Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

highjacked internet connection demands ransom


  • Please log in to reply
16 replies to this topic

#1 coralys

coralys

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 21 July 2014 - 04:07 PM

Hi everyone,

 

Not sure this is the right forum.

 

I have just received a notice saying that my internet connection has been partially blocked and asking for a ransom of 150 USD payable to this Bitcoin address

 

18SrU7ouwXUFMn6nwDZzVb1zi74VAqJCvd

 

 

internet.locker2013@mail.ru

 

All three computers at home have this message, can’t go into youtube, Wikipedia, etc. Threatens to completely block internet connection and disclose all personal info such as Facebook messages, etc.

I have been having problems with my internet connection for 2 weeks, it kept breaking off. My internet provider, the telephone company has been in contact and said would try to fix it. Will add that I live in Argentina and that the internet connections are pretty bad.

Can anybody help?

 

Thank you



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 21 July 2014 - 04:28 PM

Hi coralys,

have you run any scans to check if your PCs are infected? How do you go online, do you use a router?

What are the operating systems on your machines? Are other items like tablets or phones also affected?

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 coralys

coralys
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 21 July 2014 - 04:43 PM

Hi,

 thanks for answering so soon.

 

We have a modem at home with WIFI  and 3 PCS. All three have this same message. We just tried  the third which we we have not used in days and got the same message. We tried an  Android tablet and it works fine.

 

All 3 have windows 7, but not the same version. We have not downloaded the same stuff and the last download in the first computer that showed this message was 3 days ago.

 

I don't understand how a virus would have entered all machines.

 

But we have had terrible problems with the internet connection:

 

I feel pretty lost.

 

Thank yu



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 21 July 2014 - 05:13 PM

Hi,

can you please try the following steps on the main PC which started acting up first:


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 coralys

coralys
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 21 July 2014 - 05:25 PM

Here it goes:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Itzak (administrator) on 21-07-2014 at 19:20:31
Running from "C:\Users\Itzak\Downloads"
Microsoft Windows 7 Professionnel  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Configuration IP de Windows
 
Cache de r�solution DNS vid�.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485 Wireless Network Adapter = Connexion réseau sans fil (Connected)
Realtek PCIe GBE Family Controller = Connexion au réseau local (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Connexion réseau sans fil 2 (Media disconnected)
 
 
# ----------------------------------
# Configuration du protocole IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# Fin de la configuration du protocole IPv4
 
 
 
Configuration IP de Windows
 
   Nom de l'h�te . . . . . . . . . . : Itzak-PC
   Suffixe DNS principal . . . . . . : 
   Type de noeud. . . . . . . . . .  : Hybride
   Routage IP activ� . . . . . . . . : Non
   Proxy WINS activ� . . . . . . . . : Non
 
Carte r�seau sans fil Connexion r�seau sans fil 2�:
 
   Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Adresse physique . . . . . . . . . . . : 2E-85-DE-8E-B1-8D
   DHCP activ�. . . . . . . . . . . . . . : Oui
   Configuration automatique activ�e. . . : Oui
 
Carte r�seau sans fil Connexion r�seau sans fil�:
 
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Qualcomm Atheros AR9485 Wireless Network Adapter
   Adresse physique . . . . . . . . . . . : DC-85-DE-8E-B1-8D
   DHCP activ�. . . . . . . . . . . . . . : Oui
   Configuration automatique activ�e. . . : Oui
   Adresse IPv6 de liaison locale. . . . .: fe80::59b5:2015:755d:61a7%13(pr�f�r�) 
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.1.5(pr�f�r�) 
   Masque de sous-r�seau. . . .�. . . . . : 255.255.255.0
   Bail obtenu. . . . . . . . .�. . . . . : lundi 21 juillet 2014 18:16:12
   Bail expirant. . . . . . . . .�. . . . : mardi 22 juillet 2014 18:55:19
   Passerelle par d�faut. . . .�. . . . . : 192.168.1.1
   Serveur DHCP . . . . . . . . . . . . . : 192.168.1.1
   IAID DHCPv6 . . . . . . . . . . . : 333219294
   DUID de client DHCPv6. . . . . . . . : 00-01-00-01-18-A3-B2-D9-08-60-6E-08-16-C8
   Serveurs DNS. . .  . . . . . . . . . . : 46.244.18.19
   Serveur WINS principal . . . . . . . .�: 192.168.1.1
   Serveur WINS secondaire. . . . . . . . : 192.168.1.1
   NetBIOS sur Tcpip. . . . . . . . . . . : Activ�
 
