Catherine Posted April 28, 2015 Report Share Posted April 28, 2015 My computer has tons of pop up all over the page that I am on Link to post Share on other sites
flashh4 Posted April 28, 2015 Report Share Posted April 28, 2015 Howdy Catherine and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!Perform all actions in the order given.Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Do Not Remove anything or run any tools/programs until advised to do so !Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. ===================================AdwCleaner Please download adwcleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the "Clean" button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder.NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply ! Re-Boot your computer now !!NEXT Download Malwarebytes' Anti-Malware (save it to your desktop). >>> http://api.viglink.com/api/click?format=go&jsonp=vglnk_142716402237113&key=9b4efad421c8b103b2c94b796db973b0&libId=i7moiq1n01002u9u000DAjanrgva6&subId=ada8cd58e448a82cf9bb2f2782266d43&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D129391%26page%3D1&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmwb-download%2Fconfirm%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3D49c36eb57530cd237bc7129892da2191%26showforum%3D27&title=can%27t%20download%20or%20run%20malwarebyts%20%5BSolved%5D%20-%20What%20the%20Tech&txt=http%3A%2F%2Fwww.malwareby...m_medium%3Dsocial * Windows XP : Double click on the icon to run it. * Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" * Select Scan tab.* Select type of scan to perform: * Threat Scan < --- Select this type of scan * Custom Scan * Hyper ScanNext click the Scan button.When the scan is complete, if no malicious items are found you can close the program.If malicious items are found be sure that everything is checked, and click Quarantine .When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. Post these logs after running each program, then proceed to the next !! ThanksChuck Link to post Share on other sites
flashh4 Posted April 28, 2015 Report Share Posted April 28, 2015 When pasting the logs just click in the big box at the bottom, paste log, then click "Post" ! May have to try it a few times to paste !! Link to post Share on other sites
Catherine Posted April 28, 2015 Author Report Share Posted April 28, 2015 # AdwCleaner v4.202 - Logfile created 27/04/2015 at 19:16:41# Updated 23/04/2015 by Xplode# Database : 2015-04-27.1 [server]# Operating system : Windows 7 Home Premium Service Pack 1 (x64)# Username : Catherine - CATHERINE-HP# Running from : C:\Users\Catherine\Downloads\adwcleaner_4.202.exe# Option : Cleaning ***** [ Services ] ***** [#] Service Deleted : ReimageRealTimeProtectorService Deleted : sbmntr[#] Service Deleted : Update Mgr DigitalMore ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\IePluginServicesFolder Deleted : C:\ProgramData\SearchModuleFolder Deleted : C:\ProgramData\ZombieAlertFolder Deleted : C:\ProgramData\Reimage ProtectorFolder Deleted : C:\ProgramData\WinfernoFolder Deleted : C:\ProgramData\SparkTrustFolder Deleted : C:\ProgramData\SaliesCheeckerrFolder Deleted : C:\Program Files (x86)\globalUpdateFolder Deleted : C:\Program Files (x86)\iWebar[x] Not Deleted : C:\Program Files (x86)\MediaPlayerEnhanceFolder Deleted : C:\Program Files (x86)\predmFolder Deleted : C:\Program Files (x86)\YTDownloaderFolder Deleted : C:\Program Files (x86)\Privacy DRFolder Deleted : C:\Program Files (x86)\SparkTrustFolder Deleted : C:\Program Files (x86)\SaliesCheeckerrFolder Deleted : C:\Program Files (x86)\MediaPlayerEnhanceFolder Deleted : C:\Program Files (x86)\Common Files\SparkTrustFolder Deleted : C:\Windows\SysWOW64\SearchProtect[x] Not Deleted : C:\Program Files\002[x] Not Deleted : C:\Program Files\003[x] Not Deleted : C:\Program Files\Reimage[x] Not Deleted : C:\Program Files\RrSavingsFolder Deleted : C:\Users\Catherine\AppData\Local\FreesofttodayFolder Deleted : C:\Users\Catherine\AppData\Local\GameoFolder Deleted : C:\Users\Catherine\AppData\Local\globalUpdateFolder Deleted : C:\Users\Catherine\AppData\Local\LPTFolder Deleted : C:\Users\Catherine\AppData\Local\SwvUpdaterFolder Deleted : C:\Users\Catherine\AppData\Local\Tuguu_SLFolder Deleted : C:\Users\Catherine\AppData\Local\WeatherAlertsFolder Deleted : C:\Users\Catherine\AppData\Local\ZombieAlertFolder Deleted : C:\Users\Catherine\AppData\Roaming\SpeedAnalysis2Folder Deleted : C:\Users\Catherine\AppData\Roaming\v9Folder Deleted : C:\Users\Catherine\AppData\Roaming\SparkTrustFolder Deleted : C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrustFolder Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.comFolder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanfFolder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeiloFolder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn[/!\] Not Deleted ( Junction ) : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeiloFolder Deleted : C:\Users\Catherine\AppData\Roaming\Opera Software\Opera Stable\Extensions\dfohdbmjdkfijghgklbickfnaepghgbaFolder Deleted : C:\Users\Catherine\AppData\Roaming\Opera Software\Opera Stable\Extensions\lekgiimbfodefdaoofhlckefjbgpeiloFile Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\Extensions\[email protected]File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorageFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorageFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorage-journalFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeiloFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gafhhbahpojnjfhpepjjfjojbphnogmn_0.localstorageFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gafhhbahpojnjfhpepjjfjojbphnogmn_0.localstorage-journalFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeiloFile Deleted : C:\Windows\Reimage.iniFile Deleted : C:\Windows\SysWOW64\SecureAssist.dllFile Deleted : C:\Windows\System32\roboot64.exeFile Deleted : C:\Windows\System32\SecureAssist64.dllFile Deleted : C:\Users\Catherine\daemonprocess.txtFile Deleted : C:\Users\Catherine\AppData\Roaming\speedanalysis.icoFile Deleted : C:\Users\Catherine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SparkTrust PC Cleaner Plus.lnkFile Deleted : C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.urlFile Deleted : C:\Users\Catherine\Desktop\SparkTrust PC Cleaner Plus.lnkFile Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\searchplugins\bingp.xmlFile Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\key-find.xmlFile Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\searchplugins\trovi-search.xmlFile Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xmlFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorageFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journalFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorageFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journalFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorageFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage-journalFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorageFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage-journalFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorageFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journalFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorageFile Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal ***** [ Scheduled tasks ] ***** Task Deleted : gameo_updateTask Deleted : LaunchAppTask Deleted : PC Optimizer Pro UpdatesTask Deleted : Reimage ReminderTask Deleted : ReimageUpdaterTask Deleted : RunAsStdUser TaskTask Deleted : SMupdate1Task Deleted : YTDownloaderTask Deleted : YTDownloaderUpdTask Deleted : SparkTrust Update Version3Task Deleted : SparkTrust Update Version3_triggeronceTask Deleted : SparkTrust Registration3Task Deleted : MediaPlayerEnhance-updater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bfcpnihmbfoaeoakalclfalkdepgiajeKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanfKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfiKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbogKey Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/PluginKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServicesKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exeKey Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExtKey Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLLKey Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngineKey Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d925bc12-7440-413e-a040-cef15508f0c5}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878B8524-AED5-4870-9A96-A515440DAC75}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{d925bc12-7440-413e-a040-cef15508f0c5}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d925bc12-7440-413e-a040-cef15508f0c5}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\17BDFF48CB2043A3A7504DED58A442C5Key Deleted : HKCU\Software\GlobalUpdateKey Deleted : HKCU\Software\TutoTagKey Deleted : HKCU\Software\ReimageKey Deleted : HKCU\Software\YTDownloaderKey Deleted : HKCU\Software\gameoKey Deleted : HKCU\Software\reimagerepairKey Deleted : HKCU\Software\Local AppWizard-Generated ApplicationsKey Deleted : HKCU\Software\AppDataLow\Software\MediaPlayerEnhanceKey Deleted : HKCU\Software\AppDataLow\Software\Rr SavingsKey Deleted : HKCU\Software\AppDataLow\Software\RrSavingsKey Deleted : HKCU\Software\AppDataLow\Software\Supra SavingsKey Deleted : HKLM\SOFTWARE\MediaPlayerEnhanceKey Deleted : HKLM\SOFTWARE\PIPKey Deleted : HKLM\SOFTWARE\SupDpKey Deleted : HKLM\SOFTWARE\suprasavingsKey Deleted : HKLM\SOFTWARE\TutorialsKey Deleted : HKLM\SOFTWARE\YTDownloaderKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35827710-D042-428B-A1E5-E20E12D2FEB9}Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcherKey Deleted : [x64] HKLM\SOFTWARE\RrSavingsKey Deleted : [x64] HKLM\SOFTWARE\suprasavingsKey Deleted : [x64] HKLM\SOFTWARE\Updater By SweetpacksKey Deleted : [x64] HKLM\SOFTWARE\ReimageKey Deleted : [x64] HKLM\SOFTWARE\YTDownloaderKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage ProtectorKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1CKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CDKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17728 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] -\\ Mozilla Firefox v [3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"83°F\",\"temperatureClear\":\"83°F\",\"highTemperature\":\"93°F\",\"lowTemperature\":\"59°F\",\"feelsLike\":\"80°F\",[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.embeddedsData", "[{\"appId\":\"129878973612432233\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3239904.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298570%26octid%3DCT3298570%26SearchSource%3D61%26CUI%3DUN7[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3286042.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3289663.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"62°F\",\"temperatureClear\":\"62°F\",\"highTemperature\":\"62°F\",\"lowTemperature\":\"43°F\",\"feelsLike\":\"62°F\",[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3298570.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3298570.embeddedsData", "[{\"appId\":\"130110228341463105\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("CT3298570.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298570%26octid%3DCT3298570%26SearchSource%3D61%26CUI%3DUN7[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.VYbDR.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.n[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.WZ3n.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.ne[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.dynconff.cache.search.conduit.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1169_1348_1420\"><content id=\"IntextAds\">\r\n<newjs>\r\n<![CDATA[\r\n\r\ntry {\r\n[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.Visibility", false);[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.countryiso", "us");[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.downloadprovider", "quickobrw");[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installationid", "64cfa884-eb4e-4fc7-a8f1-7a7ed71afee5");[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installdate", "11/06/2013");[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);[3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(\\\\\\/ig\\\\\\/firefox)\",\"[...][3dkt76nv.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.trace_log", "1370821463940 - onFlagInfoReceived - Same server mapping version, don't update\n1370821463940 - onFlagInfoReceived - Saving server mapping version\n13708214639[...][niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");[niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");[niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");[niay4rle.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");[niay4rle.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");[niay4rle.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "13ab8e032c6e6bfba17aeee9bb15f202"); -\\ Google Chrome v36.0.1985.125 [C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : dgjkhjdcljddbedokogakmmdjgnbeanf[C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : lekgiimbfodefdaoofhlckefjbgpeilo[C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : gafhhbahpojnjfhpepjjfjojbphnogmn[C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : lekgiimbfodefdaoofhlckefjbgpeilo -\\ Opera v0.0.0.0 ************************* AdwCleaner[R0].txt - [134887 bytes] - [25/07/2014 15:35:26]AdwCleaner[R1].txt - [134887 bytes] - [25/07/2014 16:10:11]AdwCleaner[R2].txt - [131174 bytes] - [25/07/2014 17:04:10]AdwCleaner[R3].txt - [37748 bytes] - [27/04/2015 19:03:34]AdwCleaner[s0].txt - [36289 bytes] - [27/04/2015 19:16:41] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [36349 bytes] ########## Link to post Share on other sites
