catherine-HP\Catherine

  F-Secure Anti-Virus   Spyware detected:    Type: riskware    Family:     Name: Gen:Variant.Application.Bundler

    Object: C:\Users\Catherine\Downloads\Java(2).exe     

 

Error - 4/27/2015 9:57:19 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 2  2015-04-27  19:57:19-06:00  CATHERINE-HP  Catherine-HP\Catherine

  F-Secure Anti-Virus   Spyware detected:    Type: riskware    Family:     Name: Gen:Variant.Application.Bundler

    Object: C:\Users\Catherine\Downloads\Flash_Setup.exe     

 

Error - 4/27/2015 9:57:43 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 3  2015-04-27  19:57:43-06:00  CATHERINE-HP  Catherine-HP\Catherine

  F-Secure Anti-Virus   Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26263\ytdi_bf4fca0ff8_setup.exe.

    Infection: Trojan.GenericKD.2079214    Action: The file was quarantined.     

 

Error - 4/27/2015 9:57:44 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 4  2015-04-27  19:57:44-06:00  CATHERINE-HP  Catherine-HP\Catherine

  F-Secure Anti-Virus   Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26312\ytdi_bf4fca0ff8_setup.exe.

    Infection: Trojan.GenericKD.2079214    Action: The file was quarantined.     

 

Error - 4/27/2015 9:57:44 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 5  2015-04-27  19:57:44-06:00  CATHERINE-HP  Catherine-HP\Catherine

  F-Secure Anti-Virus   Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26364\ytdi_bf4fca0ff8_setup.exe.

    Infection: Trojan.GenericKD.2079214    Action: The file was quarantined.     

 

Error - 4/27/2015 9:57:45 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 6  2015-04-27  19:57:45-06:00  CATHERINE-HP  Catherine-HP\Catherine

  F-Secure Anti-Virus   Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26413\ytdi_bf4fca0ff8_setup.exe.

    Infection: Trojan.GenericKD.2079214    Action: The file was quarantined.     

 

Error - 4/27/2015 10:24:52 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 7  2015-04-27  20:24:52-06:00  CATHERINE-HP  Catherine-HP\Catherine

  F-Secure Anti-Virus   Spyware detected:    Type: riskware    Family:     Name: Gen:Variant.Application.Bundler

    Object: C:\Users\Catherine\Downloads\Flash_Setup.exe     

 

Error - 4/27/2015 10:25:16 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 8  2015-04-27  20:25:16-06:00  CATHERINE-HP  Catherine-HP\Catherine

  F-Secure Anti-Virus   Spyware detected:    Type: riskware    Family:     Name: Gen:Variant.Application.Bundler

    Object: C:\Users\Catherine\Downloads\Flash_Setup.exe     

 

[ Hewlett-Packard Events ]

Error - 1/21/2012 7:01:01 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011221040051.xml

 File not created by asset agent

 

Error - 4/27/2012 5:44:19 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0

Description = 

 

Error - 7/20/2012 4:44:08 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071220024400.xml

 File not created by asset agent

 

Error - 9/15/2012 9:24:19 AM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091215072411.xml

 File not created by asset agent

 

Error - 3/29/2013 12:07:01 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031329100653.xml

 File not created by asset agent

 

Error - 4/26/2013 8:23:56 PM | Computer Name = Catherine-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program

 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3834

Ram

 Utilization: 50  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 

 

[ HP Software Framework Events ]

Error - 11/14/2013 6:26:33 PM | Computer Name = Catherine-HP | Source = hpqWmiEx | ID = 5

Description = 2013/11/14 15:26:33.801|000015E0|Error      |ChpqWmiExModule::Start|The

 hpqwmiex service failed to start (1063).  A system restart may correct this problem.

 

[ HP Wireless Assistant Events ]

Error - 8/7/2013 12:33:46 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException     at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     at System.Management.ManagementObject.Initialize(Boolean

 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String

 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 5/24/2014 6:41:33 AM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

 message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    at

 System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

 IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object 

o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObjectSearcher.Initialize()

 

   at System.Management.ManagementObjectSearcher.Get()     at HPPA_Service.CurrentConfiguration.FindDevice(String

 hostPath, String portName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware

 radio)     at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

 

   at HPPA_Service.CurrentConfiguration.ReloadRadioList()

 

Error - 7/9/2014 7:12:54 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

 message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    at

 System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

 IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object 

o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObjectSearcher.Initialize()