Carte Ethernet Connexion au r�seau local :
 
   Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
   Suffixe DNS propre � la connexion. . . : Home
   Description. . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Adresse physique . . . . . . . . . . . : 08-60-6E-08-16-C8
   DHCP activ�. . . . . . . . . . . . . . : Oui
   Configuration automatique activ�e. . . : Oui
 
Carte Tunnel isatap.Home :
 
   Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Carte Microsoft ISATAP
   Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP activ�. . . . . . . . . . . . . . : Non
   Configuration automatique activ�e. . . : Oui
 
Carte Tunnel Teredo Tunneling Pseudo-Interface :
 
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP activ�. . . . . . . . . . . . . . : Non
   Configuration automatique activ�e. . . : Oui
   Adresse IPv6. . . . . . . . . . .�. . .: 2001:0:9d38:90d7:3480:3098:4175:d1b0(pr�f�r�) 
   Adresse IPv6 de liaison locale. . . . .: fe80::3480:3098:4175:d1b0%12(pr�f�r�) 
   Passerelle par d�faut. . . .�. . . . . : ::
   NetBIOS sur TCPIP. . . . . . . . . . . : D�sactiv�
 
Carte Tunnel isatap.{CF6CB683-43DB-4AD4-B529-4F8A47E5DD63} :
 
   Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Carte Microsoft ISATAP #2
   Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP activ�. . . . . . . . . . . . . . : Non
   Configuration automatique activ�e. . . : Oui
 
Carte Tunnel isatap.{4CFCA1BC-FF95-4526-B522-93397E5D7D67} :
 
   Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Carte Microsoft ISATAP #3
   Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP activ�. . . . . . . . . . . . . . : Non
   Configuration automatique activ�e. . . : Oui
DNS request timed out.
    timeout was 2 seconds.
Serveur :   UnKnown
Address:  46.244.18.19
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Envoi d'une requ�te 'ping' sur google.com [74.125.136.102] avec 32 octets de donn�es�:
R�ponse de 74.125.136.102�: octets=32 temps=246 ms TTL=45
R�ponse de 74.125.136.102�: octets=32 temps=253 ms TTL=45
 
Statistiques Ping pour 74.125.136.102:
    Paquets�: envoy�s = 2, re�us = 2, perdus = 0 (perte 0%),
Dur�e approximative des boucles en millisecondes :
    Minimum = 246ms, Maximum = 253ms, Moyenne = 249ms
DNS request timed out.
    timeout was 2 seconds.
Serveur :   UnKnown
Address:  46.244.18.19
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Envoi d'une requ�te 'ping' sur yahoo.com [98.139.183.24] avec 32 octets de donn�es�:
R�ponse de 98.139.183.24�: octets=32 temps=210 ms TTL=52
R�ponse de 98.139.183.24�: octets=32 temps=215 ms TTL=52
 
Statistiques Ping pour 98.139.183.24:
    Paquets�: envoy�s = 2, re�us = 2, perdus = 0 (perte 0%),
Dur�e approximative des boucles en millisecondes :
    Minimum = 210ms, Maximum = 215ms, Moyenne = 212ms
 
Envoi d'une requ�te 'Ping'  127.0.0.1 avec 32 octets de donn�es�:
R�ponse de 127.0.0.1�: octets=32 temps<1ms TTL=128
R�ponse de 127.0.0.1�: octets=32 temps<1ms TTL=128
 
Statistiques Ping pour 127.0.0.1:
    Paquets�: envoy�s = 2, re�us = 2, perdus = 0 (perte 0%),
Dur�e approximative des boucles en millisecondes :
    Minimum = 0ms, Maximum = 0ms, Moyenne = 0ms
===========================================================================
Liste d'Interfaces
 14...2e 85 de 8e b1 8d ......Microsoft Virtual WiFi Miniport Adapter
 13...dc 85 de 8e b1 8d ......Qualcomm Atheros AR9485 Wireless Network Adapter
 11...08 60 6e 08 16 c8 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Carte Microsoft ISATAP
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Carte Microsoft ISATAP #2
 18...00 00 00 00 00 00 00 e0 Carte Microsoft ISATAP #3
===========================================================================
 