Catherine Posted April 28, 2015 Author Report Share Posted April 28, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.6.5 (04.27.2015:1)OS: Windows 7 Home Premium x64Ran by Catherine on Mon 04/27/2015 at 19:27:56.19~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\system32\tasks\PC Optimizer Pro64 startups ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Users\Catherine\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journalSuccessfully deleted: [File] C:\Users\Catherine\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{366D4FC7-0F57-4DCC-A74A-65953B792687}Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{60501BEB-D388-4A5F-95B0-68AFD524F7C5}Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{60DF7411-2008-45FA-A5DA-74AA6DF227A8}Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{B699C5BD-0C19-41AA-816B-FC8B6324D2B8}Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{C405513C-7AC6-4570-9402-1C55BBA8CF8A}Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{E11A79C8-934A-44BC-913B-FB62F8D679E5}Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{F5414D90-EBE7-498E-8B84-F7ACDF4A1E01}Successfully deleted: [Empty Folder] C:\Users\Catherine\appdata\local\{FB9F177F-5448-40BE-A77D-2B699344714A}Successfully deleted: [Folder] C:\ai_recyclebinSuccessfully deleted: [Folder] C:\ProgramData\surffkoeeEPPit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 04/27/2015 at 19:35:27.76End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
flashh4 Posted April 28, 2015 Report Share Posted April 28, 2015 Catherine, that's looking better ! It should be running much better but we have a lot more to get you all clean so after you post the Malwarebytes log I will need you to download & run this for me !! Download DDS and save it to your Desktop. >>> DDS Double click dds.scr to run the tool. If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt. DDS will now scan your computer. When the scan is complete, DDS will open two (2) logs: DDS.txt Attach.txt If not saved these logs will be automatically deleted when closed, so save both to your Desktop. Please note it is important that you post BOTH logs in your topic.Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com==========================NEXTDownload OldTimer to your desk top !Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following.o Scan all users.o Standard Output. o Lop check.o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs.o OTL.txt (open on your desktop).o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.* Please post me both logs. This may have to be broken into more than one post ! Post Next:1. DDS logs2. OTL.txt and Extras.txt (if a Extras.txt is produced)ThanksChuck I will read these tomorrow & post back to you of what we need to do then !!Good-Night Link to post Share on other sites
Catherine Posted April 28, 2015 Author Report Share Posted April 28, 2015 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 4/27/2015Scan Time: 7:42:56 PMLogfile: Administrator: Yes Version: 2.01.6.1022Malware Database: v2015.04.27.05Rootkit Database: v2015.04.21.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Catherine Scan Type: Threat ScanResult: CompletedObjects Scanned: 446009Time Elapsed: 40 min, 7 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 25PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], PUP.Optional.WeCare.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], PUP.Optional.WeCare.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], Adware.GamePlayLab, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158}, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], Adware.GamePlayLab, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], Adware.GamePlayLab, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158}, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], PUP.Optional.Gamesbar.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CB0D163C-E9F4-4236-9496-0597E24B23A5}, Quarantined, [fc950c6517730036706655ec788b03fd], PUP.Optional.Gamesbar.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB0D163C-E9F4-4236-9496-0597E24B23A5}, Quarantined, [fc950c6517730036706655ec788b03fd], PUP.Optional.Gamesbar.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB0D163C-E9F4-4236-9496-0597E24B23A5}, Quarantined, [fc950c6517730036706655ec788b03fd], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cnpkmcjgpcihgfnkcjapiaabbbplkcmf, Quarantined, [7c156e0352381422da8d21b77c8738c8], PUP.Optional.MyCoups.A, HKLM\SOFTWARE\WOW6432NODE\MYCOUPS, Quarantined, [81105c15f09a6cca743f9bb5689dd12f], PUP.Optional.Enformation.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\enformation, Quarantined, [0b8678f95d2d9e987327ec09679c768a], PUP.Optional.GenericAddon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [840d9cd55634cc6a69240fd9db288c74], PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, Quarantined, [3c55e28fd3b761d5afa7a76937cdfa06], PUP.Optional.PlusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-8.9, Quarantined, [7021ec85c1c92d0987894fbade2650b0], PUP.Optional.GenericAddon.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [95fcdd94e5a570c6345932b67093e020], PUP.Optional.MyCoups.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\MYCOUPS, Quarantined, [eea3cca58109a393e0d43e1227de1ee2], PUP.Optional.CrossRider.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [deb3b0c1a7e3b383db1edf5f38cd04fc], PUP.Optional.MultiIE.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [eba62f4284061125943db79062a330d0], PUP.Optional.IWantThis.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\I Want This, Quarantined, [078a81f091f9d264e4d557ae45bf6f91], PUP.Optional.Mindspark.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\APPDATALOW\SOFTWARE\TotalRecipeSearch_14, Quarantined, [830e61100882053145982cd03dc6db25], PUP.Optional.MultiIE.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [4849bdb4f39746f059782027bd486a96], PUP.Optional.IWantThis.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\APPDATALOW\SOFTWARE\I Want This, Quarantined, [850c521fddad1c1a8a2f8e77788c60a0], Registry Values: 5PUP.Optional.MyCoups.A, HKLM\SOFTWARE\WOW6432NODE\MYCOUPS|age, 1370232000, Quarantined, [81105c15f09a6cca743f9bb5689dd12f]PUP.Optional.MyCoups.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\MYCOUPS|age, 1370232000, Quarantined, [eea3cca58109a393e0d43e1227de1ee2]PUP.Optional.CrossRider.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\NEW WINDOWS\ALLOW|*.crossrider.com, CrossriderApp0002258, Quarantined, [97faa3cee9a159ddfdffe466b451d030]PUP.Optional.UnFriendApp.A, HKU\S-1-5-21-313159577-1753058699-2702243966-1002\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\UnfriendApp\Firefox\, Quarantined, [1b765a17b0da31052dad1de22fd4cf31]PUP.Optional.UnFriendApp.A, HKU\S-1-5-21-313159577-1753058699-2702243966-501\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\UnfriendApp\Firefox\, Quarantined, [8e03f27f46447abc31a9dd22cf3418e8] Registry Data: 0(No malicious items detected) Folders: 93PUP.Optional.CrossRider.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0, Quarantined, [a1f083eef29891a52c554e4c5aa909f7], PUP.Optional.CrossRider.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo, Quarantined, [d8b9710091f9b086335a9bffdc278f71], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\HeadlineAlley_29, Quarantined, [e1b098d9b8d2ec4a9dd7811b54af5ea2], PUP.Optional.RRSavings.A, C:\Program Files\rrsavings, Quarantined, [9ef33c3566247bbbf1f0d0cde51efa06], PUP.Optional.FreeSoftToday.A, C:\Users\Catherine\AppData\Local\fst_us_42, Quarantined, [f1a00869206a5ed87833a701cf34d32d], PUP.Optional.FreeSoftToday.A, C:\Program Files (x86)\fst_us_42, Quarantined, [96fba3ce28626bcb139906a26e957789], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, Quarantined, [c2cff47de9a143f3a48999157e85d729], PUP.Optional.DigitalMore.A, C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e, Quarantined, [e1b0a2cffd8dfa3c53c0a2223ec5e719], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\adapter, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\abstractbutton, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\abstractbutton\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\alert, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\alert\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\generic, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\generic\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\link, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\link\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\images, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\rss, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\rss\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\thirdparty, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\thirdparty\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\uninstall, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\uninstall\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\weather, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\weather\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\foreground, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\radioWrapper, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\background, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\_metadata, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], Files: 244PUP.Optional.WeCare.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Quarantined, [6d24b2bfc6c4a1952111c4bb8f747987], Adware.GamePlayLab, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Quarantined, [1b762b46fb8f41f58ceaea71cd36f50b], PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu64.dll, Quarantined, [dbb6d899276361d523b0c283bb4b60a0], PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [335e2e434b3f62d409badfe89372f60a], PUP.Optional.PreBackup.A, C:\Users\Catherine\AppData\Local\Temp\CloudBackup9025.exe, Quarantined, [167bb0c19af0092d201398dccd337a86], PUP.Optional.Goobzo, C:\Users\Catherine\AppData\Local\Temp\dufgmr4c.exe, Quarantined, [58394b26e9a1f93db8ed02c890717090], PUP.Optional.InstallIQ, C:\Users\Catherine\Downloads\mediaclassic.exe, Quarantined, [5b368ee3f892d561d3c1a39ae61b30d0], PUP.Optional.Bundle, C:\Users\Catherine\Downloads\adobe_flash_setup (1).exe, Quarantined, [0d84521f3a504bebb0d693b227dfe818], PUP.Optional.Bundle, C:\Users\Catherine\Downloads\adobe_flash_setup (2).exe, Quarantined, [4f4211600a808aac444264e1e81e8779], PUP.Optional.Bundle, C:\Users\Catherine\Downloads\adobe_flash_setup.exe, Quarantined, [a1f0036efc8eef4712741e278383da26], PUP.Optional.BundleInstaller.A, C:\Users\Catherine\Downloads\Unconfirmed 274501.crdownload, Quarantined, [8f0275fc0981d264d7539bb4e9196997], PUP.Optional.AirInstaller, C:\Users\Catherine\Downloads\Flash_Setup.exe, Quarantined, [9ef36011a5e5cf67e21ff742a35eb64a], PUP.Optional.Somoto, C:\Users\Catherine\Downloads\FLVPlayerSetup-Nb7SelJcY.exe, Quarantined, [a7ea4e2318725adcbb66ecfc7392916f], PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26263\ytdi_bf4fca0ff8_setup.exe, Quarantined, [0091ef824a407eb8795a073e0bfb29d7], PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26312\ytdi_bf4fca0ff8_setup.exe, Quarantined, [0b86224f0882b97d9142c0858680ef11], PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26364\ytdi_bf4fca0ff8_setup.exe, Quarantined, [ccc53d34a1e9ce68dbf8430248bec937], PUP.Optional.Goobzo, c:\users\catherine\appdata\local\installer\install_26413\ytdi_bf4fca0ff8_setup.exe, Quarantined, [058c1a57187265d107cc0d38ad593ec2], PUP.Optional.SnapDo.A, C:\Windows\Installer\f93ef39.msi, Quarantined, [e4ada8c999f1ce68d8e81e96847dac54], PUP.Optional.SelectNGo.