 

   at System.Management.ManagementObjectSearcher.Get()     at HPPA_Service.CurrentConfiguration.FindDevice(String

 hostPath, String portName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware

 radio)     at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

 

   at HPPA_Service.CurrentConfiguration.ReloadRadioList()

 

Error - 7/19/2014 5:53:43 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

 message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    at

 System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

 IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object 

o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean

 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String

 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 8/23/2014 5:15:19 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

 message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    at

 System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

 IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object 

o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean

 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String

 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 9/6/2014 5:15:35 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

 message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    at

 System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

 IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object 

o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean

 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String

 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 9/17/2014 6:08:46 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException     at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     at System.Management.ManagementObject.Initialize(Boolean

 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String

 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 2/12/2015 5:57:25 PM | Computer Name = Catherine-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

 failed to create hardware layer Error in the application.    at HardwareAccess.Hardware..ctor(Dispatcher

 dispatcher, ServicePort port, Int32 timeout)     at HardwareAccess.Hardware.Create(Dispatcher

 dispatcher, ServicePort port, Int32 timeout)     at HPWA_Main.App.ApplicationStartup(Object

 sender, StartupEventArgs args)

 

Error - 2/12/2015 5:57:28 PM | Computer Name = Catherine-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

 

Error - 4/7/2015 11:03:31 AM | Computer Name = Catherine-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.  

  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

 

[ System Events ]

Error - 4/27/2015 9:29:32 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7031

Description = The F-Secure Dll Hoster service terminated unexpectedly.  It has done

 this 2 time(s).  The following corrective action will be taken in 10000 milliseconds:

 Restart the service.

 

Error - 4/27/2015 9:29:33 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7034

Description = The HP Wireless Assistant Service service terminated unexpectedly.

  It has done this 1 time(s).

 

Error - 4/27/2015 9:29:34 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7034

Description = The Application Virtualization Client service terminated unexpectedly.

  It has done this 1 time(s).

 

Error - 4/27/2015 9:29:57 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

 unexpectedly.  It has done this 1 time(s).  The following corrective action will

 be taken in 30000 milliseconds: Restart the service.

 

Error - 4/27/2015 9:29:58 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7034

Description = The HP Software Framework Service service terminated unexpectedly.

  It has done this 1 time(s).

 

Error - 4/27/2015 9:29:59 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7031

Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated

 unexpectedly.  It has done this 1 time(s).  The following corrective action will

 be taken in 0 milliseconds: Restart the service.

 

Error - 4/27/2015 9:30:27 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

 the service) after the unexpected termination of the Windows Media Player Network

 Sharing Service service, but this action failed with the following error:   %%1056

 

Error - 4/27/2015 9:36:35 PM | Computer Name = Catherine-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003

Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\system32\athihvs.dll

 

 

Error - 4/27/2015 9:36:38 PM | Computer Name = Catherine-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003

Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\system32\athihvs.dll

 

 

Error - 4/27/2015 9:36:38 PM | Computer Name = Catherine-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003

Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\system32\athihvs.dll

 

 

 

< End of report >

Share this post


Link to post
Share on other sites

Good morning Catherine, ok lets get to some more cleaning & see if you have any security risks !!!

 

First i need you to look in Control Panel ........ add/uninstall programs and uninstall these if present:

1. PCPitstop Utility
2. SparkTrust PC Cleaner

 

 

NEXT

 

Download & run this program !

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

 

 

NEXT

 

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...ebay.com/?_nkw={searchTerms}IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\{5239903F-EA48-456A-A1F8-0E737E1E7093}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131148,20028,0,71,0IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\Yahoo: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iwinFF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2013/06/04 16:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions[2015/04/27 19:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\extensions[2011/03/05 09:02:23 | 000,000,000 | ---D | M] (Bing Bar) -- C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOXFile not found (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3DKT76NV.DEFAULT\EXTENSIONS\[email protected]AC7300AC.COMFile not found (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3DKT76NV.DEFAULT\EXTENSIONS\[email protected] - HKLM..\Run: []  File not foundO9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not foundO9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not foundO13 - gopher Prefix: missingO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[2015/04/27 20:27:24 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus Startup.job[2015/04/27 20:27:24 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3 Startup [email protected] Data Stream - 221 bytes -> C:\ProgramData\Temp:[email protected]e Data Stream - 156 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 152 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 147 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 146 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 143 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 142 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 142 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 139 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 139 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 139 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 138 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 137 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 137 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 135 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 130 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 128 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 122 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 118 bytes -> C:\ProgramData\Temp:[email protected] Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

 

 

===============

 

1. Was the programs i had you remove in the add/uninstall list ???

 

2. I need the Security log posted !

 

3. The OTL Fix log

 

4. Let me know how it is running ???

 

 

We are almost done !!