IPv4 Table de routage
===========================================================================
Itin�raires actifs�:
Destination r�seau    Masque r�seau  Adr. passerelle   Adr. interface M�trique
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.5     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.5    281
      192.168.1.5  255.255.255.255         On-link       192.168.1.5    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.5    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.5    281
===========================================================================
Itin�raires persistants�:
  Aucun
 
IPv6 Table de routage
===========================================================================
Itin�raires actifs�:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:90d7:3480:3098:4175:d1b0/128
                                    On-link
 13    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::3480:3098:4175:d1b0/128
                                    On-link
 13    281 fe80::59b5:2015:755d:61a7/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Itin�raires persistants�:
  Aucun
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/21/2014 06:17:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/21/2014 06:16:09 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [0]
 
Error: (07/21/2014 06:16:09 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to open Audio Capture session [6]
 
Error: (07/21/2014 06:12:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/21/2014 06:11:57 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [0]
 
Error: (07/21/2014 06:11:57 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to open Audio Capture session [6]
 
Error: (07/21/2014 06:10:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 92540
 
Error: (07/21/2014 06:10:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 92540
 
Error: (07/21/2014 06:10:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 06:09:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
 
System errors:
=============
Error: (07/21/2014 06:11:10 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (07/21/2014 05:50:17 PM) (Source: Service Control Manager) (User: )
Description: L’appel ScRegSetValueExW a échoué pour Start avec l’erreur : 
%%5
 
Error: (07/21/2014 03:49:20 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (07/21/2014 10:09:12 AM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service AntiVirSchedulerService.
 
Error: (07/20/2014 05:29:35 PM) (Source: Tcpip) (User: )
Description: Le système a détecté un conflit d’adresses pour l’adresse IP 0.0.0.0 avec le système 
d’adresse physique réseau D0-DF-9A-69-D5-D8. En conséquence les opérations réseau sur se système
peuvent être interrompues.
 
Error: (07/18/2014 11:10:32 AM) (Source: Service Control Manager) (User: )
Description: Le service Avira Service Host s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (07/17/2014 06:03:33 PM) (Source: Service Control Manager) (User: )
Description: Le service Steam Client Service n’a pas pu démarrer en raison de l’erreur : 
%%1053
 
Error: (07/17/2014 06:03:33 PM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Steam Client Service.
 
Error: (07/13/2014 02:44:38 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (07/13/2014 02:37:51 PM) (Source: Service Control Manager) (User: )
Description: Le service Steam Client Service n’a pas pu démarrer en raison de l’erreur : 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (07/21/2014 06:17:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/21/2014 06:16:09 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [0]
 
Error: (07/21/2014 06:16:09 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to open Audio Capture session [6]
 
Error: (07/21/2014 06:12:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/21/2014 06:11:57 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [0]
 
Error: (07/21/2014 06:11:57 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to open Audio Capture session [6]
 
Error: (07/21/2014 06:10:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 92540
 
Error: (07/21/2014 06:10:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 92540
 
Error: (07/21/2014 06:10:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/21/2014 06:09:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
 