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [434e6110eb9f191dc6d655a7ab587a86], PUP.Optional.SelectNGo.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Quarantined, [f1a039389ded94a2fd9f26d60cf7e41c], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pcpehlgijbdajfafffojllcaecaecngb_0.localstorage, Delete-on-Reboot, [226f670a95f56bcbb6d9c144cc3841bf], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pcpehlgijbdajfafffojllcaecaecngb_0.localstorage-journal, Delete-on-Reboot, [bfd2353cdcaea5915d32927354b060a0], PUP.Optional.FreeSoftToday.A, C:\Users\Catherine\AppData\Local\fst_us_42\upfst_us_42.cyp, Quarantined, [f1a00869206a5ed87833a701cf34d32d], PUP.Optional.FreeSoftToday.A, C:\Users\Catherine\AppData\Local\fst_us_42\user_profil.cyp, Quarantined, [f1a00869206a5ed87833a701cf34d32d], PUP.Optional.FreeSoftToday.A, C:\Program Files (x86)\fst_us_42\unins000.dat, Quarantined, [96fba3ce28626bcb139906a26e957789], PUP.Optional.FreeSoftToday.A, C:\Program Files (x86)\fst_us_42\unins000.msg, Quarantined, [96fba3ce28626bcb139906a26e957789], PUP.Optional.DigitalMore.A, C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\temp, Quarantined, [e1b0a2cffd8dfa3c53c0a2223ec5e719], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\manifest.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\bg.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\buildVars, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\buildVars.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\companionSW.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\config.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\contentScript.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\contentScript.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\debug.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\debug.jade, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\extension_toolbar_api.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\initWidgetWindow.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\newTabContentScript.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\options.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent2.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spent2.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spentJ.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spentK.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\spentK.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\startup.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\stub.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\stubby.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\superFrame.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbar.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbar.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbarUI.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbarUI.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\toolbarUI.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\url.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\adapter\adapterUtil.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\adapter\widget-adapter.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\alert\background\alertButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\background\FlareWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\flare\icons\Thumbs.db, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\generic\background\GenericWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\link\background\linkButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\README.txt, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\background\menuButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\css\menuframe.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\html\menuframe.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\images\right_arrow.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\images\right_arrow_white.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\menuframe.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\query-string.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\rss\background\RssWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\components\weather\background\weatherButton.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\bs.30.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\common.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\dynamic.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\enableDetect.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\eventListening.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\global.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\list-interaction.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\messageEventListener.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\navRedirector.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\paramReplacer.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\PartnerId.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\set.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\underscore-1.5.2.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\js\unifiedLogging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widget-context-1.0.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\common.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\set.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\invalid.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\jquery.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\qunit.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\qunit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\resource.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\resource.xml, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\background\ApiBasedWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\background\widget-api-impl.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\widgetWindow.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\api\window\widgetWindow.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\background\updateSearch.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\css\movieReviews.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\html\movieReviews.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\moviereviews\js\movieReviews.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\background\RadioWidget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\css\toolbar-item.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\foreground\button.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\background\searchBox.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestions.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestions.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestions.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\search\html\searchSuggestionsInit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\css\supertab.css, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\html\supertab.html, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\newtabfork.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\reporting.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\srchsugg.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\supertab.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\unifiedLogging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\components\supertab\js\__utm.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\arrowSprite.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon128.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon16.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon19disabled.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon19on.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\icon48.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116621.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116625.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116640.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116644.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116653.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\222116675.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\down_arrow.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\magnifying_glass.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\RadioPlayerSprite.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\search_button.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\tvf_icon_guide.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\tvf_logo.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\images\wrench.png, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\chromeUtils.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\exeManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\exeManagerNMD.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\exePackageManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\focusManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\globalBlacklistManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\messaging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\mutation_summary-min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\mutation_summary.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\nativeMessagingDispatcher.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\newTabInfo.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\newTabInitialize.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\options.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\readLocalStorage.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\reservespacefortoolbar.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\reservespaceifenabled.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\scriptInjector.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\searchContext.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\settingsOverrides.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\toolbarCookieParser.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\toolbarPreinit.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\underscore-1.3.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\URILoaderContentScript.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\Widget.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\widgetContentScriptInjectee.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\widgetFactory.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\js\widgetWindowManager.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\cache.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\ce.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\debug.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\ss.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs\jquery-1.7.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs\jquery-1.9.1.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\native\libs\underscore-1.5.2.min.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\HttpURL.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\rsvp-latest.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\unifiedLogging.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\universalConsole.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\shared\utils.js, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.Mindspark.A, C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb\12.9.6.8621_0\_metadata\verified_contents.json, Quarantined, [1b76c6ab0d7d2016695162e40600d52b], PUP.Optional.KeyFind.A, C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\search.json, Good: (), Bad: (key-find), Replaced,[61306e030b7f6bcb69be52f5aa5c7a86] Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites
Catherine Posted April 28, 2015 Author Report Share Posted April 28, 2015 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17728Run by Catherine at 21:12:22 on 2015-04-27Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2160 [GMT -6:00].AV: Computer Security *Enabled/Updated* {0F70A6C4-76E4-6A3B-2695-519F428B1C20}SP: Computer Security *Enabled/Updated* {B4114720-50DE-65B5-1C25-6AED390C569D}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Charter Security Suite\fshoster32.exeC:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\FSGK32.EXEC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXEC:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXEC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exeC:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXEC:\Program Files (x86)\Charter Security Suite\fshoster32.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\taskhost.exeC:\Windows\system32\notepad.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Browsing Protection: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dllTB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dlluRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenuRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN249395ND05V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1mRun: [attcm_AppStart.exe] "C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" /splashmRun: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exeIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTrusted Zone: ecollege.comTrusted Zone: kaplan.eduTrusted Zone: kucourses.comTCP: NameServer = 192.168.1.1TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\8686F6E6F62737 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10TCP: Interfaces\{ED4A0A7E-FDE4-40D9-8D6E-CC71C8D5EC16} : DHCPNameServer = 69.144.127.53 71.10.216.1 71.10.216.2Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Browsing Protection: {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hiddenx64-Run: [smartSoft PDF Printer Agent] "C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2015-1-7 56016]R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2015-4-14 71080]R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2015-1-7 13352]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-15 203776]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [2014-10-6 187432]R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [2014-6-24 60456]R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-4-27 1871160]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-4-27 1080120]R2 SCWFPFilter;SCWFPFilter;C:\Windows\System32\drivers\WFPFilter.sys [2012-1-10 25552]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-6-24 317296]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-5 46136]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2015-1-7 208424]R3 fsni;fsni;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys [2014-6-23 90152]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-4-27 25816]R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-4-27 136408]R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-4-27 63704]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-3-5 333416]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-5 406632]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-5 38528]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S3 AdminHelper.exe;AdminHelper.exe;C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe [2012-3-22 55728]S3 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]S3 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 265808]S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2014-7-7 41032]S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-7-25 32512]S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-4-16 114688]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]S3 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 swiwdmbus;Sierra Wireless USB Composite Bus;C:\Windows\System32\drivers\swiwdmbusx64.sys [2011-6-9 102656]S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2011-6-9 240640]S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2011-6-9 210944]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-19 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-10 1255736]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]S4 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2015-04-28 01:42:17 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys2015-04-28 01:41:30 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys2015-04-28 01:41:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys2015-04-28 01:41:30 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2015-04-28 01:41:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware2015-04-28 01:28:00 -------- d-----w- C:\RegBackup2015-04-16 19:45:54 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe2015-04-06 01:26:31 -------- d-s---w- C:\Windows\SysWow64\GWX2015-04-06 01:26:30 -------- d-s---w- C:\Windows\System32\GWX.==================== Find3M ====================.2015-04-21 17:01:23 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2015-04-21 17:01:23 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe2015-03-23 03:25:15 726528 ----a-w- C:\Windows\System32\generaltel.dll2015-03-23 03:25:01 769536 ----a-w- C:\Windows\System32\invagent.dll2015-03-23 03:24:56 419840 ----a-w- C:\Windows\System32\devinv.dll2015-03-23 03:24:54 957952 ----a-w- C:\Windows\System32\appraiser.dll2015-03-23 03:24:53 30720 ----a-w- C:\Windows\System32\acmigration.dll2015-03-23 03:24:53 227328 ----a-w- C:\Windows\System32\aepdu.dll2015-03-23 03:24:53 192000 ----a-w- C:\Windows\System32\aepic.dll2015-03-23 03:17:39 1111552 ----a-w- C:\Windows\System32\aeinv.dll2015-03-17 05:22:35 95672 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2015-03-17 05:22:35 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2015-03-17 05:19:37 1727904 ----a-w- C:\Windows\System32\ntdll.dll2015-03-17 05:17:00 362496 ----a-w- C:\Windows\System32\wow64win.dll2015-03-17 05:17:00 243712 ----a-w- C:\Windows\System32\wow64.dll2015-03-17 05:17:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2015-03-17 05:15:55 31232 ----a-w- C:\Windows\System32\lsass.exe2015-03-17 05:15:44 338432 ----a-w- C:\Windows\System32\conhost.exe2015-03-17 05:15:40 64000 ----a-w- C:\Windows\System32\auditpol.exe2015-03-17 05:13:29 60416 ----a-w- C:\Windows\System32\msobjs.dll2015-03-17 05:13:17 146432 ----a-w- C:\Windows\System32\msaudite.dll2015-03-17 05:01:09 3976632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2015-03-17 05:01:09 3920824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2015-03-17 04:59:26 1309696 ----a-w- C:\Windows\SysWow64\ntdll.dll2015-03-17 04:57:25 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll2015-03-17 04:57:21 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll2015-03-17 04:57:20 43008 ----a-w- C:\Windows\SysWow64\srclient.dll2015-03-17 04:57:17 248832 ----a-w- C:\Windows\SysWow64\schannel.dll2015-03-17 04:57:17 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2015-03-17 04:57:13 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2015-03-17 04:57:12 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll2015-03-17 04:57:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll2015-03-17 04:57:07 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll2015-03-17 04:56:59 17408 ----a-w- C:\Windows\SysWow64\credssp.dll2015-03-17 04:56:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2015-03-17 04:56:41 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2015-03-17 04:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe2015-03-17 04:56:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2015-03-17 04:56:01 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2015-03-17 04:56:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2015-03-17 04:53:35 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll2015-03-17 04:53:13 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll2015-03-17 03:45:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2015-03-17 03:45:23 2048 ----a-w- C:\Windows\SysWow64\user.exe2015-03-17 03:43:04 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2015-03-17 03:43:04 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2015-03-17 03:43:04 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2015-03-17 03:43:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2015-03-13 04:25:14 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2015-03-13 04:25:01 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2015-03-13 04:09:12 66560 ----a-w- C:\Windows\System32\iesetup.dll2015-03-13 04:08:33 584192 ----a-w- C:\Windows\System32\vbscript.dll2015-03-13 04:08:27 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2015-03-13 04:08:17 417280 ----a-w- C:\Windows\System32\html.iec2015-03-13 04:06:54 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll2015-03-13 03:54:11 144384 ----a-w- C:\Windows\System32\ieUnatt.exe2015-03-13 03:54:00 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe2015-03-13 03:53:22 814080 ----a-w- C:\Windows\System32\jscript9diag.dll2015-03-13 03:50:45 6025216 ----a-w- C:\Windows\System32\jscript9.dll2015-03-13 03:44:48 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2015-03-13 03:42:18 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2015-03-13 03:32:48 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll2015-03-13 03:28:48 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll2015-03-13 03:28:37 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll2015-03-13 03:27:51 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2015-03-13 03:27:35 340992 ----a-w- C:\Windows\SysWow64\html.iec2015-03-13 03:26:19 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll2015-03-13 03:16:26 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2015-03-13 03:15:40 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2015-03-13 03:05:50 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll2015-03-13 03:05:24 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl2015-03-13 03:01:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll2015-03-13 02:49:21 4305408 ----a-w- C:\Windows\SysWow64\jscript9.dll2015-03-13 02:45:57 2358784 ----a-w- C:\Windows\System32\wininet.dll2015-03-13 02:43:41 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2015-03-13 02:42:47 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll2015-03-13 02:20:28 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll2015-03-10 03:25:10 1882624 ----a-w- C:\Windows\System32\msxml3.dll2015-03-10 03:21:42 2048 ----a-w- C:\Windows\System32\msxml3r.dll2015-03-10 03:08:26 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll2015-03-10 03:05:39 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll2015-03-05 05:12:33 404480 ----a-w- C:\Windows\System32\gdi32.dll2015-03-05 04:05:06 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2015-03-04 04:55:13 367552 ----a-w- C:\Windows\System32\clfs.sys2015-03-04 04:41:27 79360 ----a-w- C:\Windows\System32\clfsw32.dll2015-03-04 04:10:54 58880 ----a-w- C:\Windows\SysWow64\clfsw32.dll2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys2015-02-25 03:18:01 754688 ----a-w- C:\Windows\System32\drivers\http.sys2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll.============= FINISH: 21:13:40.76 =============== Link to post Share on other sites
Catherine Posted April 28, 2015 Author Report Share Posted April 28, 2015 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 6/9/2011 2:21:45 AMSystem Uptime: 4/27/2015 8:26:22 PM (1 hours ago).Motherboard: Hewlett-Packard | | 1697Processor: AMD Athlon II P360 Dual-Core Processor | Socket S1G4 | 2300/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 283 GiB total, 206.706 GiB free.D: is FIXED (NTFS) - 15 GiB total, 1.873 GiB free.E: is CDROM (UDF).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP428: 3/8/2015 2:16:31 PM - Scheduled CheckpointRP429: 3/12/2015 5:30:46 AM - Windows UpdateRP430: 4/5/2015 7:25:09 PM - Windows UpdateRP431: 4/7/2015 9:52:58 AM - F-Secure malware removalRP433: 4/20/2015 9:19:28 AM - Windows Update.==== Installed Programs ======================.Adobe Flash Player 17 ActiveXAdobe Flash Player 17 NPAPIAMD FuelATI Catalyst Install Managerccc-utility64Charter Security SuiteComputer Security 14.121.102.0 (release)F-Secure CCF ReputationF-Secure CCF Scanning 1.51.112.309 (release)F-Secure Network CCF 1.03.102F-Secure SafeSearch 1.03.159.0 (release)Google ChromeGoogle Update HelperHP AutoHP Client ServicesHP Photosmart 5510 series Basic Device SoftwareHP Photosmart 5510 series Product Improvement StudyHP UpdateHP Wireless AssistantMalwarebytes Anti-Malware version 2.1.6.1022Microsoft .NET Framework 4.5.1Microsoft Application Error ReportingMicrosoft Office Click-to-Run 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft PowerPoint ViewerMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2010 Tools for Office Runtime (x64)Online Safety 2.115.2786.1676Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)Smart PDF Creator Pro 6.3.0.467Synaptics Pointing Device DriverUpdate Installer for WildTangent Games AppWindows Live ID Sign-in AssistantWindows Live Language SelectorWindows Live MIME IFilterWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWMV9/VC-1 Video Playback.