 

Thanks

Chuck


 

Share this post


Link to post
Share on other sites
 Results of screen317's Security Check version 1.00  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Computer Security   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 17.0.0.169  

 Google Chrome 36.0.1985.125 Google Chrome out of date!  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Charter Security Suite apps ComputerSecurity Anti-Virus\FSGK32.EXE 

 Charter Security Suite apps ComputerSecurity Anti-Virus\fssm32.exe 

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 

Share this post


Link to post
Share on other sites
All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5239903F-EA48-456A-A1F8-0E737E1E7093}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5239903F-EA48-456A-A1F8-0E737E1E7093}\ not found.

Registry key HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.

C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions folder moved successfully.

C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\extensions folder moved successfully.

C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX\components folder moved successfully.

C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX\Chrome folder moved successfully.

C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.


Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job moved successfully.

C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job moved successfully.

ADS C:\ProgramData\Temp:4EE95FE7 deleted successfully.

ADS C:\ProgramData\Temp:30C74695 deleted successfully.

ADS C:\ProgramData\Temp:A2A602F0 deleted successfully.

ADS C:\ProgramData\Temp:94BD36A2 deleted successfully.

ADS C:\ProgramData\Temp:D346F792 deleted successfully.

ADS C:\ProgramData\Temp:9F38BF31 deleted successfully.

ADS C:\ProgramData\Temp:E8B61305 deleted successfully.

ADS C:\ProgramData\Temp:C72A744C deleted successfully.

ADS C:\ProgramData\Temp:C7A094AF deleted successfully.

ADS C:\ProgramData\Temp:63ABD638 deleted successfully.

ADS C:\ProgramData\Temp:25FF8A61 deleted successfully.

ADS C:\ProgramData\Temp:D4E0D1F1 deleted successfully.

ADS C:\ProgramData\Temp:EFBD4447 deleted successfully.

ADS C:\ProgramData\Temp:DA84DA4A deleted successfully.

ADS C:\ProgramData\Temp:943FEF5D deleted successfully.

ADS C:\ProgramData\Temp:EC2C753C deleted successfully.

ADS C:\ProgramData\Temp:62D72D41 deleted successfully.

ADS C:\ProgramData\Temp:E4E83517 deleted successfully.

ADS C:\ProgramData\Temp:373E1720 deleted successfully.

ADS C:\ProgramData\Temp:A7DA2BCD deleted successfully.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Catherine

->Java cache emptied: 51034 bytes

 

User: Default

 

User: Default User

 

User: Guest

 

User: Public

 

User: Tom

->Java cache emptied: 0 bytes

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Catherine

->Flash cache emptied: 3611 bytes

 

User: Default

 

User: Default User

 

User: Guest

->Flash cache emptied: 798 bytes

 

User: Public

 

User: Tom

->Flash cache emptied: 891 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Catherine

->Temp folder emptied: 183433656 bytes

->Temporary Internet Files folder emptied: 93147528 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 270685980 bytes

->Google Chrome cache emptied: 372175295 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 25812201 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Tom

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 6115831 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 22353787 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 79232847 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 666871829 bytes

 

Total Files Cleaned = 1,640.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 04282015_110547

 

Files\Folders moved on Reboot...

C:\Users\Catherine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Catherine that cleaned up real nice, so lets remove some of the tools we used in the cleaning !!

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.
 

 

======================

 

Your Google Chrome is in need of an update !! The rest in Security Search is up to date !

 

======================

 

 

This is my "All Clean Speech" that i give so if you feel anything is needed for you use it !!

 

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware .

 

Any problems ?

It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!

 

Please let me know if you are happy with our service & my work !!

Also please inform others you may know about our site & my work !!

 

Happy Surfing

Thanks
Chuck

 

I will lock this topic in 5 days so there will be no Drive By's (people posting for no reason) !!!

Share this post


Link to post
Share on other sites

This Problem has been solved.

This topic is closed, if you need it re-opened please PM me or any Mod !
 

Thanks

Chuck

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this