 
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81100000003}) (Version: 8.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arnet (HKLM-x32\...\Arnet) (Version: 16.002.10.01.324 - Huawei Technologies Co.,Ltd)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.29 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Avira (HKLM-x32\...\{142be4a8-895b-4ed9-b1ff-11c76357e3df}) (Version: 1.1.17.31000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.17.31000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2914 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.2914 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.8.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Access MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Might & Magic Heroes VI - Shades of Darkness (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 2.1.1 - Ubisoft)
Mises à jour NVIDIA 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
MKLOL (HKCU\...\MKLOL) (Version:  - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.46.0 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Logiciel système PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA Pilote audio HD : 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Pilote graphique 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.43 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{8D5D54B8-3D29-4AB4-8DA8-1868DAF941D8}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.76.1.0 - Overwolf Ltd.)
Package de pilotes Windows - ASUS (ATP) Mouse  (07/28/2012 1.0.0.108) (HKLM\...\9B634C8DF2662B6B0212BF0B7547894BF2B5359F) (Version: 07/28/2012 1.0.0.108 - ASUS)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Panneau de configuration NVIDIA 340.43 (Version: 340.43 - NVIDIA Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.3.5rc1 (HKLM-x32\...\{2d92a3db-aebe-341b-bb40-bbf5573b962f}) (Version: 3.3.5121 - Python Software Foundation)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.56 - Razer Inc)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shadowrun Returns version + Dragonfall v1.2.0 (HKLM-x32\...\Shadowrun Returns_is1) (Version: + Dragonfall v1.2.0 - )
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1989.5 - Hi-Rez Studios)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Star Wars Battlefront II Ultimate Pack version 2.2 (HKLM-x32\...\{80C123AF-9375-4166-B05B-820FF5EF8B52}_is1) (Version: 2.2 - XAP4O)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version:  - Bethesda Softworks)
Total War ROME II-=GamersZone=- 1.00 (HKLM-x32\...\Total War ROME II-=GamersZone=- 1.00) (Version:  - )
Total War Shogun 2 Repack (HKLM-x32\...\Total War Shogun 2 Repack) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{A57A9AE3-09A9-44A0-AA78-458C71DA6FDE}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{837C1EAC-6A89-44A0-8C45-E655AAFD8CE1}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Warframe (HKLM-x32\...\{DBCA8823-D30E-4668-B637-A680DA3F3B0D}) (Version: 1.0.0 - Digital Extremes)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 33%
Total physical RAM: 7629.48 MB
Available physical RAM: 5101.68 MB
Total Pagefile: 15257.14 MB
Available Pagefile: 12485.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3986.68 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:238.37 GB) (Free:76.63 GB) NTFS
3 Drive e: (Réservé au système) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
========================= Users: ========================================
 
comptes d'utilisateurs de \\ITZAK-PC
 
Administrateur           ASPNET                   Invit‚                   
Itzak                    
La commande s'est termin‚e correctement.
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****


#6 coralys

coralys
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 21 July 2014 - 05:30 PM

hi,

 

have just seen that it is in French, can you read it or if needed can you tell me how to change it

 

thanks,

 

cora



#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 21 July 2014 - 05:54 PM

Hi,

French is fine for me :)

Your DNS setting is pointing to the Netherlands:

Serveurs DNS. . . . . . . . . . . . . : 46.244.18.19

Do you have any affiliation with the Netherlands? Or is this a complete surprise for you?


I think it may be your router that's causing the problem rather than malware directly on your machine, for that effect, I'd like you to reset your router:


Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings
  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords
  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"

  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.
  • Please make sure of the following settings:
  • Go to start => Control panel => Double-click Network and Sharing Center.
  • In the left window select Manage network Connection.
  • In the right window right-click Local Area connection and select Properties .
  • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
  • The option Obtain an IP address automatically should be checked.
  • The option Obtain DNS server address automatically should be checked.
  • Click OK.
  • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
  • The option Obtain an IP address automatically should be checked.
  • The option Obtain DNS server address automatically should be checked.

  • Click OK twice.
  • If you should change any setting reboot the computer.
good night
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 coralys

coralys
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 21 July 2014 - 07:09 PM

Hi myrti,

 

Thank you so much for your help. We did as you suggested and we are back to normal. 

 

One last question, can anything be done against these people? In the message they whent on about not conntacting authorities and such like.  Is there anybody that can be contacted? 

 

And is there anything can  do to protect myself against these sort of attackes?

 

Hope you are sleeping well, I am off to cook dinner for my family.

 

Thanks,

 

Cora



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 22 July 2014 - 03:59 AM

Hi,


I'm happy to hear this. Most times the malware first gains access to your PC and from there reaches out to your router. This is also why I would like you to run a scan with Malwarebytes on all machines to see if there is a resident infection left:

Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
    • Click Export and save the log as a .txt file on your Desktop or another location.
  • If the scan detected any threats, click Apply Actions.
    • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
    • Check the box next to Scan Log. Choose the most current scan and click View.
    • Click Export and save the log as a .txt file on your Desktop or another location.
Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.
With regards to prevention: The best prevention for your router is to have a dedicated password set for it, not to use the default one that is given with the router. If your provider does not take care of this remotely, you should also check for firmware upgrades for it.
This being said, the by far most common access method is using the standard password after having gained access to one of the PCs on your system. So the same security measures as for other malware applies:

Keep your software update, use an antivirus program and don't click on anything that looks funky.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 coralys

coralys
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 22 July 2014 - 07:22 AM

Hi,

 

woke up this morning and this thing is back. Ran the malware on 3 PCs, here are the logs, thanks again

 

Cora

 

first PC on which this came up

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/07/2014
Scan Time: 08:52:34
Logfile: malware PC.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.22.03
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Itzak
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337032
Time Elapsed: 6 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
RiskWare.Tool.CK, C:\Windows\KMService.exe, 2424, Delete-on-Reboot, [513a871bd8a3b185ee3037a534cdfa06]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 32
PUP.Optional.KeepVid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{d997c836-ff82-4519-b459-1482ba942a4f}, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7ACA7342-3323-4B4A-A4E2-1D1F140A71DE}, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1D74F49-2C1A-400B-A3BA-22147E24B208}, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1D74F49-2C1A-400B-A3BA-22147E24B208}, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7ACA7342-3323-4B4A-A4E2-1D1F140A71DE}, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKLM\SOFTWARE\CLASSES\SubsHelperBHO.SubsHelperBHOImpl.1, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKLM\SOFTWARE\CLASSES\SubsHelperBHO.SubsHelperBHOImpl, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SubsHelperBHO.SubsHelperBHOImpl, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D997C836-FF82-4519-B459-1482BA942A4F}, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SubsHelperBHO.SubsHelperBHOImpl.1, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D997C836-FF82-4519-B459-1482BA942A4F}, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.KeepVid.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D997C836-FF82-4519-B459-1482BA942A4F}, Quarantined, [9cefdfc3f883b4821d01d8828082a15f], 
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [7c0fdac880fbff37da87e0b503ff4db3], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [7c0fdac880fbff37da87e0b503ff4db3], 
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, Quarantined, [6d1ebde5621994a290d2e3b27f83df21], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, Quarantined, [6d1ebde5621994a290d2e3b27f83df21], 
PUP.Optional.WebCake.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, Quarantined, [5c2f218128530f27cd1e870a5fa354ac], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [b7d4841ec1ba082e9a94365c847e8f71], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [fb90485ab9c254e2b57a3e5412f0ad53], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\Updater By Sweetpacks, Quarantined, [b5d6ecb6b8c39e980419c8419e668d73], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [4b40d7cb8eed6ec890ee3ab4d42e827e], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\Updater By Sweetpacks, Quarantined, [791261410f6c58deed3053b693717090], 
PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bicnnkjibmphdeigoodpjlcklcnaobdj, Quarantined, [2467653d8bf0e056bba5d00f51b138c8], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [2665c0e25724181e552ff70d48bc49b7], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [2f5cb9e93a41270f2ac49e669d67d42c], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Quarantined, [3556d0d29edd1224a7d846a82fd3c63a], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [8dfe8d15e6952214896b33e4699b44bc], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [95f63e64b8c3c86e92f6d11c8c76b14f], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [4447455d7ffc290de1b8a162f70dc13f], 
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [aae1752ddaa138fe0072af3e867c12ee], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [3b50c5ddd9a292a4dcc48656d131e917], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [dfac52502b50a4923f447f855ea6649c], 
 
Registry Values: 4
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {C087CB7E-EE8B-11E2-B18E-08606E0816C8}, Quarantined, [2665c0e25724181e552ff70d48bc49b7]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0B1R1N1K2T2Y1K, Quarantined, [4447455d7ffc290de1b8a162f70dc13f]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapdoGOblidooYB, Quarantined, [aae1752ddaa138fe0072af3e867c12ee]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {C087CB7E-EE8B-11E2-B18E-08606E0816C8}, Quarantined, [dfac52502b50a4923f447f855ea6649c]
 