==== Event Viewer Messages From Past Week ========.4/27/2015 8:26:15 AM, Error: Service Control Manager [7000] - The Update Mgr DigitalMore service failed to start due to the following error: The system cannot find the file specified.4/27/2015 7:36:38 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll4/27/2015 7:30:27 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.4/27/2015 7:29:59 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.4/27/2015 7:29:58 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:29:57 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.4/27/2015 7:29:34 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:29:33 PM, Error: Service Control Manager [7034] - The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:29:32 PM, Error: Service Control Manager [7031] - The F-Secure Dll Hoster service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.4/27/2015 7:29:30 PM, Error: Service Control Manager [7034] - The Sierra Wireless Card Detection Service service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:29:30 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:29:10 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:29:10 PM, Error: Service Control Manager [7031] - The F-Secure ORSP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.4/27/2015 7:29:10 PM, Error: Service Control Manager [7031] - The F-Secure Dll Hoster service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.4/27/2015 7:29:09 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:29:09 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:29:09 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:29:09 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.4/27/2015 7:17:48 PM, Error: Service Control Manager [7034] - The FSMA service terminated unexpectedly. It has done this 2 time(s).4/27/2015 7:17:48 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.4/27/2015 7:17:48 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.4/27/2015 7:17:48 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.4/27/2015 7:17:48 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.4/27/2015 7:17:48 PM, Error: Service Control Manager [7031] - The F-Secure ORSP Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.4/27/2015 7:17:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.4/27/2015 7:16:36 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:16:35 PM, Error: Service Control Manager [7034] - The FSMA service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:16:35 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.4/27/2015 7:16:34 PM, Error: Service Control Manager [7034] - The Reimage Real Time Protector service terminated unexpectedly. It has done this 1 time(s).4/27/2015 7:16:34 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service..==== End Of File =========================== Link to post Share on other sites
flashh4 Posted April 28, 2015 Report Share Posted April 28, 2015 Catherine that computer was in bad need of cleaning !! Link to post Share on other sites
Catherine Posted April 28, 2015 Author Report Share Posted April 28, 2015 OTL logfile created on: 4/27/2015 9:20:49 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Catherine\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17728)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.80% Memory free7.49 Gb Paging File | 5.06 Gb Available in Paging File | 67.59% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 282.82 Gb Total Space | 206.71 Gb Free Space | 73.09% Space Free | Partition Type: NTFSDrive D: | 14.98 Gb Total Space | 1.87 Gb Free Space | 12.51% Space Free | Partition Type: NTFSDrive E: | 3.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: CATHERINE-HP | User Name: Catherine | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015/04/27 21:17:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Downloads\OTL.scrPRC - [2015/04/14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exePRC - [2015/04/14 09:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exePRC - [2015/04/14 09:36:20 | 006,212,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exePRC - [2015/04/14 08:36:32 | 001,263,144 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exePRC - [2015/04/14 08:36:29 | 000,690,216 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exePRC - [2015/03/09 08:31:56 | 000,060,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exePRC - [2014/10/06 16:07:08 | 000,187,432 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exePRC - [2014/09/18 04:29:04 | 000,310,312 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXEPRC - [2014/09/18 04:29:04 | 000,216,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXEPRC - [2014/07/15 03:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exePRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exePRC - [2012/03/22 15:18:30 | 000,219,056 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exePRC - [2011/12/12 16:53:22 | 000,052,952 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exePRC - [2010/12/11 01:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe ========== Modules (No Company Name) ========== MOD - [2015/02/04 11:12:58 | 000,592,936 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dllMOD - [2014/09/18 04:28:54 | 000,056,360 | ---- | M] () -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\FSGUI\fsavures.engMOD - [2014/07/15 03:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dllMOD - [2014/07/15 03:24:46 | 014,664,008 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dllMOD - [2014/07/15 03:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dllMOD - [2014/07/15 03:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dllMOD - [2014/07/15 03:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dllMOD - [2014/07/15 03:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dllMOD - [2012/03/22 15:18:36 | 001,049,320 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dllMOD - [2012/03/22 15:18:36 | 000,727,784 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dllMOD - [2012/03/22 15:18:36 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.pluginMOD - [2012/03/22 15:18:36 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.pluginMOD - [2012/03/22 15:18:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.pluginMOD - [2012/03/22 15:18:36 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.pluginMOD - [2012/03/22 15:18:36 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.pluginMOD - [2012/03/22 15:18:34 | 000,892,136 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\UIToolkit.dllMOD - [2012/03/22 15:18:34 | 000,629,480 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Toolkit.dllMOD - [2012/03/22 15:18:34 | 000,399,080 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\WebClient.dllMOD - [2012/03/22 15:18:34 | 000,123,112 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\System.dllMOD - [2012/03/22 15:18:32 | 000,148,712 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\pcre3.dllMOD - [2012/03/22 15:18:32 | 000,061,160 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DriveDetector.dllMOD - [2012/03/22 15:18:32 | 000,051,432 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Preferences.dllMOD - [2012/03/22 15:18:30 | 000,376,040 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Device.dllMOD - [2012/03/22 15:18:30 | 000,249,064 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DB.dllMOD - [2012/03/22 15:18:30 | 000,219,056 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exeMOD - [2012/03/22 15:18:30 | 000,132,840 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Discovery.dllMOD - [2012/03/22 15:18:30 | 000,099,560 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ComCore.dllMOD - [2011/12/12 16:53:22 | 000,052,952 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exeMOD - [2010/11/22 16:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dllMOD - [2010/11/22 16:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dllMOD - [2010/11/22 16:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ========== Services (SafeList) ========== SRV - [2015/04/21 11:01:24 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2015/04/14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2015/04/14 09:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2015/04/08 15:24:27 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)SRV - [2015/03/09 08:31:56 | 000,060,456 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)SRV - [2014/10/06 16:07:08 | 000,187,432 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe -- (fshoster)SRV - [2014/09/18 04:29:04 | 000,216,104 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)SRV - [2013/03/25 09:20:50 | 000,520,360 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)SRV - [2012/03/22 15:18:30 | 000,055,728 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)SRV - [2011/06/24 11:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service) ========== Driver Services (SafeList) ========== DRV - [2015/04/16 09:21:25 | 000,090,152 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys -- (fsni)DRV - [2015/04/14 08:36:32 | 000,071,080 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)DRV - [2015/02/24 15:42:35 | 000,208,424 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)DRV - [2014/09/18 04:29:02 | 000,013,352 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSEIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U150&ocid=U150DHPIE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USIE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 01 37 90 CE 66 CE 01 [binary data]IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.comIE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\{5239903F-EA48-456A-A1F8-0E737E1E7093}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131148,20028,0,71,0IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\Yahoo: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iwinIE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT3239904.browser.search.defaultthis.engineName: trueFF - prefs.js..CT3286042.browser.search.defaultthis.engineName: "true"FF - prefs.js..CT3289663.browser.search.defaultthis.engineName: "true"FF - prefs.js..CT3289847.browser.search.defaultthis.engineName: "true"FF - prefs.js..CT3298570.browser.search.defaultthis.engineName: "true"FF - prefs.js..browser.search.defaultenginename: "Bing"FF - prefs.js..browser.search.order.1: "Ask Search"FF - prefs.js..browser.search.selectedEngine: "Bing"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..extensions.enabledAddons: pluswinks%40PlusWinks:3.0.0.0FF - prefs.js..extensions.enabledAddons: msntoolbar%40msn.com:6.0FF - prefs.js..extensions.enabledAddons: 0c822a17-a68f-4066-9257-d229458d21ca%409c178d17-dc61-4aaf-b2da-1425ac7300ac.com:0.95.145FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={3740200A-D7A6-4D90-A4DF-EBE0BB8308AF}&Version=3.6.5&Vintage=20120416&Defaultbrowserid=28&Productid=157&Vendorid=4880&Offerid=6894&searchterm="FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/05 09:02:23 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/05 09:02:32 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/31 09:27:21 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/31 09:27:21 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{66f888e9-4011-4d6d-8e71-876089e7c956}: C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2015/02/04 11:21:46 | 000,000,000 | ---D | M] [2013/06/04 16:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions[2015/04/27 19:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\extensions[2013/06/03 07:25:35 | 000,001,793 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\searchplugins\Bing.xml[2011/03/05 09:02:23 | 000,000,000 | ---D | M] (Bing Bar) -- C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOXFile not found (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3DKT76NV.DEFAULT\EXTENSIONS\0C822A17-A68F-4066-9257-D229458D21CA@9C178D17-DC61-4AAF-B2DA-1425AC7300AC.COMFile not found (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3DKT76NV.DEFAULT\EXTENSIONS\[email protected][2013/03/31 09:26:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll ========== Chrome ========== CHR - plugin: Error reading preferences fileCHR - Extension: Google Docs = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\CHR - Extension: Google Drive = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\CHR - Extension: YouTube = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\CHR - Extension: Google Search = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\CHR - Extension: RealDownloader = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\CHR - Extension: Google Wallet = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\CHR - Extension: Gmail = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2014/07/26 09:26:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)O2 - BHO: (Browsing Protection) - {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()O4 - HKLM..