Registry Data: 4
PUP.Optional.Snapdo, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snap.do/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=6bfaaae0-d369-41cb-bdb6-71808784c9bb&searchtype=ds&q={searchTerms}&installDate=09/05/2013, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=6bfaaae0-d369-41cb-bdb6-71808784c9bb&searchtype=ds&q={searchTerms}&installDate=09/05/2013),Replaced,[216af6ac9fdc6ec8cdedd0dcb25207f9]
PUP.Optional.Snapdo, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snap.do/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=6bfaaae0-d369-41cb-bdb6-71808784c9bb&searchtype=ds&q={searchTerms}&installDate=09/05/2013, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=6bfaaae0-d369-41cb-bdb6-71808784c9bb&searchtype=ds&q={searchTerms}&installDate=09/05/2013),Replaced,[3952178baad194a2d8e19616fd074fb1]
PUP.Optional.Snapdo, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snap.do/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=6bfaaae0-d369-41cb-bdb6-71808784c9bb&searchtype=ds&q={searchTerms}&installDate=09/05/2013, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=6bfaaae0-d369-41cb-bdb6-71808784c9bb&searchtype=ds&q={searchTerms}&installDate=09/05/2013),Replaced,[18738e14a8d3f73f78442983c93b728e]
PUP.Optional.Snapdo, HKU\S-1-5-21-2269395739-347285822-4192341812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snap.do/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=6bfaaae0-d369-41cb-bdb6-71808784c9bb&searchtype=ds&q={searchTerms}&installDate=09/05/2013, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=TJ&userid=6bfaaae0-d369-41cb-bdb6-71808784c9bb&searchtype=ds&q={searchTerms}&installDate=09/05/2013),Replaced,[0f7ca4feb6c5cc6acaf3921aaf55a35d]
 
Folders: 0
(No malicious items detected)
 
Files: 6
RiskWare.Tool.CK, C:\Windows\KMService.exe, Delete-on-Reboot, [513a871bd8a3b185ee3037a534cdfa06], 
PUP.Optional.Somoto.A, C:\Users\Itzak\Downloads\FLVPlayer_downloader-N9kN0j5EO.exe, Quarantined, [8308673be09b65d145a31979c43deb15], 
PUP.Optional.SweetIM.A, C:\Users\Itzak\AppData\Roaming\Mozilla\Firefox\Profiles\vhwlopu1.default\searchplugins\sweetim.xml, Quarantined, [711a584ae29990a60b7e2caa867c5fa1], 
PUP.Optional.SweetPacks.A, C:\Users\Itzak\AppData\Roaming\Mozilla\Firefox\Profiles\vhwlopu1.default\searchplugins\Sweetpacks Search.xml, Quarantined, [e9a2f9a95b2064d21971b125e71b7f81], 
PUP.Optional.TornTV.A, C:\Users\Itzak\AppData\Roaming\Mozilla\Firefox\Profiles\vhwlopu1.default\extensions\trtv3@trtv.com.xpi, Quarantined, [17746d35e09b88aee47d538cd32f2cd4], 
PUP.Optional.SnapDo.A, C:\Users\Itzak\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://feed.snap.do/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=AR&userid=6bfaaae0-d369-41cb-bdb6-71808784c9bb&searchtype=hp&installDate={installDate}",), Replaced,[cebd0c96e19aa88ecb9a5f7eb84c3cc4]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
second PC
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/07/2014
Scan Time: 08:31:10 a.m.
Logfile: Malwarebytes pc.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.22.03
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cora
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275075
Time Elapsed: 12 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
RiskWare.Tool.CK, C:\Windows\KMService.exe, 1812, Delete-on-Reboot, [008bd8ca7dfe7fb7c35ba03c8c75936d]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0


#11 coralys

coralys
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 22 July 2014 - 07:32 AM

third PC

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/07/2014
Scan Time: 08:39:28
Logfile: malwarePC3.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.22.03
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sarah
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359617
Time Elapsed: 3 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 2
PUP.Optional.FastStart.A, HKU\S-1-5-21-2199843319-224361432-886469962-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [f497b4ee73082a0c5ba47f49dd25c63a]
PUP.Optional.AdLyrics.A, HKU\S-1-5-21-2199843319-224361432-886469962-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|findlyrics@findlyrics.co, C:\Program Files (x86)\FindLyrics\FF\, Quarantined, [52395052136881b5465e4f7f9b679967]
 
Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[1d6eccd61e5d231384bd03aa03016898]
 
Folders: 86
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\native, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\native\libs, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\adapter, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\abstractbutton, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\abstractbutton\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\alert, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\alert\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedhtml, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedhtml\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedhtml\html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedhtml\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedscript, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedscript\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedscript\html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedscript\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\flare, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\flare\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\flare\icons, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\generic, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\generic\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\link, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\link\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\images, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\rss, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\rss\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\thirdparty, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\thirdparty\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\uninstall, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\uninstall\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\weather, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\weather\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\common, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\radio, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\radio\css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\radio\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\rss, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\rss\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\test, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\topapps, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\topapps\css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\topapps\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\weather, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\weather\css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\weather\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\api, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\api\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\api\window, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\moviereviews, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\moviereviews\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\moviereviews\css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\moviereviews\html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\moviereviews\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\radio, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\radio\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\radio\css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\radio\foreground, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\radio\radioWrapper, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\search, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\search\background, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\search\html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\icons, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\shared, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\_metadata, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.OfferMosquito.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito, Quarantined, [2764a101176496a04f03664e3dc57987], 
 
Files: 208
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Temp\blg74F.tmp\UPDATER.EXE, Quarantined, [f7940c96106ba88eecef6712867bc838], 
PUP.Optional.SearchHijacker.A, C:\Users\Sarah\AppData\Local\Temp\is2055686011\035BE64B_stp\June10_www.sweet-page.com.exe, Quarantined, [c6c5584a0f6c96a005c0f0a65fa2b34d], 
PUP.Optional.SkyTech.A, C:\Users\Sarah\AppData\Local\Temp\169396977\169396977.zipDir\alilog.dll, Quarantined, [e3a8148ed8a3d16578b9f53dd32d46ba], 
PUP.Optional.V9.A, C:\Users\Sarah\AppData\Local\Temp\169396977\169396977.zipDir\qSE.exe, Quarantined, [711ab8ea6a1140f68a5581c729d704fc], 
PUP.Optional.InstallCore, C:\Users\Sarah\Downloads\magix-fotos-en-cd-y-dvd-9-es.exe, Quarantined, [cbc0277bb2c941f53410fba6778d7d83], 
PUP.Optional.Softonic.A, C:\Users\Sarah\Downloads\Sin confirmar 338017.crdownload, Quarantined, [d0bb752d9ae1f73f2343b0786b967987], 
PUP.Optional.Softonic, C:\Users\Sarah\Downloads\SoftonicDownloader_para_mouse-recorder.exe, Quarantined, [5e2dc5ddeb90ee4839cfa568f809f40c], 
PUP.Optional.Softonic, C:\Users\Sarah\Downloads\SoftonicDownloader_pour_intel-pro-wireless-drivers.exe, Quarantined, [6c1f762ce596989e14f4a4692fd20cf4], 
PUP.Optional.Softonic, C:\Users\Sarah\Downloads\SoftonicDownloader_pour_super-fdisk.exe, Quarantined, [6823059da6d5c86ea16721ec5ba6ae52], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blgkblimeaijgefaoiedchmmemmikpdg_0.localstorage, Quarantined, [8a01cad8d4a79b9b12b2af2cad55ec14], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blgkblimeaijgefaoiedchmmemmikpdg_0.localstorage-journal, Quarantined, [e5a6c2e087f4d1657a4ad902fa0834cc], 
PUP.Optional.Desk365.A, C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk, Quarantined, [f893f0b2631861d5293e56b4f4109a66], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\buildVars.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\config.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\contentScript.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\contentScript.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\extension_toolbar_api.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\initWidgetWindow.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\manifest.json, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\options.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\spent.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\spent.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\spent.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\superFrame.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\toolbar.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\toolbar.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\toolbarUI.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\toolbarUI.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\toolbarUI.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\native\ce.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\native\ss.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\native\libs\jquery-1.7.1.min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\native\libs\jquery-1.9.1.min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\adapter\adapterUtil.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\adapter\widget-adapter.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\alert\background\alertButton.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\flare\background\FlareWidget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\flare\icons\Thumbs.db, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\generic\background\GenericWidget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\link\background\linkButton.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\README.txt, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\background\menuButton.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\css\menuframe.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\html\menuframe.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\images\right_arrow.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\images\right_arrow_white.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\js\menuframe.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\js\query-string.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\rss\background\RssWidget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\components\weather\background\weatherButton.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\blacklistService.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\common.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\dynamic.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\enableDetect.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\eventListening.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\global.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\jquery-1.7.1.min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\list-interaction.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\messageEventListener.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\navRedirector.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\paramReplacer.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\PartnerId.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\set.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\underscore-1.3.1.min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\underscore-1.5.2.min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\js\unifiedLogging.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widget-context-1.0.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\common\common.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\common\set.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\test\invalid.json, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\test\jquery.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\test\qunit.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\test\qunit.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\test\resource.json, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\test\resource.xml, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\api\background\ApiBasedWidget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\api\background\widget-api-impl.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\api\window\widgetWindow.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\api\window\widgetWindow.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\background\updateSearch.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\moviereviews\css\movieReviews.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\moviereviews\html\movieReviews.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\moviereviews\js\movieReviews.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\radio\background\RadioWidget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\radio\css\toolbar-item.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\radio\foreground\button.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\search\background\searchBox.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\search\html\searchSuggestions.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\search\html\searchSuggestions.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\search\html\searchSuggestions.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\search\html\searchSuggestionsInit.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\css\supertab.css, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\html\supertab.html, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\js\newtabfork.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\js\reporting.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\js\srchsugg.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\js\supertab.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\js\unifiedLogging.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\components\supertab\js\__utm.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\icons\arrowSprite.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\icons\icon128.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\icons\icon16.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\icons\icon19disabled.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\icons\icon19on.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\icons\icon48.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\222119323.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\222119327.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\222119334.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\222119336.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\222119338.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\222119359.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\down_arrow.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\magnifying_glass.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\RadioPlayerSprite.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\search_button.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\tvf_icon_guide.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\tvf_logo.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\images\wrench.png, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\options.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\chromeUtils.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\exeManager.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\exePackageManager.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\focusManager.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\globalBlacklistManager.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\messaging.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\mutation_summary-min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\mutation_summary.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\newTabInfo.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\newTabInitialize.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\readLocalStorage.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\reservespacefortoolbar.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\reservespaceifenabled.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\scriptInjector.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\searchContext.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\settingsOverrides.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\toolbarCookieParser.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\toolbarPreinit.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\underscore-1.3.1.min.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\URILoaderContentScript.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\Widget.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\widgetFactory.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\js\widgetWindowManager.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\shared\HttpURL.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\shared\rsvp-latest.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\shared\unifiedLogging.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\shared\universalConsole.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\shared\utils.js, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.MindSpark.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blgkblimeaijgefaoiedchmmemmikpdg\10.74.4.14943_0\_metadata\verified_contents.json, Quarantined, [abe0980a37441a1ca0067f30639f14ec], 
PUP.Optional.OfferMosquito.A, C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx, Quarantined, [2764a101176496a04f03664e3dc57987], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 22 July 2014 - 07:32 AM