\Run: [F-Secure Hoster (42626)] C:\Program Files (x86)\Charter Security Suite\fshoster32.exe (F-Secure Corporation)O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)O4 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not foundO9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not foundO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: ecollege.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: kaplan.edu ([]* in Trusted sites)O15 - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..Trusted Domains: kucourses.com ([]* in Trusted sites)O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED4A0A7E-FDE4-40D9-8D6E-CC71C8D5EC16}: DhcpNameServer = 69.144.127.53 71.10.216.1 71.10.216.2O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015/04/27 19:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware[2015/04/27 19:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware[2015/04/27 19:28:00 | 000,000,000 | ---D | C] -- C:\RegBackup[2015/04/16 13:46:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll[2015/04/16 13:46:30 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll[2015/04/16 13:46:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe[2015/04/16 13:46:30 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll[2015/04/16 13:46:29 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll[2015/04/16 13:46:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll[2015/04/16 13:45:50 | 003,920,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2015/04/16 13:45:49 | 003,976,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2015/04/16 13:45:47 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe[2015/04/16 13:45:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe[2015/04/16 13:45:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll[2015/04/16 13:45:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll[2015/04/16 13:45:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll[2015/04/16 13:45:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll[2015/04/16 13:45:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll[2015/04/16 13:45:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll[2015/04/16 13:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll[2015/04/16 13:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll[2015/04/16 13:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll[2015/04/16 13:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll[2015/04/16 13:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll[2015/04/16 13:45:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll[2015/04/16 13:45:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll[2015/04/16 13:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll[2015/04/16 13:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll[2015/04/16 13:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll[2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll[2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll[2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll[2015/04/16 13:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll[2015/04/16 13:45:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll[2015/04/16 13:45:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll[2015/04/16 13:45:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll[2015/04/16 13:45:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll[2015/04/16 13:45:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll[2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll[2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll[2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll[2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll[2015/04/16 13:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll[2015/04/16 13:45:42 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll[2015/04/16 13:45:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe[2015/04/16 13:45:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll[2015/04/16 13:45:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe[2015/04/16 13:45:40 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll[2015/04/16 13:45:39 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll[2015/04/16 13:45:06 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2015/04/16 13:45:06 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll[2015/04/16 13:45:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2015/04/16 13:45:05 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll[2015/04/16 13:45:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll[2015/04/16 13:44:59 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll[2015/04/16 13:44:59 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2015/04/16 13:44:58 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2015/04/16 13:44:57 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll[2015/04/16 13:44:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2015/04/16 13:44:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2015/04/16 13:44:52 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll[2015/04/16 13:44:51 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec[2015/04/16 13:44:51 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll[2015/04/16 13:44:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll[2015/04/05 19:26:31 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX ========== Files - Modified Within 30 Days ========== [2015/04/27 21:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2015/04/27 21:01:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job[2015/04/27 20:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2015/04/27 20:50:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2015/04/27 20:27:24 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus Startup.job[2015/04/27 20:27:24 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3 Startup Task.job[2015/04/27 20:27:20 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2015/04/27 20:26:36 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys[2015/04/27 19:41:40 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2015/04/27 19:28:07 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-CATHERINE-HP-Windows-7-Home-Premium-(64-bit).dat[2015/04/27 19:19:25 | 000,000,653 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_409E1657-ED37-11E4-B47E-64315086D795.job[2015/04/27 14:06:12 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCATHERINE-HP$.job[2015/04/22 11:01:03 | 000,033,799 | ---- | M] () -- C:\Users\Catherine\Desktop\John Conquer Root.rtf[2015/04/22 09:32:35 | 000,001,191 | ---- | M] () -- C:\Users\Catherine\Desktop\DOB15B81 Handouts - Shortcut.lnk[2015/04/22 09:32:04 | 000,001,273 | ---- | M] () -- C:\Users\Catherine\Desktop\Commonly Abused Drugs - Shortcut.lnk[2015/04/22 09:31:51 | 000,001,354 | ---- | M] () -- C:\Users\Catherine\Desktop\Drugs in the Detention Setting - Shortcut.lnk[2015/04/22 09:31:15 | 000,001,192 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions - Shortcut.lnk[2015/04/22 09:31:09 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions (3) - Shortcut.lnk[2015/04/22 09:31:03 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions (2) - Shortcut.lnk[2015/04/22 09:30:56 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\Instructions (1) - Shortcut.lnk[2015/04/22 09:29:21 | 000,001,489 | ---- | M] () -- C:\Users\Catherine\Desktop\Occupational Exposure to Bloodborne Pathogens - Shortcut.lnk[2015/04/22 09:29:13 | 000,001,255 | ---- | M] () -- C:\Users\Catherine\Desktop\LEApplicationPacket - Shortcut.lnk[2015/04/22 09:29:01 | 000,001,399 | ---- | M] () -- C:\Users\Catherine\Desktop\PHYSICAL TRAINING VERIFICATION FORM - Shortcut.lnk[2015/04/22 09:28:53 | 000,001,273 | ---- | M] () -- C:\Users\Catherine\Desktop\PRACTICAL ORIENTATION - Shortcut.lnk[2015/04/22 09:27:33 | 000,001,291 | ---- | M] () -- C:\Users\Catherine\Desktop\Wyo Criminal Procedures - Shortcut.lnk[2015/04/22 09:27:08 | 000,001,284 | ---- | M] () -- C:\Users\Catherine\Desktop\StudentCorr - Shortcut.lnk[2015/04/22 09:26:20 | 000,001,156 | ---- | M] () -- C:\Users\Catherine\Desktop\Overview - Shortcut.lnk[2015/04/22 09:25:31 | 000,001,273 | ---- | M] () -- C:\Users\Catherine\Desktop\Report Writing IL 4-b - Shortcut.lnk[2015/04/22 09:25:17 | 000,001,228 | ---- | M] () -- C:\Users\Catherine\Desktop\PHYSICAL FITNESS - Shortcut.lnk[2015/04/22 09:18:36 | 000,060,188 | ---- | M] () -- C:\Users\Catherine\Desktop\Completion Dates for Students (P).pdf[2015/04/22 09:17:41 | 000,563,379 | ---- | M] () -- C:\Users\Catherine\Desktop\DOB Instructional Objectives (P).pdf[2015/04/22 09:17:08 | 000,282,966 | ---- | M] () -- C:\Users\Catherine\Desktop\Information Guide.pdf[2015/04/21 11:01:23 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2015/04/21 11:01:23 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2015/04/20 09:47:10 | 000,793,542 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2015/04/13 07:40:50 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCatherine.job[2015/04/11 20:57:31 | 065,955,922 | ---- | M] () -- C:\Users\Catherine\Desktop\4-cycle-fat-loss-solution.zip ========== Files Created - No Company Name ========== [2015/04/27 19:41:40 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2015/04/27 19:28:07 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CATHERINE-HP-Windows-7-Home-Premium-(64-bit).dat[2015/04/27 17:43:54 | 000,000,606 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus Startup.job[2015/04/27 17:43:50 | 000,000,653 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_409E1657-ED37-11E4-B47E-64315086D795.job[2015/04/22 10:57:58 | 000,033,799 | ---- | C] () -- C:\Users\Catherine\Desktop\John Conquer Root.rtf[2015/04/22 09:32:35 | 000,001,191 | ---- | C] () -- C:\Users\Catherine\Desktop\DOB15B81 Handouts - Shortcut.lnk[2015/04/22 09:32:04 | 000,001,273 | ---- | C] () -- C:\Users\Catherine\Desktop\Commonly Abused Drugs - Shortcut.lnk[2015/04/22 09:31:51 | 000,001,354 | ---- | C] () -- C:\Users\Catherine\Desktop\Drugs in the Detention Setting - Shortcut.lnk[2015/04/22 09:31:15 | 000,001,192 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions - Shortcut.lnk[2015/04/22 09:31:09 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions (3) - Shortcut.lnk[2015/04/22 09:31:03 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions (2) - Shortcut.lnk[2015/04/22 09:30:56 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\Instructions (1) - Shortcut.lnk[2015/04/22 09:29:21 | 000,001,489 | ---- | C] () -- C:\Users\Catherine\Desktop\Occupational Exposure to Bloodborne Pathogens - Shortcut.lnk[2015/04/22 09:29:13 | 000,001,255 | ---- | C] () -- C:\Users\Catherine\Desktop\LEApplicationPacket - Shortcut.lnk[2015/04/22 09:29:01 | 000,001,399 | ---- | C] () -- C:\Users\Catherine\Desktop\PHYSICAL TRAINING VERIFICATION FORM - Shortcut.lnk[2015/04/22 09:28:53 | 000,001,273 | ---- | C] () -- C:\Users\Catherine\Desktop\PRACTICAL ORIENTATION - Shortcut.lnk[2015/04/22 09:27:33 | 000,001,291 | ---- | C] () -- C:\Users\Catherine\Desktop\Wyo Criminal Procedures - Shortcut.lnk[2015/04/22 09:27:08 | 000,001,284 | ---- | C] () -- C:\Users\Catherine\Desktop\StudentCorr - Shortcut.lnk[2015/04/22 09:26:20 | 000,001,156 | ---- | C] () -- C:\Users\Catherine\Desktop\Overview - Shortcut.lnk[2015/04/22 09:25:31 | 000,001,273 | ---- | C] () -- C:\Users\Catherine\Desktop\Report Writing IL 4-b - Shortcut.lnk[2015/04/22 09:25:17 | 000,001,228 | ---- | C] () -- C:\Users\Catherine\Desktop\PHYSICAL FITNESS - Shortcut.lnk[2015/04/22 09:18:36 | 000,060,188 | ---- | C] () -- C:\Users\Catherine\Desktop\Completion Dates for Students (P).pdf[2015/04/22 09:17:40 | 000,563,379 | ---- | C] () -- C:\Users\Catherine\Desktop\DOB Instructional Objectives (P).pdf[2015/04/22 09:17:08 | 000,282,966 | ---- | C] () -- C:\Users\Catherine\Desktop\Information Guide.pdf[2015/04/16 13:45:06 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf[2015/04/11 20:56:52 | 065,955,922 | ---- | C] () -- C:\Users\Catherine\Desktop\4-cycle-fat-loss-solution.zip[2015/02/15 20:29:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat[2015/01/07 17:30:46 | 000,020,513 | ---- | C] () -- C:\Windows\prodsett_copy.ini[2014/08/22 11:26:11 | 000,004,124 | ---- | C] () -- C:\Users\Catherine\.swfinfo[2013/06/11 10:24:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/06/11 10:24:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/06/11 10:24:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/06/11 10:24:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/06/11 10:24:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/05/08 19:50:17 | 000,000,258 | RHS- | C] () -- C:\Users\Catherine\ntuser.pol[2012/09/04 17:37:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 23:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 23:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/11/09 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Artogon[2011/09/22 23:48:56 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Big Finish[2011/06/15 11:30:09 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Blio[2011/09/19 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\CursedOnboard[2012/03/16 20:51:37 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\enchant[2014/04/21 15:13:35 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\EuroTrade A.L. Ltd[2012/04/11 16:40:53 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Floodlight Games[2012/04/16 20:48:14 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\GameMill Entertainment[2012/04/16 18:29:57 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\HdO Adventure[2011/09/11 21:00:22 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\iWing[2013/06/11 12:01:04 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Oberon Media[2014/04/21 15:23:36 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Opera Software[2011/06/09 02:39:05 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\PictureMover[2013/05/13 10:09:48 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\player[2011/06/09 02:39:12 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Sierra Wireless[2012/03/09 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Smart PDF Creator Pro[2015/02/02 13:46:34 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\SmartSoftOCRHelper[2013/07/08 12:23:05 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\SoftGrid Client[2012/05/26 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\SpinTop Games[2011/06/09 02:37:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Synaptics[2012/04/12 20:25:16 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TitanicMystery[2012/04/17 19:47:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Top Evidence[2011/07/28 23:30:28 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TP[2013/06/11 12:03:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TweakNow RegCleaner 2012[2012/03/14 20:28:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\VisualShape[2013/04/18 11:17:24 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WildTangent[2011/09/19 17:17:40 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WildTangentv1002[2012/03/01 20:23:33 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Windows Live Writer[2012/10/31 09:23:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PictureMover[2012/10/31 09:22:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics[2011/11/13 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PictureMover[2011/11/13 11:48:10 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Synaptics ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:4EE95FE7@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:30C74695@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:A2A602F0@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:94BD36A2@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D346F792@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9F38BF31@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C7A094AF@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:63ABD638@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:25FF8A61@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4E0D1F1@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DA84DA4A@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:943FEF5D@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:EC2C753C@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:62D72D41@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E4E83517@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD < End of report > Link to post Share on other sites
Catherine Posted April 28, 2015 Author Report Share Posted April 28, 2015 OTL Extras logfile created on: 4/27/2015 9:20:49 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Catherine\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17728)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.80% Memory free7.49 Gb Paging File | 5.06 Gb Available in Paging File | 67.59% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 282.82 Gb Total Space | 206.71 Gb Free Space | 73.09% Space Free | Partition Type: NTFSDrive D: | 14.98 Gb Total Space | 1.87 Gb Free Space | 12.51% Space Free | Partition Type: NTFSDrive E: | 3.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: CATHERINE-HP | User Name: Catherine | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{212F01E6-CD8D-497C-B3A0-CB5B9DABC2F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{26227169-1D10-4AE2-9F7C-451BDFF48511}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{373A58E8-C1BB-47D7-8986-91CF37972AD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3BF99E4F-015B-4EE2-8146-92B3730F28BF}" = rport=445 | protocol=6 | dir=out | app=system | "{4495A9D7-E86C-4723-9CBE-7F294450CCA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5709672E-1CC6-4FAD-9768-51D4B8EEF4F2}" = rport=138 | protocol=17 | dir=out | app=system | "{5D0F8DE0-5465-4E98-9E24-C6D50D992A2B}" = lport=138 | protocol=17 | dir=in | app=system | "{5FE85E43-A246-482E-846C-A9B67A6BCDE7}" = lport=139 | protocol=6 | dir=in | app=system | "{6D9EBBDB-CCD1-4F55-976F-A98A7E231428}" = lport=445 | protocol=6 | dir=in | app=system | "{761F8376-220A-42F6-B8FD-3CF0D5F444EB}" = rport=139 | protocol=6 | dir=out | app=system | "{8B863AA4-1253-4BDA-8042-EDAAF4ED9EA6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8D068EBF-2C5F-49BD-A53E-EFA6800A9CC1}" = lport=137 | protocol=17 | dir=in | app=system | "{ACFF1D29-6DF8-465B-8112-6AB2786C761B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{B1129A83-15F0-43CF-8877-A02D26B432C0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{CE52B5B1-276D-4A90-A54E-228A789E0E9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D17FCD55-D283-493A-B664-E5C74197E343}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0023F4AC-9C35-44E3-8A60-4C3EFE56E6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0B097130-8F73-48BC-A08F-4CCE3280C6E2}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe | "{0BBFE853-993F-4DC0-B0DB-0D70ED32D6BE}" = protocol=58 | dir=out | [email protected],-28546 | "{1C08DEF9-9602-4609-8984-602EA93BEA40}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe | "{1DD0D249-EFDF-47B2-AE22-8A0B9E307A38}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{2ADD8651-C2AC-4541-9AC0-2236417C04C9}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe | "{36A89647-696F-4B72-8F38-BB690BA04CB4}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | "{3729B70A-544C-47B9-9076-28BE8FDB045D}" = protocol=58 | dir=in | [email protected],-28545 | "{44AE4932-A859-4F9F-9742-345C8DD2767E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{53CA439B-33E0-474B-8D29-031E9039FFA4}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe | "{7A281551-6A8D-499E-8E56-6A65B9B7CA89}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | "{7C60CEBE-44AE-442A-B883-EE68F6EFED10}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{87148635-2069-4492-8C92-8FE862FE1D31}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe | "{929D2BB5-9BDD-4560-A6DF-8D5DA298E00C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{A432C1F1-CA65-409E-8007-A090F53C8F06}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | "{ABA3E82F-1B24-4B86-B03F-BEA5311F8EB9}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | "{D0F9D0B6-50A4-4B9C-BD68-DD57205A6D76}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | "{D3E0E7C4-49D4-4C0B-9DA9-F17BD5E8BB8C}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | "{E40D21BF-A931-45B6-B48E-131F5A396E29}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe | "{E606A195-08AB-458C-9496-1A554FA277D0}" = protocol=1 | dir=in | [email protected],-28543 | "{F49CE8AC-82C8-42E8-AD45-F4F7ED211C1D}" = protocol=1 | dir=out | [email protected],-28544 | "TCP Query User{3D9742ED-FA38-44C5-A4AB-3A3A7F6B89F3}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | "UDP Query User{27B362CA-AB8B-4796-AE5B-ADBA9D05DF39}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App"{53BA6504-F1CE-4604-970A-082021D39784}" = F-Secure CCF Scanning 1.51.112.309 (release)"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 14.121.102.0 (release)"{6C7CA47E-11FC-4309-B602-12571A9BDD5B}" = Charter Security Suite"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{B50345AE-60D0-48D7-AFD2-F0B1A07F2294}" = F-Secure SafeSearch 1.03.159.0 (release)"{D6D865A5-2703-4B26-A0AA-30B29C0696BC}" = Online Safety 2.115.2786.1676"{EFE33E35-9B0B-4CF9-AF8C-CBE93BB8E6FF}" = F-Secure Network CCF 1.03.102"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX"Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI"F-Secure ServiceEnabler 42626" = Charter Security Suite"Google Chrome" = Google Chrome"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.6.1022"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 4/27/2015 9:08:59 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure DeepGuard | ID = 103Description = 21 2015-04-27 19:08:58-06:00 CATHERINE-HP SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\program files\reimage\reimage protector\reiguard.exe File hash: d58870535ebc629fcbd1122d929d851cf1804e7f Error - 4/27/2015 9:29:31 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103Description = 1 2015-04-27 19:29:31-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume2\Windows\Tasks\GoogleUpdateTaskMachineCore.job Error - 4/27/2015 9:56:59 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103Description = 1 2015-04-27 19:56:59-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Bundler Object: C:\Users\Catherine\Downloads\Java(2).exe Error - 4/27/2015 9:57:19 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103Description = 2 2015-04-27 19:57:19-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Bundler Object: C:\Users\Catherine\Downloads\Flash_Setup.exe Error - 4/27/2015 9:57:43 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103Description = 3 2015-04-27 19:57:43-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26263\ytdi_bf4fca0ff8_setup.exe. Infection: Trojan.GenericKD.2079214 Action: The file was quarantined. Error - 4/27/2015 9:57:44 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103Description = 4 2015-04-27 19:57:44-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26312\ytdi_bf4fca0ff8_setup.exe. Infection: Trojan.GenericKD.2079214 Action: The file was quarantined. Error - 4/27/2015 9:57:44 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103Description = 5 2015-04-27 19:57:44-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26364\ytdi_bf4fca0ff8_setup.exe. Infection: Trojan.GenericKD.2079214 Action: The file was quarantined. Error - 4/27/2015 9:57:45 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103Description = 6 2015-04-27 19:57:45-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Malicious code found in file C:\Users\Catherine\AppData\Local\Installer\Install_26413\ytdi_bf4fca0ff8_setup.exe. Infection: Trojan.GenericKD.2079214 Action: The file was quarantined. Error - 4/27/2015 10:24:52 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103Description = 7 2015-04-27 20:24:52-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Bundler Object: C:\Users\Catherine\Downloads\Flash_Setup.exe Error - 4/27/2015 10:25:16 PM | Computer Name = Catherine-HP | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103Description = 8 2015-04-27 20:25:16-06:00 CATHERINE-HP Catherine-HP\Catherine F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Gen:Variant.Application.Bundler Object: C:\Users\Catherine\Downloads\Flash_Setup.exe [ Hewlett-Packard Events ]Error - 1/21/2012 7:01:01 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011221040051.xml File not created by asset agent Error - 4/27/2012 5:44:19 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0Description = Error - 7/20/2012 4:44:08 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071220024400.xml File not created by asset agent Error - 9/15/2012 9:24:19 AM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091215072411.xml File not created by asset agent Error - 3/29/2013 12:07:01 PM | Computer Name = Catherine-HP | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031329100653.xml File not created by asset agent Error - 4/26/2013 8:23:56 PM | Computer Name = Catherine-HP | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message: Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3834Ram Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties() [ HP Software Framework Events ]Error - 11/14/2013 6:26:33 PM | Computer Name = Catherine-HP | Source = hpqWmiEx | ID = 5Description = 2013/11/14 15:26:33.801|000015E0|Error |ChpqWmiExModule::Start|The