Hi,

I'm not seeing anything that directly seems to have caused the block. Could you scan the other two PCs as well.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 22 July 2014 - 07:56 AM

Hi,

it looks like we cross posted. Are all pages affected or only a few? Can you please flush your dns and let me know if that helps:
  • Click on the Start orb
  • Enter cmd
  • Right-click cmd.exe and select Launch as administrator.
  • Into the new window type: ipconfig /flushdns
If that helps, please try setting the DNS server to google's DNS server:
https://developers.google.com/speed/public-dns/docs/using

Let me know if that solves the problem.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 coralys

coralys
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 22 July 2014 - 08:21 AM

Hi,

 

We did cross messages, I sent the 3 PCs scan. 

I flushed the DNS and everything looks fine

 

If you say that there is nothing in the scan that could do this, could this be at the internet provider? This is Argentina, everything bad or good is possible.

 

To unswer your question, all pages are not infected, only sites as youtube, wikipedia, facebook, etc

 

google is fine though.

 

Thanks

 

Cora



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,785 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 22 July 2014 - 08:30 AM

Hi,

it is possible that the infection was in your router and when we reset it, we fixed it. However the "bad" addressses for some pages remained in the cache and you were directed to the ransomware because of this. The flushing may have taken care of this.

Now that we have set a DNS server for your PC this should not happen again. It would be interesting to know if your other PCs are still experiencing the problem.

It is possible that your ISP is involved though I would find it surprising. These infections that target the router usually leave little trace behind on the PCs, it's not uncommon to only have an infected router. They know they get spotted much more easily if they leave traces on the PC behind.

This thread mentions that, somehow, most people affected are using ArNet: http://www.taringa.net/comunidades/serviciotecnico/8868633/Ayuda-Tengo-un-grave-malware.html Are you using that as well? Then it would point to ArNet as the main responsible :P

regarsd
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users