hpqwmiex service failed to start (1063). A system restart may correct this problem. [ HP Wireless Assistant Events ]Error - 8/7/2013 12:33:46 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 5/24/2014 6:41:33 AM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 7/9/2014 7:12:54 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 7/19/2014 5:53:43 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 8/23/2014 5:15:19 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 9/6/2014 5:15:35 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 9/17/2014 6:08:46 PM | Computer Name = Catherine-HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 2/12/2015 5:57:25 PM | Computer Name = Catherine-HP | Source = HP WA Application | ID = 0Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args) Error - 2/12/2015 5:57:28 PM | Computer Name = Catherine-HP | Source = HP WA Application | ID = 0Description = MainWindow.ShowImpl; not initialized, closing application... Error - 4/7/2015 11:03:31 AM | Computer Name = Catherine-HP | Source = HP WA Application | ID = 0Description = System.Exception HardwareAccess hasn't been instantiated properly. at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme) [ System Events ]Error - 4/27/2015 9:29:32 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7031Description = The F-Secure Dll Hoster service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error - 4/27/2015 9:29:33 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7034Description = The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s). Error - 4/27/2015 9:29:34 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7034Description = The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s). Error - 4/27/2015 9:29:57 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7031Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 4/27/2015 9:29:58 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7034Description = The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s). Error - 4/27/2015 9:29:59 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7031Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 4/27/2015 9:30:27 PM | Computer Name = Catherine-HP | Source = Service Control Manager | ID = 7032Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: %%1056 Error - 4/27/2015 9:36:35 PM | Computer Name = Catherine-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll Error - 4/27/2015 9:36:38 PM | Computer Name = Catherine-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll Error - 4/27/2015 9:36:38 PM | Computer Name = Catherine-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll < End of report > Link to post Share on other sites
flashh4 Posted April 28, 2015 Report Share Posted April 28, 2015 Good morning Catherine, ok lets get to some more cleaning & see if you have any security risks !!! First i need you to look in Control Panel ........ add/uninstall programs and uninstall these if present:1. PCPitstop Utility2. SparkTrust PC Cleaner NEXT Download & run this program ! Security Check Please download and save SecurityCheck.exe to your Desktop from one of the links below.Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box. * A Notepad document should open automatically called checkup.txt * Please post the contents of that document in your next reply. NEXT We need to Run an OTL fix !!Warning This fix is only relevant for this system and no other, using on another computer may cause problems.Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus :OTL:OTLIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...ebay.com/?_nkw={searchTerms}IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\{5239903F-EA48-456A-A1F8-0E737E1E7093}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131148,20028,0,71,0IE - HKU\S-1-5-21-313159577-1753058699-2702243966-1001\..\SearchScopes\Yahoo: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iwinFF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2013/06/04 16:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions[2015/04/27 19:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\extensions[2011/03/05 09:02:23 | 000,000,000 | ---D | M] (Bing Bar) -- C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOXFile not found (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3DKT76NV.DEFAULT\EXTENSIONS\[email protected]AC7300AC.COMFile not found (No name found) -- C:\USERS\CATHERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3DKT76NV.DEFAULT\EXTENSIONS\[email protected] - HKLM..\Run: [] File not foundO9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not foundO9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not foundO13 - gopher Prefix: missingO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[2015/04/27 20:27:24 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus Startup.job[2015/04/27 20:27:24 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3 Startup Task.job@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:4EE95FE7@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:30C74695@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:A2A602F0@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:94BD36A2@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D346F792@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9F38BF31@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C7A094AF@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:63ABD638@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:25FF8A61@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4E0D1F1@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DA84DA4A@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:943FEF5D@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:EC2C753C@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:62D72D41@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E4E83517@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]# Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection. =============== 1. Was the programs i had you remove in the add/uninstall list ??? 2. I need the Security log posted ! 3. The OTL Fix log 4. Let me know how it is running ??? We are almost done !! ThanksChuck Link to post Share on other sites
Catherine Posted April 28, 2015 Author Report Share Posted April 28, 2015 Results of screen317's Security Check version 1.00 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Computer Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 17.0.0.169 Google Chrome 36.0.1985.125 Google Chrome out of date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Charter Security Suite apps ComputerSecurity Anti-Virus\FSGK32.EXE Charter Security Suite apps ComputerSecurity Anti-Virus\fssm32.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` Link to post Share on other sites
Catherine Posted April 28, 2015 Author Report Share Posted April 28, 2015 All processes killed========== OTL ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5239903F-EA48-456A-A1F8-0E737E1E7093}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5239903F-EA48-456A-A1F8-0E737E1E7093}\ not found.Registry key HKEY_USERS\S-1-5-21-313159577-1753058699-2702243966-1001\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.C:\Users\Catherine\AppData\Roaming\Mozilla\Extensions folder moved successfully.C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\3dkt76nv.default\extensions folder moved successfully.C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX\components folder moved successfully.C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX\Chrome folder moved successfully.C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\6.0.2282.0\FIREFOX folder moved successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job moved successfully.C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job moved successfully.ADS C:\ProgramData\Temp:4EE95FE7 deleted successfully.ADS C:\ProgramData\Temp:30C74695 deleted successfully.ADS C:\ProgramData\Temp:A2A602F0 deleted successfully.ADS C:\ProgramData\Temp:94BD36A2 deleted successfully.ADS C:\ProgramData\Temp:D346F792 deleted successfully.ADS C:\ProgramData\Temp:9F38BF31 deleted successfully.ADS C:\ProgramData\Temp:E8B61305 deleted successfully.ADS C:\ProgramData\Temp:C72A744C deleted successfully.ADS C:\ProgramData\Temp:C7A094AF deleted successfully.ADS C:\ProgramData\Temp:63ABD638 deleted successfully.ADS C:\ProgramData\Temp:25FF8A61 deleted successfully.ADS C:\ProgramData\Temp:D4E0D1F1 deleted successfully.ADS C:\ProgramData\Temp:EFBD4447 deleted successfully.ADS C:\ProgramData\Temp:DA84DA4A deleted successfully.ADS C:\ProgramData\Temp:943FEF5D deleted successfully.ADS C:\ProgramData\Temp:EC2C753C deleted successfully.ADS C:\ProgramData\Temp:62D72D41 deleted successfully.ADS C:\ProgramData\Temp:E4E83517 deleted successfully.ADS C:\ProgramData\Temp:373E1720 deleted successfully.ADS C:\ProgramData\Temp:A7DA2BCD deleted successfully.========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Catherine->Java cache emptied: 51034 bytes User: Default User: Default User User: Guest User: Public User: Tom->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Catherine->Flash cache emptied: 3611 bytes User: Default User: Default User User: Guest->Flash cache emptied: 798 bytes User: Public User: Tom->Flash cache emptied: 891 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Catherine->Temp folder emptied: 183433656 bytes->Temporary Internet Files folder emptied: 93147528 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 270685980 bytes->Google Chrome cache emptied: 372175295 bytes->Flash cache emptied: 0 bytes User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Guest->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 25812201 bytes->Flash cache emptied: 0 bytes User: Public->Temp folder emptied: 0 bytes User: Tom->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 6115831 bytes->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 22353787 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 79232847 bytes%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytesRecycleBin emptied: 666871829 bytes Total Files Cleaned = 1,640.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfullyRestore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04282015_110547 Files\Folders moved on Reboot...C:\Users\Catherine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.File move failed. C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Link to post Share on other sites
Catherine Posted April 28, 2015 Author Report Share Posted April 28, 2015 No the 2 things were not on the uninstall/install list. Computer is running great!! No pop ups or anything! Link to post Share on other sites
flashh4 Posted April 28, 2015 Report Share Posted April 28, 2015 Catherine that cleaned up real nice, so lets remove some of the tools we used in the cleaning !! Clean up with OTL Right-click OTL.exe and select " Run as administrator " to run it. This will remove all the tools we used to clean your pc. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CleanUp! button Say Yes to the prompt and then allow the program to reboot your computer.You can now delete any tools we used if they remain on your Desktop. ====================== Your Google Chrome is in need of an update !! The rest in Security Search is up to date ! ====================== This is my "All Clean Speech" that i give so if you feel anything is needed for you use it !! Congratulation you are clean !!!Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !Here are some tips to reduce the potential for spyware infection in the future: Here are some tips to reduce the potential for spyware/malware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click onOptions. Click once on theSecurity tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page.2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure. NoScript adblock plus 3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:Online Armor FreeAgnitum Outpost Firewall FreeComodo Firewall Free 5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome. 7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware . Any problems ?It may run a tad slow until a few normal re-boots, but according to all logs you are clean !! Please let me know if you are happy with our service & my work !!Also please inform others you may know about our site & my work !! Happy SurfingThanksChuck I will lock this topic in 5 days so there will be no Drive By's (people posting for no reason) !!! Link to post Share on other sites
flashh4 Posted May 17, 2015 Report Share Posted May 17, 2015 This Problem has been solved.This topic is closed, if you need it re-opened please PM me or any Mod ! ThanksChuck Link to post Share on other sites
Recommended Posts